fix(deps): vuln minor upgrades — 15 packages (minor: 3 · patch: 12) [ui]

[gh-worker-campaigns-3e9aa4]

Summary: Critical-severity security update — 15 packages upgraded (MINOR changes included)

Manifests changed:

• ui (yarn)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
handlebars	4.7.8	4.7.9	patch	Direct	2 CRITICAL, 8 HIGH, 3 MODERATE, 1 LOW
dompurify	3.2.6	3.2.7	patch	Direct	11 MODERATE
@babel/cli	7.27.2	7.28.6	minor	Direct	-
@babel/core	7.26.10	7.29.0	minor	Direct	-
webpack	5.94.0	5.106.2	minor	Direct	4 LOW
@babel/eslint-parser	7.27.1	7.27.5	patch	Direct	-
@babel/plugin-transform-block-scoping	7.27.1	7.27.5	patch	Direct	-
@types/codemirror	5.60.15	5.60.17	patch	Direct	-
@types/d3-array	3.2.1	3.2.2	patch	Direct	-
asn1js	3.0.6	3.0.10	patch	Direct	-
codemirror	5.65.19	5.65.21	patch	Direct	-
d3-format	3.1.0	3.1.2	patch	Direct	-
eslint-config-prettier	9.1.0	9.1.2	patch	Direct	-
pvutils	1.1.3	1.1.5	patch	Direct	-
shell-quote	1.8.2	1.8.3	patch	Direct	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

🚨 Critical & High Severity (10 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
handlebars	CVE-2026-33937	CRITICAL	Handlebars.js has JavaScript Injection via AST Type Confusion	4.7.8	-
handlebars	GHSA-2w6w-674q-4c4q	CRITICAL	Handlebars.js has JavaScript Injection via AST Type Confusion	4.7.8	4.7.9
handlebars	GHSA-xhpv-hc6g-r9c6	HIGH	Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial	4.7.8	4.7.9
handlebars	CVE-2026-33938	HIGH	Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block	4.7.8	-
handlebars	GHSA-3mfm-83xf-c92r	HIGH	Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block	4.7.8	4.7.9
handlebars	CVE-2026-33941	HIGH	Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options	4.7.8	-
handlebars	GHSA-xjpj-3mr7-gcpf	HIGH	Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options	4.7.8	4.7.9
handlebars	CVE-2026-33939	HIGH	Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation	4.7.8	-
handlebars	GHSA-9cx6-37pm-9jff	HIGH	Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation	4.7.8	4.7.9
handlebars	CVE-2026-33940	HIGH	Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial	4.7.8	-

ℹ️ Other Vulnerabilities (19)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
dompurify	GHSA-cj63-jhhr-wcxv	MODERATE	DOMPurify USE_PROFILES prototype pollution allows event handlers	3.2.6	3.3.2
dompurify	CVE-2025-15599	MODERATE	-	3.2.6	-
dompurify	GHSA-h7mw-gpvr-xq4m	MODERATE	DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)	3.2.6	3.4.0
dompurify	GHSA-crv5-9vww-q3g8	MODERATE	DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode	3.2.6	3.4.0
dompurify	GHSA-h8r8-wccr-v5f2	MODERATE	DOMPurify is vulnerable to mutation-XSS via Re-Contextualization	3.2.6	3.3.2
dompurify	GHSA-v8jm-5vwx-cfxm	MODERATE	DOMPurify contains a Cross-site Scripting vulnerability	3.2.6	3.2.7
dompurify	GHSA-cjmm-f4jc-qw8r	MODERATE	DOMPurify ADD_ATTR predicate skips URI validation	3.2.6	3.3.2
dompurify	CVE-2026-0540	MODERATE	-	3.2.6	-
dompurify	GHSA-v2wj-7wpq-c8vv	MODERATE	DOMPurify contains a Cross-site Scripting vulnerability	3.2.6	3.3.2
dompurify	GHSA-39q2-94rc-95cp	MODERATE	DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation	3.2.6	3.4.0
dompurify	GHSA-v9jr-rg53-9pgp	MODERATE	DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback	3.2.6	3.4.0
handlebars	GHSA-2qvq-rjwj-gvw9	MODERATE	Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection	4.7.8	4.7.9
handlebars	CVE-2026-33916	MODERATE	Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection	4.7.8	-
handlebars	GHSA-7rx3-28cr-v5wh	MODERATE	Handlebars.js has a Prototype Method Access Control Gap via Missing lookupSetter Blocklist Entry	4.7.8	4.7.9
handlebars	GHSA-442j-39wm-28r2	LOW	Handlebars.js has a Property Access Validation Bypass in container.lookup	4.7.8	4.7.9
webpack	GHSA-38r7-794h-5758	LOW	webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence	5.94.0	5.104.0
webpack	CVE-2025-68458	LOW	webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior	5.94.0	-
webpack	GHSA-8fgc-7cc6-rx7x	LOW	webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior	5.94.0	5.104.1
webpack	CVE-2025-68157	LOW	webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects	5.94.0	-

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

[campaigner-prod]

Release Notes

handlebars (4.7.8 → 4.7.9) — GitHub Release

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

dompurify (3.2.6 → 3.2.7) — GitHub Release

• Added new attributes and elements to default allow-list, thanks @elrion018
• Added tagName parameter to custom element attributeNameCheck, thanks @nelstrom
• Added better check for animated href attributes, thanks @llamakko
• Updated and improved the bundled types, thanks @ssi02014
• Updated several tests to better align with new browser encoding behaviors
• Improved the handling of potentially risky content inside CDATA elements, thanks @securityMB & @terjanq
• Improved the regular expression for raw-text elements to cover textareas, thanks @securityMB & @terjanq

@babel/cli (7.27.2 → 7.28.6) — GitHub Release

v7.28.6

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

• babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • https://github.com/babel/babel/issues/17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)
• babel-plugin-transform-regenerator
  • https://github.com/babel/babel/issues/17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)
• babel-plugin-transform-react-jsx
  • https://github.com/babel/babel/issues/17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

• babel-core, babel-standalone
  • https://github.com/babel/babel/issues/17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

• babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, `babel-plugin-syntax

(truncated)

v7.28.5

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • https://github.com/babel/babel/issues/17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)
• babel-helper-validator-identifier
  • https://github.com/babel/babel/issues/17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • https://github.com/babel/babel/issues/17534 Allow mixing private destructuring and rest (@CO0Ki3)
• babel-parser
  • https://github.com/babel/babel/issues/17521 Improve @babel/parser error typing (@JLHwung)
  • https://github.com/babel/babel/issues/17491 fix: improve ts-only declaration parsing (@JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • https://github.com/babel/babel/issues/17519 fix: rest correctly returns plain array (@liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types

(truncated — see source for full notes)

@babel/core (7.26.10 → 7.29.0) — GitHub Release

v7.29.0

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

• babel-types
  • https://github.com/babel/babel/issues/17750 [7.x backport] Add attributes import declaration builder (@JLHwung)
• babel-standalone
  • https://github.com/babel/babel/issues/17663 [7.x backport] feat(standalone): export async transform (@JLHwung)
  • https://github.com/babel/babel/issues/17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

• babel-parser
  • https://github.com/babel/babel/issues/17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)
  • https://github.com/babel/babel/issues/17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)
• babel-traverse
  • https://github.com/babel/babel/issues/17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • https://github.com/babel/babel/issues/17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

• babel-generator, babel-runtime-corejs3
  • https://github.com/babel/babel/issues/17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

• David (@simbahax)
• Huáng Jùnliàng (@JLHwung)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @liuxingbaoyu
• @magic-akari

v7.28.6

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

• babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • https://github.com/babel/babel/issues/17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)
• babel-plugin-transform-regenerator
  • https://github.com/babel/babel/issues/17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)
• babel-plugin-transform-react-jsx
  • https://github.com/babel/babel/issues/17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

• babel-core, babel-standalone
  • https://github.com/babel/babel/issues/17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

(truncated — see source for full notes)

webpack (5.94.0 → 5.106.2) — GitHub Release

v5.106.2

Patch Changes

• CSS @import now inherits the parent module's exportType, so a file configured as "text" correctly creates a style tag when @imported by a "style" parent. (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20838)

• Make asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20801)

• Include missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator exportsOnly, JsonGenerator JSONParse, WebAssemblyGenerator mangleImports). (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20821)

• Fix || default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. modules: false, entries: false, entrypoints: false). (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20823)

• Migrate from mime-types to mime-db. (by @alexander-akait in https://github.com/webpack/webpack/issues/20812)

• Handle @charset at-rules in CSS modules. (by @alexander-akait in https://github.com/webpack/webpack/issues/20831)

• Marked all experimental options in types. (by @alexander-akait in https://github.com/webpack/webpack/issues/20814)

v5.106.1

Patch Changes

• Fix two ES5-environment regressions in the anonymous default export .name fix-up: the generated code referenced an undeclared __WEBPACK_DEFAULT_EXPORT__ binding causing ReferenceError, and used Reflect.defineProperty which is not available in pre-ES2015 runtimes. The fix-up now references the real assignment target and uses Object.defineProperty / Object.getOwnPropertyDescriptor. (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20796)

• Prevent !important from being renamed as a local identifier in CSS modules. (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20798)

• Use compiler context instead of module context for CSS modules local ident hashing to avoid hash collisions when files with the same name exist in different directories. (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20799)

v5.106.0

Minor Changes

• Add exportType: "style" for CSS modules to inject styles into DOM via HTMLStyleElement, similar to style-loader functionality. (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20579)

• Add context option support for VirtualUrlPlugin (by @xiaoxiaojx in https://github.com/webpack/webpack/issues/20449)

  • The context for the virtual module. A string path. Defaults to 'auto', which will try to resolve the context from the module id.
  • Support custom context path for resolving relative imports in virtual modules
  • Add examples demonstrating context usage and filename customization

(truncated — see source for full notes)

@babel/eslint-parser (7.27.1 → 7.27.5) — GitHub Release

v7.27.5

v7.27.5 (2025-06-03)

Thanks @NullVoxPopuli for your first PR!

🐛 Bug Fix

• babel-plugin-transform-regenerator
  • https://github.com/babel/babel/issues/17359 fix: Unexpected infinite loop with regenerator for try (@liuxingbaoyu)
• Other
  • https://github.com/babel/babel/issues/17349 Map ESLint's sourceType: commonjs to script (@JLHwung)

💅 Polish

• babel-parser
  • https://github.com/babel/babel/issues/17333 Improve using declaration errors (@JLHwung)

Committers: 4

• Babel Bot (@babel-bot)
• Huáng Jùnliàng (@JLHwung)
• @NullVoxPopuli
• @liuxingbaoyu

v7.27.4

v7.27.4 (2025-05-30)

👓 Spec Compliance

• babel-parser, babel-plugin-proposal-explicit-resource-management
  • https://github.com/babel/babel/issues/17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

• babel-parser
  • https://github.com/babel/babel/issues/17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • https://github.com/babel/babel/issues/17287 Reduce regenerator size more (@liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • https://github.com/babel/babel/issues/17334 Use shorter method names for regenerator context (@nicolo-ribaudo)
  • https://github.com/babel/babel/issues/17268 Reduce regenerator helper size (@liuxingbaoyu)
• babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, `babel-preset-

(truncated)

v7.27.3

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • https://github.com/babel/babel/issues/17324 Improve multiline comments handling in yield/await expression (@JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • https://github.com/babel/babel/issues/17328 Correctly set .displayName on GeneratorFunction (@nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management

(truncated — see source for full notes)

@babel/plugin-transform-block-scoping (7.27.1 → 7.27.5) — GitHub Release

v7.27.5

v7.27.5 (2025-06-03)

Thanks @NullVoxPopuli for your first PR!

🐛 Bug Fix

• babel-plugin-transform-regenerator
  • https://github.com/babel/babel/issues/17359 fix: Unexpected infinite loop with regenerator for try (@liuxingbaoyu)
• Other
  • https://github.com/babel/babel/issues/17349 Map ESLint's sourceType: commonjs to script (@JLHwung)

💅 Polish

• babel-parser
  • https://github.com/babel/babel/issues/17333 Improve using declaration errors (@JLHwung)

Committers: 4

• Babel Bot (@babel-bot)
• Huáng Jùnliàng (@JLHwung)
• @NullVoxPopuli
• @liuxingbaoyu

v7.27.4

v7.27.4 (2025-05-30)

👓 Spec Compliance

• babel-parser, babel-plugin-proposal-explicit-resource-management
  • https://github.com/babel/babel/issues/17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

• babel-parser
  • https://github.com/babel/babel/issues/17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • https://github.com/babel/babel/issues/17287 Reduce regenerator size more (@liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • https://github.com/babel/babel/issues/17334 Use shorter method names for regenerator context (@nicolo-ribaudo)
  • https://github.com/babel/babel/issues/17268 Reduce regenerator helper size (@liuxingbaoyu)
• babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, `babel-preset-

(truncated)

v7.27.3

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • https://github.com/babel/babel/issues/17324 Improve multiline comments handling in yield/await expression (@JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • https://github.com/babel/babel/issues/17328 Correctly set .displayName on GeneratorFunction (@nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management

(truncated — see source for full notes)

asn1js (3.0.6 → 3.0.10) — GitHub Release

v3.0.10

What's Changed

• Added parser limits to asn1js.fromBER() to prevent unbounded BER parsing.
• Optimized long-form ASN.1 tag parsing to avoid quadratic buffer growth.

Full Changelog: PeculiarVentures/ASN1.js@v3.0.9...v3.0.10

v3.0.7

What's Changed

• chore(deps): bump image-size from 1.1.1 to 1.2.1 in /website by @dependabot[bot] in chore(deps): bump image-size from 1.1.1 to 1.2.1 in /website PeculiarVentures/ASN1.js#118
• chore(deps): bump estree-util-value-to-estree from 3.0.1 to 3.3.3 in /website by @dependabot[bot] in chore(deps): bump estree-util-value-to-estree from 3.0.1 to 3.3.3 in /website PeculiarVentures/ASN1.js#119
• chore(deps): bump http-proxy-middleware from 2.0.7 to 2.0.9 in /website by @dependabot[bot] in chore(deps): bump http-proxy-middleware from 2.0.7 to 2.0.9 in /website PeculiarVentures/ASN1.js#120
• Update website GitHub Actions and package dependencies by @donskov in Update website GitHub Actions and package dependencies PeculiarVentures/ASN1.js#124
• Fixed Example to only use asn1js by @StaticBR in Fixed Example to only use asn1js PeculiarVentures/ASN1.js#82
• Migrate from Yarn to npm for dependency management by @donskov in Migrate from Yarn to npm for dependency management PeculiarVentures/ASN1.js#125
• Website: Fix npm audit issues by @donskov in Website: Fix npm audit issues  PeculiarVentures/ASN1.js#126
• fix: empty bitstring ber encoding output should be 0x030100 by @justin-tay in fix: empty bitstring ber encoding output should be 0x030100 PeculiarVentures/ASN1.js#123

New Contributors

• @StaticBR made their first contribution in Fixed Example to only use asn1js PeculiarVentures/ASN1.js#82
• @justin-tay made their first contribution in fix: empty bitstring ber encoding output should be 0x030100 PeculiarVentures/ASN1.js#123

Full Changelog: PeculiarVentures/ASN1.js@v3.0.6...v3.0.7

codemirror (5.65.19 → 5.65.21) — Changelog

Bug fixes

Better handle configuration objects with a null prototype.

kotlin mode: Fix tokenizing of unsigned long literals.

d3-format (3.1.0 → 3.1.2) — GitHub Release

v3.1.2

• Avoid use of optional chaining to retain ES2019 compatibility. Build Error in Vue 2.7.15 After Latest locale.js Update d3/d3-format#149

v3.1.1

• Fix handling of parens with formatPrefix. Unit is generated outside parenthesis for negative numbers d3/d3-format#134 Fix for issue 134 d3/d3-format#135 formatPrefix vs format handling of parentheses d3/d3-format#142 Thanks, @GlenKelley!
• Fix precisionFixed, precisionRound, and precisionPrefix to return NaN when step is zero. fix zero precision d3/d3-format#147
• Fix the s format to not sometimes apply an erroneous suffix to NaN or ±Infinity. fix zero precision d3/d3-format#147
• The r format now formats zero as 0 instead of 0.0. fix zero precision d3/d3-format#147
• Upgrade ESLint, Vitest, etc.

eslint-config-prettier (9.1.0 → 9.1.2) — Changelog

https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md

pvutils (1.1.3 → 1.1.5) — Changelog

https://github.com/PeculiarVentures/pvutils/blob/master/CHANGELOG.md

shell-quote (1.8.2 → 1.8.3) — Changelog

Fixed

• [Fix] remove unnecessary backslash escaping in single quotes https://github.com/ljharb/shell-quote/issues/15

---

Generated by ADMS Sources: 9 GitHub Releases, 4 Changelogs, 2 not available.

[seberm-6]

Hey, sorry for the noise. This was caused by a bug in our automated dependency update system that incorrectly included upstream changelog content in PR comments, triggering notifications to external contributors. The feature flag has been turned off and we're working on a fix. Sorry about that again.