chore(deps): bump the npm_and_yarn group across 10 directories with 7 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /supabase directory: diff.
Bumps the npm_and_yarn group with 2 updates in the /mcp-servers/unified-analytics directory: diff and @modelcontextprotocol/sdk.
Bumps the npm_and_yarn group with 1 update in the /mcp-servers/puppeteer-server directory: @modelcontextprotocol/sdk.
Bumps the npm_and_yarn group with 1 update in the /mcp-servers/perplexity-mcp directory: @modelcontextprotocol/sdk.
Bumps the npm_and_yarn group with 3 updates in the /mcp-servers/metacognition-tools directory: diff, @modelcontextprotocol/sdk and hono.
Bumps the npm_and_yarn group with 1 update in the /mcp-servers/github directory: @modelcontextprotocol/sdk.
Bumps the npm_and_yarn group with 1 update in the /mcp-servers/genkit-wrapper directory: @modelcontextprotocol/sdk.
Bumps the npm_and_yarn group with 3 updates in the /knowledge/prototypes/mcp-servers/fetch-mcp directory: form-data, @modelcontextprotocol/sdk and js-yaml.
Bumps the npm_and_yarn group with 1 update in the /desktop-overlay directory: lodash.
Bumps the npm_and_yarn group with 1 update in the /apps/firebase directory: qs.

Updates diff from 4.0.2 to 4.0.4

Commits

• f06f3e4 v4.0.4
• 0179a48 v4.0.3
• 4568cae Backport kpdecker/jsdiff#649
• 4de0ffa Backport kpdecker/jsdiff#647
• See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates diff from 4.0.2 to 4.0.4

Commits

• f06f3e4 v4.0.4
• 0179a48 v4.0.3
• 4568cae Backport kpdecker/jsdiff#649
• 4de0ffa Backport kpdecker/jsdiff#647
• See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates @modelcontextprotocol/sdk from 1.25.1 to 1.25.3

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

• [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in modelcontextprotocol/typescript-sdk#1407
• fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

• ci: trigger workflow on v1.x branch by @​felixweinberger in modelcontextprotocol/typescript-sdk#1319
• fix: README badges links destinations by @​antonpk1 in modelcontextprotocol/typescript-sdk#907
• fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @​pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

• @​antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

Commits

• ced7535 1.25.3
• 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
• 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
• b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
• a0c9b13 fix: README badges links destinations (#907)
• 6dd08ac ci: trigger workflow on v1.x branch (#1319)
• See full diff in compare view

Updates hono from 4.11.3 to 4.11.5

Release notes

Sourced from hono's releases.

v4.11.5

What's Changed

• fix(client): exclude $all from ClientRequest type by @​paveg in honojs/hono#4611
• refactor(jwks): mark allowedAlgorithms, so the user can pass a `const… by @​nikeee in honojs/hono#4641
• feat(jwt): export AlgorithmTypes by @​yusukebe in honojs/hono#4642

New Contributors

• @​paveg made their first contribution in honojs/hono#4611
• @​nikeee made their first contribution in honojs/hono#4641

Full Changelog: honojs/hono@v4.11.4...v4.11.5

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'], // required (asymmetric algorithms only)
})
)

For more details, see the Security Advisory.

... (truncated)

Commits

• bcc81b1 4.11.5
• 61498bb feat(jwt): export AlgorithmTypes (#4642)
• d130f76 refactor(jwks): mark allowedAlgorithms, so the user can pass a const array ...
• 5d4e6aa fix(client): exclude $all from ClientRequest type (#4611)
• 28452f0 4.11.4
• 190f6e2 Merge commit from fork
• a48ef18 test: support alg option for JWT middleware (#4624)
• cc0aa7a Merge commit from fork
• ef2a4b8 docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated...
• 8139399 chore: bump @hono/eslint-config and enable curly rule (#4620)
• Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.25.1 to 1.25.3

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

• [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in modelcontextprotocol/typescript-sdk#1407
• fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

• ci: trigger workflow on v1.x branch by @​felixweinberger in modelcontextprotocol/typescript-sdk#1319
• fix: README badges links destinations by @​antonpk1 in modelcontextprotocol/typescript-sdk#907
• fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @​pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

• @​antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

Commits

• ced7535 1.25.3
• 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
• 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
• b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
• a0c9b13 fix: README badges links destinations (#907)
• 6dd08ac ci: trigger workflow on v1.x branch (#1319)
• See full diff in compare view

Updates hono from 4.11.3 to 4.11.5

Release notes

Sourced from hono's releases.

v4.11.5

What's Changed

• fix(client): exclude $all from ClientRequest type by @​paveg in honojs/hono#4611
• refactor(jwks): mark allowedAlgorithms, so the user can pass a `const… by @​nikeee in honojs/hono#4641
• feat(jwt): export AlgorithmTypes by @​yusukebe in honojs/hono#4642

New Contributors

• @​paveg made their first contribution in honojs/hono#4611
• @​nikeee made their first contribution in honojs/hono#4641

Full Changelog: honojs/hono@v4.11.4...v4.11.5

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'], // required (asymmetric algorithms only)
})
)

For more details, see the Security Advisory.

... (truncated)

Commits

• bcc81b1 4.11.5
• 61498bb feat(jwt): export AlgorithmTypes (#4642)
• d130f76 refactor(jwks): mark allowedAlgorithms, so the user can pass a const array ...
• 5d4e6aa fix(client): exclude $all from ClientRequest type (#4611)
• 28452f0 4.11.4
• 190f6e2 Merge commit from fork
• a48ef18 test: support alg option for JWT middleware (#4624)
• cc0aa7a Merge commit from fork
• ef2a4b8 docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated...
• 8139399 chore: bump @hono/eslint-config and enable curly rule (#4620)
• Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.24.0 to 1.25.2

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

• [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in modelcontextprotocol/typescript-sdk#1407
• fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

• ci: trigger workflow on v1.x branch by @​felixweinberger in modelcontextprotocol/typescript-sdk#1319
• fix: README badges links destinations by @​antonpk1 in modelcontextprotocol/typescript-sdk#907
• fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @​pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

• @​antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

Commits

• ced7535 1.25.3
• 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
• 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
• b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
• a0c9b13 fix: README badges links destinations (#907)
• 6dd08ac ci: trigger workflow on v1.x branch (#1319)
• See full diff in compare view

Updates diff from 4.0.2 to 4.0.4

Commits

• f06f3e4 v4.0.4
• 0179a48 v4.0.3
• 4568cae Backport kpdecker/jsdiff#649
• 4de0ffa Backport kpdecker/jsdiff#647
• See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates @modelcontextprotocol/sdk from 1.25.1 to 1.25.2

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

• [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in modelcontextprotocol/typescript-sdk#1407
• fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

• ci: trigger workflow on v1.x branch by @​felixweinberger in modelcontextprotocol/typescript-sdk#1319
• fix: README badges links destinations by @​antonpk1 in modelcontextprotocol/typescript-sdk#907
• fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @​pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

• @​antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

Commits

• ced7535 1.25.3
• 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
• 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
• b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
• a0c9b13 fix: README badges links destinations (#907)
• 6dd08ac ci: trigger workflow on v1.x branch (#1319)
• See full diff in compare view

Updates hono from 4.11.3 to 4.11.5

Release notes

Sourced from hono's releases.

v4.11.5

What's Changed

• fix(client): exclude $all from ClientRequest type by @​paveg in honojs/hono#4611
• refactor(jwks): mark allowedAlgorithms, so the user can pass a `const… by @​nikeee in honojs/hono#4641
• feat(jwt): export AlgorithmTypes by @​yusukebe in honojs/hono#4642

New Contributors

• @​paveg made their first contribution in honojs/hono#4611
• @​nikeee made their first contribution in honojs/hono#4641

Full Changelog: honojs/hono@v4.11.4...v4.11.5

v4.11.4

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'
app.use(
'/auth/*',
jwt({
secret: 'it-is-very-secret',
alg: 'HS256', // required
})
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'
app.use(
'/auth/*',
jwk({
jwks_uri: 'https://example.com/.well-known/jwks.json',
alg: ['RS256'], // required (asymmetric algorithms only)
})
)

For more details, see the Security Advisory.

... (truncated)

Commits

• bcc81b1 4.11.5
• 61498bb feat(jwt): export AlgorithmTypes (#4642)
• d130f76 refactor(jwks): mark allowedAlgorithms, so the user can pass a const array ...
• 5d4e6aa fix(client): exclude $all from ClientRequest type (#4611)
• 28452f0 4.11.4
• 190f6e2 Merge commit from fork
• a48ef18 test: support alg option for JWT middleware (#4624)
• cc0aa7a Merge commit from fork
• ef2a4b8 docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated...
• 8139399 chore: bump @hono/eslint-config and enable curly rule (#4620)
• Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.24.1 to 1.25.2

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

• [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in modelcontextprotocol/typescript-sdk#1407
• fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

• ci: trigger workflow on v1.x branch by @​felixweinberger in modelcontextprotocol/typescript-sdk#1319
• fix: README badges links destinations by @​antonpk1 in modelcontextprotocol/typescript-sdk#907
• fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @​pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

• @​antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

Commits

• ced7535 1.25.3
• 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
• 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
• b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
• a0c9b13 fix: README badges links destinations (#907)
• 6dd08ac ci: trigger workflow on v1.x branch (#1319)
• See full diff in compare view

Updates @modelcontextprotocol/sdk from 1.24.0 to 1.25.2

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

• [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in modelcontextprotocol/typescript-sdk#1407
• fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

• ci: trigger workflow on v1.x branch by @​felixweinberger in modelcontextprotocol/typescript-sdk#1319
• fix: README badges links destinations by @​antonpk1 in modelcontextprotocol/typescript-sdk#907
• fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @​pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

• @​antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

Commits

• ced7535 1.25.3
• 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
• 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
• b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
• a0c9b13 fix: README badges links destinations (#907)
• 6dd08ac ci: trigger workflow on v1.x branch (#1319)
• See full diff in compare view

Updates form-data from 4.0.2 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

• [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
• [Dev Deps] update @ljharb/eslint-config, eslint 5822467
• [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

Commits

• 68ff7dd v4.0.5
• 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
• 76d0dee [Fix] set Symbol.toStringTag in the proper place
• 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
• 41996f5 v4.0.4
• 316c82b [meta] actually ensure the readme backup isn’t published
• 2300ca1 [meta] fix readme capitalization
• 811f682 [meta] add auto-changelog
• 5e34080 [Tests] fix linting errors
• 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
• Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.6.1 to 1.25.2

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

• [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in modelcontextprotocol/typescript-sdk#1407
• fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

• ci: trigger workflow on v1.x branch by @​felixweinberger in modelcontextprotocol/typescript-sdk#1319
• fix: README badges links destinations by @​antonpk1 in modelcontextprotocol/typescript-sdk#907
• fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @​pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

• @​antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

Commits

• ced7535 1.25.3
• 6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
• 12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
• b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
• a0c9b13 fix: README badges links destinations (#907)
• 6dd08ac ci: trigger workflow on v1.x branch (#1319)
• See full diff in compare view

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
event-relay-web	Error		Jan 24, 2026 2:35pm
v0-uvai	Error		Jan 24, 2026 2:35pm

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.