OpenFrontIO

mirror of https://github.com/openfrontio/OpenFrontIO.git synced 2026-06-21 10:00:44 +00:00

Author	SHA1	Message	Date
Evan	2e6f70c098	Speed up the core sim: inline sfc32 PRNG and allocation-free player updates (#4233 ) ## Summary Follow-up to #4230. Two more core-sim optimizations — these are behavior-affecting in controlled ways (unlike #4230, which was hash-identical), so both come with dedicated test coverage written before the change. Combined results (`npm run perf:game`, same machine, before → after): \| run \| mean tick \| ticks/sec \| p99 \| peak heap \| \|---\|---\|---\|---\|---\| \| default (world, 400 bots, 1800 ticks) \| 7.98 → 6.96 ms \| 125 → 144 \| 21.2 → 19.0 ms \| 438 → 294 MB \| \| giantworldmap, 600 ticks \| 17.4 → 15.2 ms \| 58 → 66 \| 32.6 → 30.5 ms \| \| Cumulative with #4230 vs. the original baseline: default run mean 9.04 → 6.96 ms (111 → 144 ticks/sec); giantworldmap 22.5 → 15.2 ms (44 → 66 ticks/sec, max tick 52.8 → 40.1 ms). ### 1. `PseudoRandom`: seedrandom ARC4 → inline sfc32 - ARC4 was ~4% of profiled self time. The new engine is sfc32 with splitmix32 seed expansion and a warmup, using only 32-bit integer ops — sequences are identical across platforms. The class API is unchanged. - This removes the `seedrandom` dependency entirely, making `src/core` actually dependency-free (the import was the only violation of that rule). - ⚠️ The random stream differs, so the deterministic game-state hash changes. All clients run the same code, so cross-client sync is unaffected; the harness reproduces the same hash on repeated runs per seed. New reference hashes: - `--map world --ticks 200 --bots 100` → `5607618202213430` - default run → `29309648281599524` - `--map giantworldmap --ticks 600` → `39945089450032050` - New `tests/PseudoRandom.test.ts` (15 tests) pins the engine-agnostic contract: per-seed determinism, ranges, uniformity, adjacent-seed decorrelation, and every API method. The tests were verified green against the old engine first, then the swap. - The stream change exposed a test that passed by RNG luck: in `AiAttackBehavior.test.ts`, "nation cannot attack allied player" was actually being blocked by the difficulty dice gate in `shouldAttack`, not the alliance check — hiding that the test's `AiAttackBehavior` was constructed without its `NationEmojiBehavior`. The test now supplies one and verifies the real protection layer (`AttackExecution`'s alliance check), robust to any dice outcome. ### 2. `PlayerImpl.toFullUpdate`: allocation-free empty collections - `toFullUpdate` runs for every player every tick and allocated ~10 collections each (allies, embargoes Set, attacks, alliance views, …) even when all were empty — the common case for most of 472 players. Because `lastSentUpdate` retains each snapshot for a full tick, these objects survived minor GC, got promoted, and accumulated as old-space garbage between major GCs — that's the peak-heap drop. - Empty collections now reuse shared frozen module-level singletons, so `diffPlayerUpdate`'s existing `a === b` fast paths skip structural comparison entirely. Non-empty collections build in single passes. Freezing makes accidental in-worker mutation throw loudly instead of silently corrupting every player; consumers across the worker boundary get mutable structured clones as before. (`Set` cannot be frozen — `EMPTY_EMBARGOES` is documented as never-mutate.) - Value-identical: the game-state hash is unchanged by this part (verified against the post-PRNG baseline). - New `tests/PlayerUpdateDiff.test.ts` (8 tests): full-snapshot shape, null-when-unchanged, embargo/alliance/target/attack diffs through the real tick pipeline, and the freeze contract. ### Verification - Full suite passes: 124 files / 1408 tests (23 new) + server tests; lint and prettier clean. - Hash reproducibility confirmed: repeated runs with identical args produce identical hashes on all three configs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 08:15:01 -07:00
Evan	94f2293149	Reduce main bundle size by ~44% gzipped (732 KB → 412 KB) (#4229 ) ## Summary Cuts the main JS chunk from 2,891 KB (732 KB gzip) to 1,679 KB (412 KB gzip) by fixing two bundling issues and removing/replacing heavy dependencies. Measured with a per-module `renderedLength` analysis of the rolldown output (its prod sourcemaps are malformed, so sourcemap-based tools misattribute sizes). \| Chunk \| Before \| After \| \|---\|---\|---\| \| `index-.js` (min) \| 2,891 KB \| 1,679 KB \| \| `index-.js` (gzip) \| 732 KB \| 412 KB \| ## Changes - Sim worker moved out of the main bundle (~512 KB). The `?worker&inline` payload is now reached through a dynamic `import()`, so it lands in its own lazy chunk fetched when a game starts. The worker itself still uses Vite's inline Blob mechanism (with its `data:` URL fallback) — runtime instantiation is byte-for-byte unchanged. - Replaced `lit-markdown` with `marked` + the already-bundled DOMPurify (~380 KB). lit-markdown transitively pulled sanitize-html, htmlparser2, postcss, and two copies of entities into the client just to render news markdown. New `src/client/Markdown.ts` matches its image-stripping default. - Dropped `colorjs.io` (~114 KB). It was only used for ΔE2000 distance in `ColorAllocator`; colord's lab plugin (already imported there) provides the same CIEDE2000 via `.delta()`. Only relative magnitudes are compared, so allocation behavior is unchanged. - `msdf-atlas.json` (~319 KB) fetched at runtime like the atlas PNG, preloaded in parallel with worker init in `ClientGameRunner` so game-load latency is unaffected. - Tailwind CSS no longer shipped twice (~158 KB). `o-modal` imported `styles.css?inline`, duplicating the emitted stylesheet as a JS string. It now adopts a constructed stylesheet built from the document's own CSS (HTTP-cache hit in prod, `<style>` tags + HMR re-sync in dev) via `SharedStyles.ts`. - Debug GUI lazy-loaded. lil-gui + `gl/debug/` now load on first toggle (46 KB lazy chunk) instead of shipping in the main bundle. Also looked at the `import as d3` in RadialMenu (~84 KB) but left it: rolldown tree-shakes the metapackage well and all but ~2 KB is the genuine dependency closure of the selection/transition/shape/color APIs in use. ## Test plan - [x] `tsc --noEmit` clean - [x] ESLint clean - [x] Full test suite passes (1,374 + 65 tests) - [x] `npm run build-prod` succeeds; worker/debug chunks present in `asset-manifest.json` for the R2 upload - [ ] Manual smoke test in dev: start a game (worker dev path), open a modal (shared stylesheet), open news modal (markdown rendering) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Fable 5 <noreply@anthropic.com>	2026-06-11 20:07:16 -07:00
dependabot[bot]	3a3b43b642	Bump qs from 6.15.0 to 6.15.2 in the npm_and_yarn group across 1 directory (#3995 ) Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs). Updates `qs` from 6.15.0 to 6.15.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.15.2</strong></h2> <ul> <li>[Fix] <code>stringify</code>: skip null/undefined entries in <code>arrayFormat: 'comma'</code> + <code>encodeValuesOnly</code> instead of crashing in <code>encoder</code></li> <li>[Fix] <code>stringify</code>: use configured <code>delimiter</code> after <code>charsetSentinel</code> (<a href="https://redirect.github.com/ljharb/qs/issues/555">#555</a>)</li> <li>[Fix] <code>stringify</code>: apply <code>formatter</code> to encoded key under <code>strictNullHandling</code> (<a href="https://redirect.github.com/ljharb/qs/issues/554">#554</a>)</li> <li>[Fix] <code>stringify</code>: skip null/undefined filter-array entries instead of crashing in <code>encoder</code> (<a href="https://redirect.github.com/ljharb/qs/issues/551">#551</a>)</li> <li>[Fix] <code>parse</code>: handle nested bracket groups and add regression tests (<a href="https://redirect.github.com/ljharb/qs/issues/530">#530</a>)</li> <li>[readme] fix grammar (<a href="https://redirect.github.com/ljharb/qs/issues/550">#550</a>)</li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code></li> <li>[Tests] add regression tests for keys containing percent-encoded bracket text</li> </ul> <h2><strong>6.15.1</strong></h2> <ul> <li>[Fix] <code>parse</code>: <code>parameterLimit: Infinity</code> with <code>throwOnLimitExceeded: true</code> silently drops all parameters</li> <li>[Deps] update <code>@ljharb/eslint-config</code></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code>, <code>iconv-lite</code></li> <li>[Tests] increase coverage</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8"><code>9aca407</code></a> v6.15.2</li> <li><a href="https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992"><code>5e33d33</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41"><code>21f80b3</code></a> [Fix] <code>stringify</code>: skip null/undefined entries in <code>arrayFormat: 'comma'</code> + `e...</li> <li><a href="https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c"><code>a0a81ea</code></a> [Fix] <code>stringify</code>: use configured <code>delimiter</code> after <code>charsetSentinel</code></li> <li><a href="https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8"><code>e3062f7</code></a> [Fix] <code>stringify</code>: apply <code>formatter</code> to encoded key under <code>strictNullHandling</code></li> <li><a href="https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0"><code>0c180a4</code></a> [Fix] <code>stringify</code>: skip null/undefined filter-array entries instead of crashi...</li> <li><a href="https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656"><code>3a8b94a</code></a> [Tests] add regression tests for keys containing percent-encoded bracket text</li> <li><a href="https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d"><code>96755ab</code></a> [readme] fix grammar</li> <li><a href="https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6"><code>a419ce5</code></a> [Fix] <code>parse</code>: handle nested bracket groups and add regression tests</li> <li><a href="https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170"><code>3f5e1c5</code></a> v6.15.1</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.15.0...v6.15.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=qs&package-manager=npm_and_yarn&previous-version=6.15.0&new-version=6.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-24 17:03:57 +01:00
dependabot[bot]	db0ec97dc4	Bump ws from 8.20.0 to 8.20.1 in the npm_and_yarn group across 1 directory (#3969 ) Bumps the npm_and_yarn group with 1 update in the / directory: [ws](https://github.com/websockets/ws). Updates `ws` from 8.20.0 to 8.20.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>8.20.1</h2> <h1>Bug fixes</h1> <ul> <li>Fixed an uninitialized memory disclosure issue in <code>websocket.close()</code> (c0327ec1).</li> </ul> <p>Providing a <code>TypedArray</code> (e.g. <code>Float32Array</code>) as the <code>reason</code> argument for <code>websocket.close()</code>, rather than the supported string or <code>Buffer</code> types, caused uninitialized memory to be disclosed to the remote peer.</p> <pre lang="js"><code>import { deepStrictEqual } from 'node:assert'; import { WebSocket, WebSocketServer } from 'ws'; <p>const wss = new WebSocketServer( { port: 0, skipUTF8Validation: true }, function () { const { port } = wss.address(); const ws = new WebSocket(<code>ws://localhost:${port}</code>, { skipUTF8Validation: true });</p> <pre><code>ws.on('close', function (code, reason) { deepStrictEqual(reason, Buffer.alloc(80)); }); </code></pre> <p>} );</p> <p>wss.on('connection', function (ws) { ws.close(1000, new Float32Array(20)); }); </code></pre></p> <p>The issue was privately reported by <a href="https://github.com/ChALkeR">Nikita Skovoroda</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f"><code>5d9b316</code></a> [dist] 8.20.1</li> <li><a href="https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"><code>c0327ec</code></a> [security] Fix uninitialized memory disclosure in <code>websocket.close()</code></li> <li><a href="https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867"><code>ce2a3d6</code></a> [ci] Test on node 26</li> <li><a href="https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0"><code>58e45b8</code></a> [ci] Do not test on node 25</li> <li><a href="https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f"><code>5f26c24</code></a> [ci] Run the lint step on node 24</li> <li>See full diff in <a href="https://github.com/websockets/ws/compare/8.20.0...8.20.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=8.20.0&new-version=8.20.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-23 17:39:51 +01:00
dependabot[bot]	0ace428a41	Bump the npm_and_yarn group across 1 directory with 3 updates (#3964 ) Bumps the npm_and_yarn group with 3 updates in the / directory: [protobufjs](https://github.com/protobufjs/protobuf.js), [@opentelemetry/exporter-logs-otlp-http](https://github.com/open-telemetry/opentelemetry-js) and [@opentelemetry/exporter-metrics-otlp-http](https://github.com/open-telemetry/opentelemetry-js). Removes `protobufjs` Updates `@opentelemetry/exporter-logs-otlp-http` from 0.216.0 to 0.218.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-js/releases">@opentelemetry/exporter-logs-otlp-http's releases</a>.</em></p> <blockquote> <h2>experimental/v0.218.0</h2> <h2>0.218.0</h2> <h3>🚀 Features</h3> <ul> <li>feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629">#6625</a> <a href="https://github.com/pichlermarc"><code>@pichlermarc</code></a></li> <li>feat(configuration): show all config validation errors, if there are multiple <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683">#6683</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>feat(sdk-node): allow startNodeSDK() without an arg <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688">#6688</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> </ul> <h3>🏠 Internal</h3> <ul> <li>refactor(sdk-logs): alias <code>LoggerProviderConfig</code> to <code>LoggerProviderOptions</code> <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691">#6691</a> <a href="https://github.com/david-luna"><code>@david-luna</code></a></li> <li>refactor(sdk-logs): use <code>Logger.enabled()</code> within <code>Logger.emit()</code> implementation <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680">#6680</a> <a href="https://github.com/david-luna"><code>@david-luna</code></a></li> </ul> <h2>experimental/v0.217.0</h2> <h2>0.217.0</h2> <h3>🚀 Features</h3> <ul> <li>feat(otlp-transformer): replace protobufjs trace serialization with custom implementation <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625">#6625</a> <a href="https://github.com/pichlermarc"><code>@pichlermarc</code></a></li> <li>feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using <code>json-schema-to-typescript</code> and <code>ajv</code> <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533">#6533</a> <a href="https://github.com/MikeGoldsmith"><code>@MikeGoldsmith</code></a></li> <li>feat(configuration, sdk-node): <code>startNodeSDK()</code> code path now uses <code>log_level</code> configuration to setup a DiagConsoleLogger <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668">#6668</a> <a href="https://github.com/trentm"><code>@trentm</code></a> <ul> <li>Note that allowed values for <code>log_level</code> in a configuration YAML file are <em>not</em> the same set as for <code>OTEL_LOG_LEVEL</code>. Use <code>log_level: trace</code> to see <em>all</em> logs (equivalent of <code>OTEL_LOG_LEVEL=ALL</code>). Use <code>log_level: fatal</code> to effectively disable the SDK's internal diagnostic logger (equivalent of <code>OTEL_LOG_LEVEL=NONE</code>).</li> <li>If <code>log_level</code> is not specified, a diagnostic console logger at "info" level will be setup.</li> <li>An invalid YAML config file will now result in a noop OTel SDK.</li> </ul> </li> </ul> <h3>🐛 Bug Fixes</h3> <ul> <li>fix(configuration): do not validate <code>OTEL_CONFIG_FILE</code> value before using it for file config <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643">#6643</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650">#6650</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657">#6657</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(configuration): improve handling of enums in generated types <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659">#6659</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(configuration): improve the technique for removing '\| null' on types the JSON Schema <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662">#6662</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(sampler-jaeger-remote): add missing axios dep <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656">#6656</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674">#6674</a> <a href="https://github.com/homanp"><code>@homanp</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079"><code>06ad0ea</code></a> chore: prepare next release (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703">#6703</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037"><code>38ca257</code></a> feat(otlp-transformer): replace protobufjs metrics serialization with custom ...</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd"><code>013c600</code></a> chore: prepare next release (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699">#6699</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5"><code>b7a0c63</code></a> feat(semantic-conventions): update semantic conventions to v1.41.1 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695">#6695</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0"><code>774143b</code></a> chore(renovate): add minimumReleaseAge to config (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697">#6697</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1"><code>e0dafe0</code></a> fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360"><code>f804c93</code></a> chore(deps): update github/codeql-action digest to 68bde55 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682">#6682</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb"><code>95e48e7</code></a> refactor(sdk-logs): alias <code>LoggerProviderConfig</code> to <code>LoggerProviderOptions</code> (...</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f"><code>907b627</code></a> feat(sdk-node): allow startNodeSDK() without an arg (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688">#6688</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4"><code>0d15261</code></a> docs: Add SIG meeting info and welcoming language (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689">#6689</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.216.0...experimental/v0.218.0">compare view</a></li> </ul> </details> <br /> Updates `@opentelemetry/exporter-metrics-otlp-http` from 0.216.0 to 0.218.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-js/releases">@opentelemetry/exporter-metrics-otlp-http's releases</a>.</em></p> <blockquote> <h2>experimental/v0.218.0</h2> <h2>0.218.0</h2> <h3>🚀 Features</h3> <ul> <li>feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629">#6625</a> <a href="https://github.com/pichlermarc"><code>@pichlermarc</code></a></li> <li>feat(configuration): show all config validation errors, if there are multiple <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683">#6683</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>feat(sdk-node): allow startNodeSDK() without an arg <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688">#6688</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> </ul> <h3>🏠 Internal</h3> <ul> <li>refactor(sdk-logs): alias <code>LoggerProviderConfig</code> to <code>LoggerProviderOptions</code> <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691">#6691</a> <a href="https://github.com/david-luna"><code>@david-luna</code></a></li> <li>refactor(sdk-logs): use <code>Logger.enabled()</code> within <code>Logger.emit()</code> implementation <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680">#6680</a> <a href="https://github.com/david-luna"><code>@david-luna</code></a></li> </ul> <h2>experimental/v0.217.0</h2> <h2>0.217.0</h2> <h3>🚀 Features</h3> <ul> <li>feat(otlp-transformer): replace protobufjs trace serialization with custom implementation <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625">#6625</a> <a href="https://github.com/pichlermarc"><code>@pichlermarc</code></a></li> <li>feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using <code>json-schema-to-typescript</code> and <code>ajv</code> <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533">#6533</a> <a href="https://github.com/MikeGoldsmith"><code>@MikeGoldsmith</code></a></li> <li>feat(configuration, sdk-node): <code>startNodeSDK()</code> code path now uses <code>log_level</code> configuration to setup a DiagConsoleLogger <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668">#6668</a> <a href="https://github.com/trentm"><code>@trentm</code></a> <ul> <li>Note that allowed values for <code>log_level</code> in a configuration YAML file are <em>not</em> the same set as for <code>OTEL_LOG_LEVEL</code>. Use <code>log_level: trace</code> to see <em>all</em> logs (equivalent of <code>OTEL_LOG_LEVEL=ALL</code>). Use <code>log_level: fatal</code> to effectively disable the SDK's internal diagnostic logger (equivalent of <code>OTEL_LOG_LEVEL=NONE</code>).</li> <li>If <code>log_level</code> is not specified, a diagnostic console logger at "info" level will be setup.</li> <li>An invalid YAML config file will now result in a noop OTel SDK.</li> </ul> </li> </ul> <h3>🐛 Bug Fixes</h3> <ul> <li>fix(configuration): do not validate <code>OTEL_CONFIG_FILE</code> value before using it for file config <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643">#6643</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650">#6650</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657">#6657</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(configuration): improve handling of enums in generated types <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659">#6659</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(configuration): improve the technique for removing '\| null' on types the JSON Schema <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662">#6662</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(sampler-jaeger-remote): add missing axios dep <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656">#6656</a> <a href="https://github.com/trentm"><code>@trentm</code></a></li> <li>fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler <a href="https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674">#6674</a> <a href="https://github.com/homanp"><code>@homanp</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079"><code>06ad0ea</code></a> chore: prepare next release (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703">#6703</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037"><code>38ca257</code></a> feat(otlp-transformer): replace protobufjs metrics serialization with custom ...</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd"><code>013c600</code></a> chore: prepare next release (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699">#6699</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5"><code>b7a0c63</code></a> feat(semantic-conventions): update semantic conventions to v1.41.1 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695">#6695</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0"><code>774143b</code></a> chore(renovate): add minimumReleaseAge to config (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697">#6697</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1"><code>e0dafe0</code></a> fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360"><code>f804c93</code></a> chore(deps): update github/codeql-action digest to 68bde55 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682">#6682</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb"><code>95e48e7</code></a> refactor(sdk-logs): alias <code>LoggerProviderConfig</code> to <code>LoggerProviderOptions</code> (...</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f"><code>907b627</code></a> feat(sdk-node): allow startNodeSDK() without an arg (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688">#6688</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4"><code>0d15261</code></a> docs: Add SIG meeting info and welcoming language (<a href="https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689">#6689</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.216.0...experimental/v0.218.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-18 19:43:28 -07:00
evanpelle	53cf2d43f8	migrate away from canvas	2026-05-16 08:55:02 -07:00
Mehmet KOZAN	b8137927a6	Security: Fix Critical XSS in NewsModal (CVE GHSA-rpr9-rxv7-x643) (#3932 ) Subject: Security Vulnerability Report: Critical XSS in OpenFront.io via sanitize-html (CVE GHSA-rpr9-rxv7-x643) Hello OpenFront Development Team, While reviewing the OpenFront.io project, I discovered a critical Cross-Site Scripting (XSS) vulnerability on the client side. I am responsibly disclosing this issue to you along with technical details and a remediation plan so it can be addressed. Vulnerability Summary - Vulnerability Type: Cross-Site Scripting (XSS) / Mutation XSS - Affected Components: src/client/NewsModal.ts, src/client/components/NewsBox.ts - Affected Dependency: sanitize-html v2.17.0 (imported via lit-markdown) - CVE Reference: GHSA-rpr9-rxv7-x643 (CVSS Score: 9.3) Technical Details The "News" (Changelog) modal in the game uses the lit-markdown package to parse markdown content. This package depends on sanitize-html v2.17.0. This specific version of sanitize-html has a known parsing flaw when handling the `<xmp>` tag. When malicious HTML is wrapped inside an `<xmp>` tag, the sanitization filter misinterprets it and fails to properly strip the inner HTML. As a result, when the sanitized content is injected into the DOM, the browser executes the inner HTML. Proof of Concept (PoC) If the changelog.md file (or the network response) is manipulated to include the following payload, the malicious code bypasses sanitization and executes in the context of the application: `<xmp><img src=x onerror="alert('System compromised')"></xmp>` In local testing, injecting this payload directly into the markdown property of the news-modal component resulted in the `<img>` tag bypassing the filter and rendering successfully in the DOM. Impact This vulnerability introduces a high-risk Stored XSS vector. If an attacker compromises the server or the CDN hosting the changelog.md file, or performs a Man-in-the-Middle (MitM) attack: - Arbitrary JavaScript can be executed in the browsers of all players who open the News modal. - Session tokens and authentication data can be stolen. - Attackers can perform unauthorized actions on behalf of the players (e.g., disbanding clans or altering settings). Remediation The fix is straightforward and requires updating the sanitize-html library to version 2.17.4 or higher. You can enforce this update by adding an overrides block to your package.json: "overrides": { "sanitize-html": ">=2.17.4" } After updating the package.json, running npm install will apply the patch. I am disclosing this vulnerability responsibly and will keep the details private until a patch has been released. Please let me know if you need any further information or assistance with the fix. Best regards, Mehmet Kozan Security Researcher Email: twanske1@gmail.com --- ## Description: This PR addresses the critical XSS vulnerability detailed above. By enforcing `sanitize-html` to be version `>=2.17.4` via the `overrides` block in `package.json`, the `<xmp>` tag parsing flaw is patched. No UI changes or new text strings were added. ## Please complete the following: - [ ] I have added screenshots for all UI updates (N/A - Security patch in package.json) - [ ] I process any text displayed to the user through translateText() and I've added it to the en.json file (N/A) - [ ] I have added relevant tests to the test directory (N/A) - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: hz.mehmetsultan	2026-05-15 16:37:02 -07:00
dependabot[bot]	922e03d5fb	Bump ip-address from 10.1.0 to 10.2.0 in the npm_and_yarn group across 1 directory (#3862 ) Bumps the npm_and_yarn group with 1 update in the / directory: [ip-address](https://github.com/beaugunderson/ip-address). Updates `ip-address` from 10.1.0 to 10.2.0 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/beaugunderson/ip-address/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ip-address&package-manager=npm_and_yarn&previous-version=10.1.0&new-version=10.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-06 20:17:09 -06:00
VariableVince	eca5794ebb	Chore(deps): Update and remove dependencies (#3819 ) ## Description: Only mentioning removals/major updates/notable changes below, not all minor upgrades. ### Removed: - "@aws-sdk/client-s3": not used anywhere (was used in Archive.ts previously) - chai, "@types/chai", sinon-chai: not used anywhere, probably leftover. Vitest uses a bundled version of Chai for its expect asserations under the hood too. - protobufjs, "@types/google-protobuf": not used anywhere, probably left from evan's experiment with it? Removed from vite.config.ts too. - "@types/jquery": not used anywhere, probably leftover - sinon, "@types/sinon": not used anywhere just like chai, probably leftover. And Vitest provides us with the same functionality. - "@types/systeminformation": dependency systeminformation was removed last year, this is an unneeded, deprecated and unmaintained remainder. - vite-tsconfig-paths: removed, and removed the import and usage in vite.config.ts and replaced it by adding `tsconfigPaths: true` to the `resolve` block. Because of this message displayed on running the tests: "The plugin "vite-tsconfig-paths" is detected. Vite now supports tsconfig paths resolution natively via the resolve.tsconfigPaths option. You can remove the plugin and set resolve.tsconfigPaths: true in your Vite config instead." - vite-plugin-static-copy: removed, we don't use it anymore (was used in our vite.config.ts once,, probably before Vite natively supported copying static assets via its publicDir configuration) ### Updated: - color.js: v0.5 > v0.6, no breaking change affecting us - cross-env: v7 > v10. It's a publicly archived repo since Nov 2025. But before that he got it up-to-date from June 2025, porting to TS, dropping old Node versions, dependencies etc. Seems still good to use for some amount of time to come. - dotenv: v16 > v17, now logs an informational message by default when it loads an environment file. Can be disabled by using dotenv.config({quite: true}) if needed. - ejs: v3 > v5: security patches mostly. Vite still uses v3 btw. - eslint: v9 > v10. Newly enabled rules by default: 'no-unassigned-vars', 'no-useless-assignment' and 'preserve-caught-error'. Mostly faster and minimum support moved to higher node versions, which shouldn't be a problem. - "@eslint/compat": v1 > v2. Minimum supported Node versions, which should not be a problem. - intl-messageformat: v10 > v11 no breaking changes that affect us - jdom: v27 > v29. Faster. Most notably minimum support moved to higher node v22 version, which should not be a problem. Also, see types/node, kind of expecting v24 to be installed now. - nanoid: from v3 to v5, no breaking changes that affect us - "@opentelemetry/sdk-logs": now that addLogRecordProcessor is removed, changed Logger.ts to pass an (empty) provider array directly to the LoggerProvider constructor. Follows the changes in https://github.com/open-telemetry/opentelemetry-js/pull/5588 - "@tailwindcss/vite": supports vite v8 from 4.2.2, and a fix for it in 4.2.4 - tailwindcss: supports vite v8 from 4.2.2 -- in 4.1.15 (we were already above this version) break-words was deprecated in favor of wrap-break-word. But break-words, which we use in 15 places, will still work as expected (https://github.com/tailwindlabs/tailwindcss/pull/19157). Same goes for also deprecated "order-none". - "@types/node": from v22 to v24, assuming most now use node 24 - vite v7 > v8: -- is now on 8.0.10 so first bugs are out of it, while v8 itself also fixed a big number of bugs. -- in vite.config.ts, fixed Ts error/compilation issue by changing the manualChunks option in build.rollupOptions.output to use the function syntax, which is required by the updated types instead of the object syntax. - zod: no changes that affect us ### Prettier: Updated only because of (new because of update?) Prettier errors for files untouched in this PR originally: - PathFinder.Parabola.ts - WorkerMessages.ts - ClanModal.handlers.test.ts - ClanModal.rendering.test.ts‎ - CONTRIBUTING.md - README.md ### ESLint: Fixes needed to silence errors coming from newly enabled recommended rules 'no-useless-assignment' and 'preserve-caught-error': For 'no-useless-assignment' (default assignment never used because of unreachable code or they are guaranteed to get a value, so they can be undefinedat the start. Exception was AttackExecution, so made the default value of 0 the default case in the switch statement): - ClientGameRunner - GameModeSelector - NameBoxCalculator - StructureDrawingUtils - TerritoryLayer - Diagnostics - GameRunner - ColorAllocator - DefaultConfig - AttackExecution - AiAttackBehavior - Worker.worker - GamePreviewBuilder For 'preserve-caught-error', disabled the rule here because the possible fix `{cause: error}` was introduced in ES2022 while we're still on target ES2020 currently: - GameServer - Privilege _Error: The value assigned to 'gameMap' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'timeDisplay' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'scalingFactor' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'radius' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'teamColor' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'gl' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'power' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'tickExecutionDuration' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'selectedIndex' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'mag' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'speed' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'matchesCriteria' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'shouldContinue' is not used in subsequent statements. (no-useless-assignment) Error: The value assigned to 'description' is not used in subsequent statements. (no-useless-assignment) Error: There is no `cause` attached to the symptom error being thrown. (preserve-caught-error) Error: There is no `cause` attached to the symptom error being thrown. (preserve-caught-error)_ All tests pass. TypeScript and ESLint errors resolved. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: tryout33 --------- Co-authored-by: Copilot <copilot@github.com>	2026-05-06 09:12:27 -06:00
VariableVince	775d9a0f0c	Chore(deps): Update pixijs to 8.18.1 (#3812 ) ## Description: Update pixijs to 8.18.1, mostly because we might want to use the ability to send AutoDetectRenderer an array as "preference". And because we want to stay up-to-date with fixes to a renderer we use. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: tryout33	2026-05-02 08:32:41 -06:00
VariableVince	914c7e750f	Remove "uuid" dependency (#3811 ) ## Description: One dependency less: remove uuid. It is only used to get the three random digits after "Anon" if no name is present in localStorage. Crypto.randomUUID also gives us a UUID v4 and can already be used from Utils > generateCryptoRandomUUID. Not noticable when it comes to speed either. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: tryout33	2026-05-01 17:00:45 -06:00
babyboucher	4f20d2b332	TypeScript update to 6.0.3 (#3806 ) ## Description: Updating TypeScript to 6.0.3. Updating TypeScript-eslint to 8.59.1 for TS6 support. Concurrently needed to get updated as well to remove deprecated warning. Most things deleted are now just defaults. ## Please complete the following: - [X] I have added screenshots for all UI updates - [X] I process any text displayed to the user through translateText() and I've added it to the en.json file - [X] I have added relevant tests to the test directory - [X] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: Babyboucher	2026-04-30 15:49:24 -06:00
dependabot[bot]	ca9dc4e2e0	Bump the npm_and_yarn group across 1 directory with 2 updates (#3766 ) Bumps the npm_and_yarn group with 2 updates in the / directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [postcss](https://github.com/postcss/postcss). Updates `fast-xml-parser` from 5.5.8 to 5.7.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's releases</a>.</em></p> <blockquote> <h2>upgrade <code>@nodable/entities</code> and FXB</h2> <ul> <li>Use <code>@nodable/entities</code> v2.1.0 <ul> <li>breaking changes <ul> <li>single entity scan. You're not allowed to use entity value to form another entity name.</li> <li>you cant add numeric external entity</li> <li>entity error message when expantion limit is crossed might change</li> </ul> </li> <li>typings are updated for new options related to process entity</li> <li>please follow documentation of <code>@nodable/entities</code> for more detail.</li> <li>performance <ul> <li>if processEntities is false, then there should not be impact on performance.</li> <li>if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%</li> <li>if processEntities is true, and you pass entity decoder separately <ul> <li>if no entity then performance should be same as before</li> <li>if there are entities then performance should be increased from past versions</li> </ul> </li> </ul> </li> <li>ignoreAttributes is not required to be set to set xml version for NCR entity value</li> </ul> </li> <li>update 'fast-xml-builder' to sanitize malicious CDATA and comment's content</li> </ul> <h2>use <code>@nodable/entities</code> to replace entities</h2> <ul> <li>No API change</li> <li>No change in performance for basic usage</li> <li>No typing change</li> <li>No config change</li> <li>new dependency</li> <li>breaking: error messages for entities might have been changed.</li> <li></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0</a></p> <h2>performance improvment, increase entity expansion default limit</h2> <ul> <li>increase default entity explansion limit as many projects demand for that</li> </ul> <pre><code>maxEntitySize: 10000, maxExpansionDepth: 10000, maxTotalExpansions: Infinity, maxExpandedLength: 100000, maxEntityCount: 1000, </code></pre> <ul> <li>performance improvement <ul> <li>reduce calls to toString</li> <li>early return when entities are not present</li> <li>prepare rawAttrsForMatcher only if user sets <code>jPath: false</code></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10</a></p> <h2>fix typins and matcher instance in callbacks</h2> <p>combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p>Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion</p> <p><strong>5.7.2 / 2026-04-25</strong></p> <ul> <li>allow numerical external entity for backward compatibility</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705">#705</a>: attributesGroupName working with preserveOrder</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817">#817</a>: stackoverflow when tag expression is very long</li> </ul> <p><strong>5.7.1 / 2026-04-20</strong></p> <ul> <li>fix typo in CJS typing file</li> </ul> <p><strong>5.7.0 / 2026-04-17</strong></p> <ul> <li>Use <code>@nodable/entities</code> v2.1.0 <ul> <li>breaking changes <ul> <li>single entity scan. You're not allowed to user entity value to form another entity name.</li> <li>you cant add numeric external entity</li> <li>entity error message when expantion limit is crossed might change</li> </ul> </li> <li>typings are updated for new options related to process entity</li> <li>please follow documentation of <code>@nodable/entities</code> for more detail.</li> <li>performance <ul> <li>if processEntities is false, then there should not be impact on performance.</li> <li>if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%</li> <li>if processEntities is true, and you pass entity decoder separately <ul> <li>if no entity then performance should be same as before</li> <li>if there are entities then performance should be increased from past versions</li> </ul> </li> </ul> </li> <li>ignoreAttributes is not required to be set to set xml version for NCR entity value</li> </ul> </li> <li>update 'fast-xml-builder' to sanitize malicious CDATA and comment's content</li> </ul> <p><strong>5.6.0 / 2026-04-15</strong></p> <ul> <li>fix: entity replacement for numeric entities</li> <li>use <code>@nodable/entities</code> to replace entities <ul> <li>this may change some error messages related to entities expansion limit or inavlid use</li> <li>post check would be exposed in future version</li> </ul> </li> </ul> <p><strong>5.5.12 / 2026-04-13</strong></p> <ul> <li>Performance Improvement: update path-expression-matcher <ul> <li>use proxy pattern than Proxy class</li> </ul> </li> </ul> <p><strong>5.5.11 / 2026-04-08</strong></p> <ul> <li>Performance Improvement <ul> <li>integrate ExpressionSet for stopNodes</li> </ul> </li> </ul> <p><strong>5.5.10 / 2026-04-03</strong></p> <ul> <li>increase default entity explansion limit as many projects demand for that</li> <li>performance improvement <ul> <li>reduce calls to toString</li> <li>early return when entities are not present</li> <li>prepare rawAttrsForMatcher only if user sets <code>jPath: false</code></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/0f08303189d541b08401d15a7137dc238a815fa7"><code>0f08303</code></a> fix typo</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f529642d760ef53bb9115ad4798af5dc77ac22c4"><code>f529642</code></a> update to release v5.7.0</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/52a8583465d6a67ad19e86fe34714879a981c18e"><code>52a8583</code></a> Revert "improve performance of attributes reading"</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/8d187f9abaf42ebdd85623a9ae942b08e8ae5d0c"><code>8d187f9</code></a> update builder</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/e174168a72a65a8fccad2c42bde329d2167edf27"><code>e174168</code></a> improve performance of attributes reading</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/79a8dde50cebaeeda75cc1ad5b97c328da106316"><code>79a8dde</code></a> update docs</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f5cd5a595f313ed7b0820cabfa82ebdaa08651f7"><code>f5cd5a5</code></a> set xml version to decoder even if attributes are ignored</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f44b9236f4bee07bba75f0549fe86c981b1aeeef"><code>f44b923</code></a> remove unwanted tests</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/869ec8b3588304a3a6aa9f22e38445e06d4547c8"><code>869ec8b</code></a> Use <code>@nodable/entities</code> v2.1.0</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/7cb49e51cd060caecf296fbf718a98d8c044c8c5"><code>7cb49e5</code></a> update release detail</li> <li>Additional commits viewable in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.8...v5.7.1">compare view</a></li> </ul> </details> <br /> Updates `postcss` from 8.5.6 to 8.5.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986"><code>33b9790</code></a> Release 8.5.10 version</li> <li><a href="https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b"><code>536c79e</code></a> Escape </style> in CSS output (<a href="https://redirect.github.com/postcss/postcss/issues/2074">#2074</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4"><code>afa96b2</code></a> Update dependencies (<a href="https://redirect.github.com/postcss/postcss/issues/2073">#2073</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d"><code>effe88b</code></a> Typo (<a href="https://redirect.github.com/postcss/postcss/issues/2072">#2072</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad"><code>3ee79a2</code></a> Thread model (<a href="https://redirect.github.com/postcss/postcss/issues/2071">#2071</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01"><code>2e0683d</code></a> Create incident response docs (<a href="https://redirect.github.com/postcss/postcss/issues/2070">#2070</a>)</li> <li><a href="https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9"><code>fe88ac2</code></a> Release 8.5.9 version</li> <li><a href="https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e"><code>c551632</code></a> Avoid RegExp when we can use simple JS</li> <li><a href="https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a"><code>89a6b74</code></a> Move SECURITY.txt for docs folder to keep GitHub page cleaner</li> <li><a href="https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b"><code>6ceb8a4</code></a> Create SECURITY.md</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.5.6...8.5.10">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-25 11:56:59 -06:00
dependabot[bot]	1aaa3ba99f	Bump uuid from 11.1.0 to 14.0.0 in the npm_and_yarn group across 1 directory (#3745 ) Bumps the npm_and_yarn group with 1 update in the / directory: [uuid](https://github.com/uuidjs/uuid). Updates `uuid` from 11.1.0 to 14.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/uuidjs/uuid/releases">uuid's releases</a>.</em></p> <blockquote> <h2>v14.0.0</h2> <h2><a href="https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0">14.0.0</a> (2026-04-19)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>expect <code>crypto</code> to be global everywhere (requires node@20+) (<a href="https://redirect.github.com/uuidjs/uuid/issues/935">#935</a>)</li> <li>drop node@18 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/934">#934</a>)</li> </ul> <h3>Features</h3> <ul> <li>drop node@18 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/934">#934</a>) (<a href="https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3">dc4ddb8</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>expect <code>crypto</code> to be global everywhere (requires node@20+) (<a href="https://redirect.github.com/uuidjs/uuid/issues/935">#935</a>) (<a href="https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4">f2c235f</a>)</li> <li>Use GITHUB_TOKEN for release-please and enable npm provenance (<a href="https://redirect.github.com/uuidjs/uuid/issues/925">#925</a>) (<a href="https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c">ffa3138</a>)</li> </ul> <h2>v13.0.0</h2> <h2><a href="https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0">13.0.0</a> (2025-09-08)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>make browser exports the default (<a href="https://redirect.github.com/uuidjs/uuid/issues/901">#901</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>make browser exports the default (<a href="https://redirect.github.com/uuidjs/uuid/issues/901">#901</a>) (<a href="https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a">bce9d72</a>)</li> </ul> <h2>v12.0.0</h2> <h2><a href="https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0">12.0.0</a> (2025-09-05)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>update to typescript@5.2 (<a href="https://redirect.github.com/uuidjs/uuid/issues/887">#887</a>)</li> <li>remove CommonJS support (<a href="https://redirect.github.com/uuidjs/uuid/issues/886">#886</a>)</li> <li>drop node@16 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/883">#883</a>)</li> </ul> <h3>Features</h3> <ul> <li>add node@24 to ci matrix (<a href="https://redirect.github.com/uuidjs/uuid/issues/879">#879</a>) (<a href="https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92">42b6178</a>)</li> <li>drop node@16 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/883">#883</a>) (<a href="https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530">0f38cf1</a>)</li> <li>remove CommonJS support (<a href="https://redirect.github.com/uuidjs/uuid/issues/886">#886</a>) (<a href="https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f">ae786e2</a>)</li> <li>update to typescript@5.2 (<a href="https://redirect.github.com/uuidjs/uuid/issues/887">#887</a>) (<a href="https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01">c7ee405</a>)</li> </ul> <h3>Bug Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md">uuid's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0">14.0.0</a> (2026-04-19)</h2> <h3>Security</h3> <ul> <li>Fixes <a href="https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq">GHSA-w5hq-g745-h8pq</a>: <code>v3()</code>, <code>v5()</code>, and <code>v6()</code> did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid <code>offset</code> was provided. A <code>RangeError</code> is now thrown if <code>offset < 0</code> or <code>offset + 16 > buf.length</code>.</li> </ul> <h3>⚠ BREAKING CHANGES</h3> <ul> <li><code>crypto</code> is now expected to be globally defined (requires node@20+) (<a href="https://redirect.github.com/uuidjs/uuid/issues/935">#935</a>)</li> <li>drop node@18 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/934">#934</a>)</li> <li>upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years</li> </ul> <h2><a href="https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0">13.0.0</a> (2025-09-08)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>make browser exports the default (<a href="https://redirect.github.com/uuidjs/uuid/issues/901">#901</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>make browser exports the default (<a href="https://redirect.github.com/uuidjs/uuid/issues/901">#901</a>) (<a href="https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a">bce9d72</a>)</li> </ul> <h2><a href="https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0">12.0.0</a> (2025-09-05)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>update to typescript@5.2 (<a href="https://redirect.github.com/uuidjs/uuid/issues/887">#887</a>)</li> <li>remove CommonJS support (<a href="https://redirect.github.com/uuidjs/uuid/issues/886">#886</a>)</li> <li>drop node@16 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/883">#883</a>)</li> </ul> <h3>Features</h3> <ul> <li>add node@24 to ci matrix (<a href="https://redirect.github.com/uuidjs/uuid/issues/879">#879</a>) (<a href="https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92">42b6178</a>)</li> <li>drop node@16 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/883">#883</a>) (<a href="https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530">0f38cf1</a>)</li> <li>remove CommonJS support (<a href="https://redirect.github.com/uuidjs/uuid/issues/886">#886</a>) (<a href="https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f">ae786e2</a>)</li> <li>update to typescript@5.2 (<a href="https://redirect.github.com/uuidjs/uuid/issues/887">#887</a>) (<a href="https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01">c7ee405</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>improve v4() performance (<a href="https://redirect.github.com/uuidjs/uuid/issues/894">#894</a>) (<a href="https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197">5fd974c</a>)</li> <li>restore node: prefix (<a href="https://redirect.github.com/uuidjs/uuid/issues/889">#889</a>) (<a href="https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507">e1f42a3</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b"><code>7c1ea08</code></a> chore(main): release 14.0.0 (<a href="https://redirect.github.com/uuidjs/uuid/issues/926">#926</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34"><code>3d2c5b0</code></a> Merge commit from fork</li> <li><a href="https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4"><code>f2c235f</code></a> fix!: expect <code>crypto</code> to be global everywhere (requires node@20+) (<a href="https://redirect.github.com/uuidjs/uuid/issues/935">#935</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212"><code>529ef08</code></a> chore: upgrade TypeScript and fixup types (<a href="https://redirect.github.com/uuidjs/uuid/issues/927">#927</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087"><code>086fd79</code></a> chore: update dependencies (<a href="https://redirect.github.com/uuidjs/uuid/issues/933">#933</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3"><code>dc4ddb8</code></a> feat!: drop node@18 support (<a href="https://redirect.github.com/uuidjs/uuid/issues/934">#934</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404"><code>0f1f9c9</code></a> chore: switch to Biome for parsing and linting (<a href="https://redirect.github.com/uuidjs/uuid/issues/932">#932</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013"><code>e2879e6</code></a> chore: use maintained version of npm-run-all (<a href="https://redirect.github.com/uuidjs/uuid/issues/930">#930</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c"><code>ffa3138</code></a> fix: Use GITHUB_TOKEN for release-please and enable npm provenance (<a href="https://redirect.github.com/uuidjs/uuid/issues/925">#925</a>)</li> <li><a href="https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4"><code>0423d49</code></a> docs: remove obsolete v1 option notes (<a href="https://redirect.github.com/uuidjs/uuid/issues/915">#915</a>)</li> <li>Additional commits viewable in <a href="https://github.com/uuidjs/uuid/compare/v11.1.0...v14.0.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for uuid since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uuid&package-manager=npm_and_yarn&previous-version=11.1.0&new-version=14.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-23 11:39:22 -07:00
dependabot[bot]	9df0569c5e	Bump @xmldom/xmldom from 0.8.12 to 0.8.13 in the npm_and_yarn group across 1 directory (#3742 ) Bumps the npm_and_yarn group with 1 update in the / directory: [@xmldom/xmldom](https://github.com/xmldom/xmldom). Updates `@xmldom/xmldom` from 0.8.12 to 0.8.13 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/xmldom/xmldom/releases"><code>@xmldom/xmldom</code>'s releases</a>.</em></p> <blockquote> <h2>0.8.13</h2> <p><a href="https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13">Commits</a></p> <h3>Fixed</h3> <ul> <li>Security: <code>XMLSerializer.serializeToString()</code> (and <code>Node.toString()</code>, <code>NodeList.toString()</code>) now accept a <code>requireWellFormed</code> option (fourth argument, after <code>isHtml</code> and <code>nodeFilter</code>). When <code>{ requireWellFormed: true }</code> is passed, the serializer throws <code>InvalidStateError</code> for injection-prone node content, preventing XML injection via attacker-controlled node data. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8"><code>GHSA-j759-j44w-7fr8</code></a> <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx"><code>GHSA-x6wf-f3px-wcqx</code></a> <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h"><code>GHSA-f6ww-3ggp-fr8h</code></a> <ul> <li>Comment: throws when <code>data</code> contains <code>--></code></li> <li>ProcessingInstruction: throws when <code>data</code> contains <code>?></code></li> <li>DocumentType: throws when <code>publicId</code> fails <code>PubidLiteral</code>, <code>systemId</code> fails <code>SystemLiteral</code>, or <code>internalSubset</code> contains <code>]></code></li> </ul> </li> <li>Security: DOM traversal operations (<code>XMLSerializer.serializeToString()</code>, <code>Node.prototype.normalize()</code>, <code>Node.prototype.cloneNode(true)</code>, <code>Document.prototype.importNode(node, true)</code>, <code>node.textContent</code> getter, <code>getElementsByTagName()</code> / <code>getElementsByTagNameNS()</code> / <code>getElementsByClassName()</code> / <code>getElementById()</code>) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable <code>RangeError</code>. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"><code>GHSA-2v35-w6hq-6mfw</code></a></li> </ul> <p>Thank you, <a href="https://github.com/Jvr2022"><code>@Jvr2022</code></a>, <a href="https://github.com/praveen-kv"><code>@praveen-kv</code></a>, <a href="https://github.com/TharVid"><code>@TharVid</code></a>, <a href="https://github.com/decsecre583"><code>@decsecre583</code></a>, <a href="https://github.com/tlsbollei"><code>@tlsbollei</code></a>, <a href="https://github.com/KarimTantawey"><code>@KarimTantawey</code></a>, for your contributions</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md"><code>@xmldom/xmldom</code>'s changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13">0.8.13</a></h2> <h3>Fixed</h3> <ul> <li>Security: <code>XMLSerializer.serializeToString()</code> (and <code>Node.toString()</code>, <code>NodeList.toString()</code>) now accept a <code>requireWellFormed</code> option (fourth argument, after <code>isHtml</code> and <code>nodeFilter</code>). When <code>{ requireWellFormed: true }</code> is passed, the serializer throws <code>InvalidStateError</code> for injection-prone node content, preventing XML injection via attacker-controlled node data. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8"><code>GHSA-j759-j44w-7fr8</code></a> <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx"><code>GHSA-x6wf-f3px-wcqx</code></a> <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h"><code>GHSA-f6ww-3ggp-fr8h</code></a> <ul> <li>Comment: throws when <code>data</code> contains <code>--></code></li> <li>ProcessingInstruction: throws when <code>data</code> contains <code>?></code></li> <li>DocumentType: throws when <code>publicId</code> fails <code>PubidLiteral</code>, <code>systemId</code> fails <code>SystemLiteral</code>, or <code>internalSubset</code> contains <code>]></code></li> </ul> </li> <li>Security: DOM traversal operations (<code>XMLSerializer.serializeToString()</code>, <code>Node.prototype.normalize()</code>, <code>Node.prototype.cloneNode(true)</code>, <code>Document.prototype.importNode(node, true)</code>, <code>node.textContent</code> getter, <code>getElementsByTagName()</code> / <code>getElementsByTagNameNS()</code> / <code>getElementsByClassName()</code> / <code>getElementById()</code>) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable <code>RangeError</code>. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"><code>GHSA-2v35-w6hq-6mfw</code></a></li> </ul> <p>Thank you, <a href="https://github.com/Jvr2022"><code>@Jvr2022</code></a>, <a href="https://github.com/praveen-kv"><code>@praveen-kv</code></a>, <a href="https://github.com/TharVid"><code>@TharVid</code></a>, <a href="https://github.com/decsecre583"><code>@decsecre583</code></a>, <a href="https://github.com/tlsbollei"><code>@tlsbollei</code></a>, <a href="https://github.com/KarimTantawey"><code>@KarimTantawey</code></a>, for your contributions</p> <h2><a href="https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9">0.9.9</a></h2> <h3>Added</h3> <ul> <li>implement <code>ParentNode.children</code> getter <a href="https://redirect.github.com/xmldom/xmldom/pull/960"><code>[#960](https://github.com/xmldom/xmldom/issues/960)</code></a> / <a href="https://redirect.github.com/xmldom/xmldom/issues/410"><code>[#410](https://github.com/xmldom/xmldom/issues/410)</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>Security: <code>createCDATASection</code> now throws <code>InvalidCharacterError</code> when <code>data</code> contains <code>"]]>"</code>, as required by the <a href="https://dom.spec.whatwg.org/#dom-document-createcdatasection">WHATWG DOM spec</a>. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> <li>Security: <code>XMLSerializer</code> now splits CDATASection nodes whose data contains <code>"]]>"</code> into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (<code>appendData</code>, <code>replaceData</code>, <code>.data =</code>, <code>.textContent =</code>). <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> <li>correctly traverse ancestor chain in <code>Node.contains</code> <a href="https://redirect.github.com/xmldom/xmldom/pull/931"><code>[#931](https://github.com/xmldom/xmldom/issues/931)</code></a></li> </ul> <p>Code that passes a string containing <code>"]]>"</code> to <code>createCDATASection</code> and relied on the previously unsafe behavior will now receive <code>InvalidCharacterError</code>. Use a mutation method such as <code>appendData</code> if you intentionally need <code>"]]>"</code> in a CDATASection node's data.</p> <h3>Chore</h3> <ul> <li>updated dependencies</li> </ul> <p>Thank you, <a href="https://github.com/stevenobiajulu"><code>@stevenobiajulu</code></a>, <a href="https://github.com/yoshi389111"><code>@yoshi389111</code></a>, <a href="https://github.com/thesmartshadow"><code>@thesmartshadow</code></a>, for your contributions</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85"><code>e5c1480</code></a> 0.8.13</li> <li><a href="https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c"><code>9611e20</code></a> style: drop unused import in test file</li> <li><a href="https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62"><code>dc4dff3</code></a> docs: add 0.8.13 changelog entry</li> <li><a href="https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc"><code>842fa38</code></a> fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)</li> <li><a href="https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c"><code>aeff69f</code></a> test: add normalize behavioral coverage to node.test.js</li> <li><a href="https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88"><code>cbdb0d7</code></a> fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)</li> <li><a href="https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5"><code>0b543d3</code></a> test: assert namespace declarations are isolated between siblings in serializ...</li> <li><a href="https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87"><code>c007c51</code></a> refactor: migrate serializeToString to walkDOM</li> <li><a href="https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025"><code>2bb3899</code></a> test: add serializeToString coverage for uncovered branches</li> <li><a href="https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe"><code>e69f38d</code></a> refactor: migrate importNode to walkDOM</li> <li>Additional commits viewable in <a href="https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~karfau">karfau</a>, a new releaser for <code>@xmldom/xmldom</code> since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@xmldom/xmldom&package-manager=npm_and_yarn&previous-version=0.8.12&new-version=0.8.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-23 10:01:35 -07:00
dependabot[bot]	bf79a0cd56	Bump protobufjs from 7.5.3 to 7.5.5 in the npm_and_yarn group across 1 directory (#3698 ) Bumps the npm_and_yarn group with 1 update in the / directory: [protobufjs](https://github.com/protobufjs/protobuf.js). Updates `protobufjs` from 7.5.3 to 7.5.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/protobufjs/protobuf.js/releases">protobufjs's releases</a>.</em></p> <blockquote> <h2>protobufjs: v7.5.4</h2> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4">7.5.4</a> (2025-08-15)</h2> <h3>Bug Fixes</h3> <ul> <li>invalid syntax in descriptor.proto (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2092">#2092</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760">5a3769a</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md">protobufjs's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1">8.0.1</a> (2026-03-11)</h2> <h3>Bug Fixes</h3> <ul> <li>bump protobufjs dependency version for cli package (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2128">#2128</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377">549b05e</a>)</li> <li>correct json syntax in tsconfig.json (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2120">#2120</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687">8065625</a>)</li> <li><strong>descriptor:</strong> guard oneof index for non-Type parents (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2122">#2122</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728">1cac5cf</a>)</li> <li>do not allow setting <strong>proto</strong> in Message constructor (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad">f05e3c3</a>)</li> <li>filter invalid characters from the type name (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75">535df44</a>)</li> </ul> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0">8.0.0</a> (2025-12-16)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>add Edition 2024 Support (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>)</li> </ul> <h3>Features</h3> <ul> <li>add Edition 2024 Support (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7">53e8492</a>)</li> </ul> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4">7.5.4</a> (2025-08-15)</h2> <h3>Bug Fixes</h3> <ul> <li>invalid syntax in descriptor.proto (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2092">#2092</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760">5a3769a</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47"><code>b7bdfaf</code></a> chore: release 7.5.5</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956"><code>ff7b2af</code></a> fix: filter invalid characters from the type name (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482"><code>086b19d</code></a> fix: do not allow setting <strong>proto</strong> in Message constructor (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041"><code>827ff8e</code></a> chore: release master (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2093">#2093</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760"><code>5a3769a</code></a> fix: invalid syntax in descriptor.proto (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2092">#2092</a>)</li> <li>See full diff in <a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.5">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~fenster">fenster</a>, a new releaser for protobufjs since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=protobufjs&package-manager=npm_and_yarn&previous-version=7.5.3&new-version=7.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-17 17:33:03 -07:00
dependabot[bot]	31baeacdf4	Bump dompurify from 3.3.2 to 3.4.0 in the npm_and_yarn group across 1 directory (#3693 ) Bumps the npm_and_yarn group with 1 update in the / directory: [dompurify](https://github.com/cure53/DOMPurify). Updates `dompurify` from 3.3.2 to 3.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.4.0</h2> <p><strong>Most relevant changes:</strong></p> <ul> <li>Fixed a problem with <code>FORBID_TAGS</code> not winning over <code>ADD_TAGS</code>, thanks <a href="https://github.com/kodareef5"><code>@kodareef5</code></a></li> <li>Fixed several minor problems and typos regarding MathML attributes, thanks <a href="https://github.com/DavidOliver"><code>@DavidOliver</code></a></li> <li>Fixed <code>ADD_ATTR</code>/<code>ADD_TAGS</code> function leaking into subsequent array-based calls, thanks <a href="https://github.com/1Jesper1"><code>@1Jesper1</code></a></li> <li>Fixed a missing <code>SAFE_FOR_TEMPLATES</code> scrub in <code>RETURN_DOM</code> path, thanks <a href="https://github.com/bencalif"><code>@bencalif</code></a></li> <li>Fixed a prototype pollution via <code>CUSTOM_ELEMENT_HANDLING</code>, thanks <a href="https://github.com/trace37labs"><code>@trace37labs</code></a></li> <li>Fixed an issue with <code>ADD_TAGS</code> function form bypassing <code>FORBID_TAGS</code>, thanks <a href="https://github.com/eddieran"><code>@eddieran</code></a></li> <li>Fixed an issue with <code>ADD_ATTR</code> predicates skipping URI validation, thanks <a href="https://github.com/christos-eth"><code>@christos-eth</code></a></li> <li>Fixed an issue with <code>USE_PROFILES</code> prototype pollution, thanks <a href="https://github.com/christos-eth"><code>@christos-eth</code></a></li> <li>Fixed an issue leading to possible mXSS via Re-Contextualization, thanks <a href="https://github.com/researchatfluidattacks"><code>@researchatfluidattacks</code></a> and others</li> <li>Fixed an issue with closing tags leading to possible mXSS, thanks <a href="https://github.com/frevadiscor"><code>@frevadiscor</code></a></li> <li>Fixed a problem with the type dentition patcher after Node version bump</li> <li>Fixed freezing BS runs by reducing the tested browsers array</li> <li>Bumped several dependencies where possible</li> <li>Added needed files for OpenSSF scorecard checks</li> </ul> <p><strong>Published Advisories are here:</strong> <a href="https://github.com/cure53/DOMPurify/security/advisories?state=published">https://github.com/cure53/DOMPurify/security/advisories?state=published</a></p> <h2>DOMPurify 3.3.3</h2> <ul> <li>Fixed an engine requirement for Node 20 which caused hiccups, thanks <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9"><code>5b16e0b</code></a> Getting 3.x branch ready for 3.4.0 release (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1250">#1250</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27"><code>8bcbf73</code></a> chore: Preparing 3.3.3 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c"><code>5faddd6</code></a> fix: engine requirement (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1210">#1210</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af"><code>0f91e3a</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea"><code>d5ff1a8</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li><a href="https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462"><code>c3efd48</code></a> fix: moved back from jsdom 28 to jsdom 20</li> <li><a href="https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885"><code>988b888</code></a> fix: moved back from jsdom 28 to jsdom 20</li> <li><a href="https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67"><code>2726c74</code></a> chore: Preparing 3.3.2 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1"><code>6202c7e</code></a> build(deps): bump <code>@tootallnate/once</code> and jsdom (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1204">#1204</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80"><code>302b51d</code></a> fix: Expanded the regex ever so slightly to also cover script</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dompurify&package-manager=npm_and_yarn&previous-version=3.3.2&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-16 10:50:24 +01:00
VariableVince	845ebd7d1a	Chore(deps): Update express-rate-limit (#3667 ) ## Description: Update express-rate-limit 7.5.0 > 8.3.2. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: tryout33	2026-04-14 10:50:51 -07:00
iamlewis	41c72a0f9e	UI Updates (#3616 ) ## Description: Updates Favicon and other key UI elements ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: iamlewis --------- Co-authored-by: iamharry <harrylong0905@gmail.com> Co-authored-by: FloPinguin <25036848+FloPinguin@users.noreply.github.com> Co-authored-by: evanpelle <evanpelle@gmail.com>	2026-04-13 19:51:08 -07:00
dependabot[bot]	cb6bb5415d	Bump vite from 7.3.0 to 7.3.2 in the npm_and_yarn group across 1 directory (#3605 ) Bumps the npm_and_yarn group with 1 update in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 7.3.0 to 7.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v7.3.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.3.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2">7.3.2</a> (2026-04-06)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li>avoid path traversal with optimize deps sourcemap handler (<a href="https://redirect.github.com/vitejs/vite/issues/22161">#22161</a>) (<a href="https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7">09d8c90</a>)</li> <li>backport <a href="https://redirect.github.com/vitejs/vite/issues/22159">#22159</a>, apply server.fs check to env transport (<a href="https://redirect.github.com/vitejs/vite/issues/22162">#22162</a>) (<a href="https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1">19db0f2</a>)</li> <li>check <code>server.fs</code> after stripping query as well (<a href="https://redirect.github.com/vitejs/vite/issues/22160">#22160</a>) (<a href="https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6">f8103cc</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1">7.3.1</a> (2026-01-07)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>add <code>ignoreOutdatedRequests</code> option to <code>optimizeDeps</code> (<a href="https://redirect.github.com/vitejs/vite/issues/21364">#21364</a>) (<a href="https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e">9d39d37</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999"><code>cc383e0</code></a> release: v7.3.2</li> <li><a href="https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7"><code>09d8c90</code></a> fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6"><code>f8103cc</code></a> fix: check <code>server.fs</code> after stripping query as well (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160">#22160</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1"><code>19db0f2</code></a> fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>, apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162">#22162</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1"><code>95e8923</code></a> release: v7.3.1</li> <li><a href="https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e"><code>9d39d37</code></a> feat: add <code>ignoreOutdatedRequests</code> option to <code>optimizeDeps</code> (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364">#21364</a>)</li> <li>See full diff in <a href="https://github.com/vitejs/vite/commits/v7.3.2/packages/vite">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=7.3.0&new-version=7.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-06 20:36:50 -07:00
dependabot[bot]	510dd3f63a	Bump lodash from 4.17.23 to 4.18.1 in the npm_and_yarn group across 1 directory (#3564 ) Bumps the npm_and_yarn group with 1 update in the / directory: [lodash](https://github.com/lodash/lodash). Updates `lodash` from 4.17.23 to 4.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.23&new-version=4.18.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-03 12:20:31 -07:00
dependabot[bot]	32ff622ea7	Bump @xmldom/xmldom from 0.8.11 to 0.8.12 in the npm_and_yarn group across 1 directory (#3557 ) Bumps the npm_and_yarn group with 1 update in the / directory: [@xmldom/xmldom](https://github.com/xmldom/xmldom). Updates `@xmldom/xmldom` from 0.8.11 to 0.8.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/xmldom/xmldom/releases"><code>@xmldom/xmldom</code>'s releases</a>.</em></p> <blockquote> <h2>0.8.12</h2> <p><a href="https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12">Commits</a></p> <h3>Fixed</h3> <ul> <li>preserve trailing whitespace in ProcessingInstruction data <a href="https://redirect.github.com/xmldom/xmldom/pull/962"><code>[#962](https://github.com/xmldom/xmldom/issues/962)</code></a> / <a href="https://redirect.github.com/xmldom/xmldom/issues/42"><code>[#42](https://github.com/xmldom/xmldom/issues/42)</code></a></li> <li>Security: <code>createCDATASection</code> now throws <code>InvalidCharacterError</code> when <code>data</code> contains <code>"]]>"</code>, as required by the <a href="https://dom.spec.whatwg.org/#dom-document-createcdatasection">WHATWG DOM spec</a>. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> <li>Security: <code>XMLSerializer</code> now splits CDATASection nodes whose data contains <code>"]]>"</code> into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (<code>appendData</code>, <code>replaceData</code>, <code>.data =</code>, <code>.textContent =</code>). <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> </ul> <p>Code that passes a string containing <code>"]]>"</code> to <code>createCDATASection</code> and relied on the previously unsafe behavior will now receive <code>InvalidCharacterError</code>. Use a mutation method such as <code>appendData</code> if you intentionally need <code>"]]>"</code> in a CDATASection node's data.</p> <p>Thank you, <a href="https://github.com/thesmartshadow"><code>@thesmartshadow</code></a>, <a href="https://github.com/stevenobiajulu"><code>@stevenobiajulu</code></a>, for your contributions</p> <p><a href="https://github.com/xmldom/xmldom/discussions/357">https://github.com/xmldom/xmldom/discussions/357</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md"><code>@xmldom/xmldom</code>'s changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12">0.8.12</a></h2> <h3>Fixed</h3> <ul> <li>preserve trailing whitespace in ProcessingInstruction data <a href="https://redirect.github.com/xmldom/xmldom/pull/962"><code>[#962](https://github.com/xmldom/xmldom/issues/962)</code></a> / <a href="https://redirect.github.com/xmldom/xmldom/issues/42"><code>[#42](https://github.com/xmldom/xmldom/issues/42)</code></a></li> <li>Security: <code>createCDATASection</code> now throws <code>InvalidCharacterError</code> when <code>data</code> contains <code>"]]>"</code>, as required by the <a href="https://dom.spec.whatwg.org/#dom-document-createcdatasection">WHATWG DOM spec</a>. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> <li>Security: <code>XMLSerializer</code> now splits CDATASection nodes whose data contains <code>"]]>"</code> into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (<code>appendData</code>, <code>replaceData</code>, <code>.data =</code>, <code>.textContent =</code>). <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> </ul> <p>Code that passes a string containing <code>"]]>"</code> to <code>createCDATASection</code> and relied on the previously unsafe behavior will now receive <code>InvalidCharacterError</code>. Use a mutation method such as <code>appendData</code> if you intentionally need <code>"]]>"</code> in a CDATASection node's data.</p> <p>Thank you, <a href="https://github.com/thesmartshadow"><code>@thesmartshadow</code></a>, <a href="https://github.com/stevenobiajulu"><code>@stevenobiajulu</code></a>, for your contributions</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xmldom/xmldom/commit/189cb78a83e81e1515880988a399e863a8be85ac"><code>189cb78</code></a> 0.8.12</li> <li><a href="https://github.com/xmldom/xmldom/commit/ed08df7572f4236d4fd88d16063c3fd8f59c7884"><code>ed08df7</code></a> fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (<a href="https://redirect.github.com/xmldom/xmldom/issues/968">#968</a>)</li> <li><a href="https://github.com/xmldom/xmldom/commit/a5b929ba008f067eeabb427c38de008e36a92796"><code>a5b929b</code></a> chore: clean up generated test artefacts before running ci-local</li> <li><a href="https://github.com/xmldom/xmldom/commit/4e37a205627a08eb64365b13c4e4cce5e86278cb"><code>4e37a20</code></a> ci: run format:check in lint job</li> <li><a href="https://github.com/xmldom/xmldom/commit/ac0ac7714f0e5a7bd7aff5c30f7733666cf03982"><code>ac0ac77</code></a> chore: ignore generated files when checking formatting</li> <li><a href="https://github.com/xmldom/xmldom/commit/968c8939438eec2eca1d003b333cd0fc4595c72d"><code>968c893</code></a> chore: add local CI script and format:check script</li> <li><a href="https://github.com/xmldom/xmldom/commit/ac40424adfa49429811095bcdaf6598255a81a39"><code>ac40424</code></a> fix: preserve trailing whitespace in ProcessingInstruction data (<a href="https://redirect.github.com/xmldom/xmldom/issues/962">#962</a>)</li> <li><a href="https://github.com/xmldom/xmldom/commit/cece7521a3c77da7a10f3fc66521e3e077c9974c"><code>cece752</code></a> chore: add .nvmrc pointing to node version 18</li> <li><a href="https://github.com/xmldom/xmldom/commit/cbf44d90a40703237d217598fa0bcd88770bfa0b"><code>cbf44d9</code></a> docs: improve links to changes in most recent release</li> <li>See full diff in <a href="https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~karfau">karfau</a>, a new releaser for <code>@xmldom/xmldom</code> since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@xmldom/xmldom&package-manager=npm_and_yarn&previous-version=0.8.11&new-version=0.8.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-02 11:18:49 -07:00
VariableVince	74b5affa75	Chore(deps): Migrate Express 4 > 5 (#3549 ) ## Description: Update from Express 4.22 > 5.2.1. And @types/express 4.17 > 5.0.6. ### CodeQL errors unjustified: Please dismiss the unjustified [CodeQL scanning results](https://github.com/openfrontio/OpenFrontIO/security/code-scanning?query=pr%3A3549+tool%3ACodeQL+is%3Aopen) for playground/server.ts: they were flagged for this PR but i didn't touch those specific parts of the file. More importantly: it is a test server, created by Mole/ @Aareksio. I made requests to dismiss the alerts but don't have the permissions to actually dismiss them myself Version 5 was the first major upgrade in 10 years when it was released in Sept 2024. 5.21 is from Dec 2025 so v5 teething problems should be over by now. Many of its dependencies also updated by some major versions. So it seems a worthy update but that is for you to decide. v4 will be EOL when v6 arrives, however that could be a year from now still maybe. - Migration: -- Updated package.json, ran `npm install "express@5"` and `npm install "@types/express@5.0.6"`. -- Used https://expressjs.com/en/guide/migrating-5.html -- Ran the codemods from the migration guide `npx codemod@latest @expressjs/v5-migration-recipe`. -- Checked manually. -- Checked again with help of Gemini 3.1 Pro based on same guide. -- Master.ts: use `splat` instead of ``, tested and going to non-existing URL lands back on index.html like it should. -- Worker.ts: MIME type _webp_ is now supported natively so remove added config. -- playground/server.ts: fix type error after upgrading types/express for `name` in `req.params`. And `app.listen` handles user provided callback on error, use that. The latter may not be not needed per se. -- While v5 does this now "When an error is thrown in an async function or a rejected promise is awaited inside an async function, those errors will be passed to the error handler as if calling next(err).", choose to leave our try/catch'es be. Since we use specific errors, probably easier for consistency in log searches and user reporting. - About performance: -- While [Express 5 seems a bit slower than 4](https://www.repoflow.io/blog/express-4-vs-express-5-benchmark-node-18-24), it is not by much especially on Node24 which we're on. Also there's a working group dedicated to improving Express performance, albeit they expect v6/7 to benefit from that more than v5 will. -- While there are faster alternatives in benchmarks, [in real-world usage Express still holds up as one of the best and even beats most 'faster' alternatives](https://medium.com/deno-the-complete-reference/node-js-the-fastest-web-framework-in-2025-static-file-server-case-1df462ad38cd). ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: tryout33	2026-03-31 12:35:40 -07:00
dependabot[bot]	1ceb99ac9f	Bump brace-expansion from 1.1.12 to 1.1.13 in the npm_and_yarn group across 1 directory (#3533 ) Bumps the npm_and_yarn group with 1 update in the / directory: [brace-expansion](https://github.com/juliangruber/brace-expansion). Updates `brace-expansion` from 1.1.12 to 1.1.13 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898"><code>6c353ca</code></a> 1.1.13</li> <li><a href="https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"><code>7fd684f</code></a> Backport fix for GHSA-f886-m6hf-6m8v (<a href="https://redirect.github.com/juliangruber/brace-expansion/issues/95">#95</a>)</li> <li>See full diff in <a href="https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brace-expansion&package-manager=npm_and_yarn&previous-version=1.1.12&new-version=1.1.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-30 13:46:58 -07:00
dependabot[bot]	c213a1deda	Bump the npm_and_yarn group across 1 directory with 2 updates (#3515 ) Bumps the npm_and_yarn group with 2 updates in the / directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) and [picomatch](https://github.com/micromatch/picomatch). Updates `fast-xml-parser` from 5.4.1 to 5.5.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's releases</a>.</em></p> <blockquote> <h2>fix entity expansion and incorrect replacement and performance</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.5...v5.5.6">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.5...v5.5.6</a></p> <h2>support onDangerousProperty</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.3...v5.5.5">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.3...v5.5.5</a></p> <h2>update dependecies to fix typings</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.1...v5.5.2">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.1...v5.5.2</a></p> <h2>integrate path-expression-matcher</h2> <ul> <li>support path-expression-matcher</li> <li>fix: stopNode should not be parsed</li> <li>performance improvement for stopNode checking</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p>Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion</p> <p><strong>4.5.5 / 2026-03-22</strong></p> <p>apply fixes from v5 (legacy maintenance branch v4-maintenance)</p> <ul> <li>support maxEntityCount</li> <li>support onDangerousProperty</li> <li>support maxNestedTags</li> <li>handle prototype pollution</li> <li>fix incorrect entity name replacement</li> <li>fix incorrect condition for entity expansion</li> </ul> <p><strong>5.5.8 / 2026-03-20</strong></p> <ul> <li>pass read only matcher in callback</li> </ul> <p><strong>5.5.7 / 2026-03-19</strong></p> <ul> <li>fix: entity expansion limits</li> <li>update strnum package to 2.2.0</li> </ul> <p><strong>5.5.6 / 2026-03-16</strong></p> <ul> <li>update builder dependency</li> <li>fix incorrect regex to replace . in entity name</li> <li>fix check for entitiy expansion for lastEntities and html entities too</li> </ul> <p><strong>5.5.5 / 2026-03-13</strong></p> <ul> <li>sanitize dangerous tag or attribute name</li> <li>error on critical property name</li> <li>support onDangerousProperty option</li> </ul> <p><strong>5.5.4 / 2026-03-13</strong></p> <ul> <li>declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher</li> </ul> <p><strong>5.5.3 / 2026-03-11</strong></p> <ul> <li>upgrade builder</li> </ul> <p><strong>5.5.2 / 2026-03-11</strong></p> <ul> <li>update dependency to fix typings</li> </ul> <p><strong>5.5.1 / 2026-03-10</strong></p> <ul> <li>fix dependency</li> </ul> <p><strong>5.5.0 / 2026-03-10</strong></p> <ul> <li>support path-expression-matcher</li> <li>fix: stopNode should not be parsed</li> <li>performance improvement for stopNode checking</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/a92a665e00c146a4ea3ff7760f3399e5ed51dfc5"><code>a92a665</code></a> pass read only matcher in call back</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/a21c44123cdf0f8fb5b56d33386ed3be4e180953"><code>a21c441</code></a> update package detail</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7"><code>239b64a</code></a> check for min value for entity exapantion options</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/61cb666d13044b483aa495a6c020789f22e670b4"><code>61cb666</code></a> restrict more properties to be unsafe</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/41abd66adc54cbc6ebea615a9f5396d8582afdb1"><code>41abd66</code></a> performance improvement of reading DOCTYPE</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/3dfcd20c8cffc310335510ff72a211be0672a8dd"><code>3dfcd20</code></a> refactor: performance improvement</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/870043e75e78545192bc70950c6286d36c7cdf23"><code>870043e</code></a> update release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/6df401ef2bb1d152313276add24cdfa860819751"><code>6df401e</code></a> update builder dependency</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01"><code>bd26122</code></a> check for entitiy expansion for lastEntities and html entities too</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/7e70dd8f758f3f494c4e14a281cea35b7d8d0d13"><code>7e70dd8</code></a> fix incorrect regex to replace . in entity name</li> <li>Additional commits viewable in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.4.1...v5.5.8">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 2.3.1 to 2.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>2.3.2</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>fix: exception when glob pattern contains constructor by <a href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's changelog</a>.</em></p> <blockquote> <h1>Release history</h1> <p><strong>All notable changes to this project will be documented in this file.</strong></p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <ul> <li>Changelogs are for humans, not machines.</li> <li>There should be an entry for every single version.</li> <li>The same types of changes should be grouped.</li> <li>Versions and sections should be linkable.</li> <li>The latest version comes first.</li> <li>The release date of each versions is displayed.</li> <li>Mention whether you follow Semantic Versioning.</li> </ul> <!-- raw HTML omitted --> <!-- raw HTML omitted --> <p>Changelog entries are classified using the following labels <em>(from <a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p> <ul> <li><code>Added</code> for new features.</li> <li><code>Changed</code> for changes in existing functionality.</li> <li><code>Deprecated</code> for soon-to-be removed features.</li> <li><code>Removed</code> for now removed features.</li> <li><code>Fixed</code> for any bug fixes.</li> <li><code>Security</code> in case of vulnerabilities.</li> </ul> <!-- raw HTML omitted --> <h2>4.0.0 (2024-02-07)</h2> <h3>Fixes</h3> <ul> <li>Fix bad text values in parse <a href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>, thanks to <a href="https://github.com/connor4312"><code>@connor4312</code></a></li> </ul> <h3>Changed</h3> <ul> <li>Remove process global to work outside of node <a href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>, thanks to <a href="https://github.com/styfle"><code>@styfle</code></a></li> <li>Add sideEffects to package.json <a href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>, thanks to <a href="https://github.com/frandiox"><code>@frandiox</code></a></li> <li>Removed <code>os</code>, make compatible browser environment. See <a href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>, thanks to <a href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li> </ul> <h2>3.0.1</h2> <h3>Fixes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a> Publish 2.3.2</li> <li><a href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a> from micromatch/backport-144</li> <li><a href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a> from Jason3S/jdent-object-properties</li> <li>See full diff in <a href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-26 17:02:52 -07:00
VariableVince	54a63ac481	Could help decrease icons disappearing: Update PixiJS (#3478 ) ## Description: Please put in next v30 update if possible. Upgrade [PixiJS from 8.11.0 to their newest version 8.17.1](https://github.com/pixijs/pixijs/releases) and pixi-filters too. This could help decrease occurance of this issue: https://github.com/openfrontio/OpenFrontIO/issues/2147 Checked "Behavior Change" in their release notes and we aren't touched by those. But some of the fixes, especially GC/memory leak, may help in reducing "dissappearing structure icons". Update to destroy() now using the new unload() could help too; we call destroy() directly on ghoststructures and its possibly called elsewhere under the surface too. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: tryout33	2026-03-20 12:26:35 -07:00
dependabot[bot]	e02553c9b8	Bump flatted from 3.3.3 to 3.4.2 in the npm_and_yarn group across 1 directory (#3476 ) Bumps the npm_and_yarn group with 1 update in the / directory: [flatted](https://github.com/WebReflection/flatted). Updates `flatted` from 3.3.3 to 3.4.2 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7"><code>3bf0909</code></a> 3.4.2</li> <li><a href="https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"><code>885ddcc</code></a> fix CWE-1321</li> <li><a href="https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3"><code>0bdba70</code></a> added flatted-view to the benchmark</li> <li><a href="https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20"><code>2a02dce</code></a> 3.4.1</li> <li><a href="https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416"><code>fba4e8f</code></a> Merge pull request <a href="https://redirect.github.com/WebReflection/flatted/issues/89">#89</a> from WebReflection/python-fix</li> <li><a href="https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7"><code>5fe8648</code></a> added "when in Rome" also a test for PHP</li> <li><a href="https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0"><code>53517ad</code></a> some minor improvement</li> <li><a href="https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f"><code>b3e2a0c</code></a> Fixing recursion issue in Python too</li> <li><a href="https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad"><code>c4b46db</code></a> Add SECURITY.md for security policy and reporting</li> <li><a href="https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988"><code>f86d071</code></a> Create dependabot.yml for version updates</li> <li>Additional commits viewable in <a href="https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=flatted&package-manager=npm_and_yarn&previous-version=3.3.3&new-version=3.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-19 22:27:38 -07:00
evanpelle	d4321ba81f	add intent based rate limits	2026-03-13 18:32:29 -07:00
dependabot[bot]	73ad08f0cf	Build(deps): bump dompurify from 3.2.6 to 3.3.2 in the npm_and_yarn group across 1 directory (#3365 ) Bumps the npm_and_yarn group with 1 update in the / directory: [dompurify](https://github.com/cure53/DOMPurify). Updates `dompurify` from 3.2.6 to 3.3.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.3.2</h2> <ul> <li>Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters</li> <li>Fixed a prototype pollution issue when working with custom elements, thanks <a href="https://github.com/christos-eth"><code>@christos-eth</code></a></li> <li>Fixed a lenient config parsing in <code>_isValidAttribute</code>, thanks <a href="https://github.com/christos-eth"><code>@christos-eth</code></a></li> <li>Bumped and removed several dependencies, thanks <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> <li>Fixed the test suite after bumping dependencies, thanks <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> </ul> <h2>DOMPurify 3.3.1</h2> <ul> <li>Updated <code>ADD_FORBID_CONTENTS</code> setting to extend default list, thanks <a href="https://github.com/MariusRumpf"><code>@MariusRumpf</code></a></li> <li>Updated the ESM import syntax to be more correct, thanks <a href="https://github.com/binhpv"><code>@binhpv</code></a></li> </ul> <h2>DOMPurify 3.3.0</h2> <ul> <li>Added the SVG <code>mask-type</code> attribute to default allow-list, thanks <a href="https://github.com/prasadrajandran"><code>@prasadrajandran</code></a></li> <li>Added support for <code>ADD_ATTR</code> and <code>ADD_TAGS</code> to accept functions, thanks <a href="https://github.com/nelstrom"><code>@nelstrom</code></a></li> <li>Fixed an issue with the <code>slot</code> element being in both SVG and HTML allow-list, thanks <a href="https://github.com/Wim-Valgaeren"><code>@Wim-Valgaeren</code></a></li> </ul> <h2>DOMPurify 3.2.7</h2> <ul> <li>Added new attributes and elements to default allow-list, thanks <a href="https://github.com/elrion018"><code>@elrion018</code></a></li> <li>Added <code>tagName</code> parameter to custom element <code>attributeNameCheck</code>, thanks <a href="https://github.com/nelstrom"><code>@nelstrom</code></a></li> <li>Added better check for animated <code>href</code> attributes, thanks <a href="https://github.com/llamakko"><code>@llamakko</code></a></li> <li>Updated and improved the bundled types, thanks <a href="https://github.com/ssi02014"><code>@ssi02014</code></a></li> <li>Updated several tests to better align with new browser encoding behaviors</li> <li>Improved the handling of potentially risky content inside CDATA elements, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> <li>Improved the regular expression for raw-text elements to cover textareas, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/5e56114cb24079ce52dbc51f76e494b77afa5153"><code>5e56114</code></a> Getting 3.x branch ready for 3.3.2 release (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1208">#1208</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/e8c95f4a27aa8b041f92b59ab7685a94f7be6208"><code>e8c95f4</code></a> fix: Fixed the broken package-lock.json</li> <li><a href="https://github.com/cure53/DOMPurify/commit/9636037c145b769dad0b52da8313301cbf867f46"><code>9636037</code></a> Update package-lock.json</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5cad4cecf2e647ac66eed25bc02a2415f00dbc8b"><code>5cad4ce</code></a> Getting 3.x branch ready for 3.3.2 releas (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1205">#1205</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6fc446a589ab3d1d72ae2a5b71167ba38dbd3096"><code>6fc446a</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1175">#1175</a> from cure53/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/3b3bf917d2b39460de6d130acebdc9243cf3e6ae"><code>3b3bf91</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li><a href="https://github.com/cure53/DOMPurify/commit/9863f4195bae6048de9eb2802219218c6904066c"><code>9863f41</code></a> chore: Preparing 3.3.1 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/b4e02954dc4172c3944a755f3e99fbb76be64f7b"><code>b4e0295</code></a> chore: Preparing 3.3.0 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/077746bb2cfb77836dfb628dca7ffc7ced8a5356"><code>077746b</code></a> build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1170">#1170</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/4de68bba9aba43dc3bba9348df603b64fc06d591"><code>4de68bb</code></a> build(deps): bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1171">#1171</a>)</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.2.6...3.3.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dompurify&package-manager=npm_and_yarn&previous-version=3.2.6&new-version=3.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-06 20:01:40 -08:00
dependabot[bot]	5594109641	Build(deps): bump fast-xml-parser from 5.3.6 to 5.4.1 in the npm_and_yarn group across 1 directory (#3347 ) Bumps the npm_and_yarn group with 1 update in the / directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser). Updates `fast-xml-parser` from 5.3.6 to 5.4.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's releases</a>.</em></p> <blockquote> <h2>Separate Builder</h2> <p>XML Builder was the part of <a href="https://github.com/NaturalIntelligence/fast-xml-builder">fast-xml-parser</a> for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.</p> <h2>Migration</h2> <p>To migrate to fast-xml-builder;</p> <p>From</p> <pre lang="js"><code>import { XMLBuilder } from "fast-xml-parser"; </code></pre> <p>To</p> <pre lang="js"><code>import XMLBuilder from "fast-xml-builder"; </code></pre> <p>XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.</p> <h2>support strictReservedNames</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.9...v5.3.9">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.9...v5.3.9</a></p> <h2>handle non-array input for XML builder && support maxNestedTags</h2> <ul> <li>support maxNestedTags</li> <li>handle non-array input for XML builder when preserveOrder is true (By <a href="https://github.com/Angelopvtac">Angelo Coetzee</a>)</li> <li>save use of js properies <strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.7...v5.3.8">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.7...v5.3.8</a></li> </ul> <h2>CJS typing fix</h2> <h2>What's Changed</h2> <ul> <li>Unexport <code>X2jOptions</code> at declaration site by <a href="https://github.com/Drarig29"><code>@Drarig29</code></a> in <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/pull/787">NaturalIntelligence/fast-xml-parser#787</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Drarig29"><code>@Drarig29</code></a> made their first contribution in <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/pull/787">NaturalIntelligence/fast-xml-parser#787</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.3.7">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.3.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p>Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion</p> <p><strong>5.4.2 / 2026-03-03</strong></p> <ul> <li>support maxEntityCount option</li> </ul> <p><strong>5.4.1 / 2026-02-25</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/785">#785</a>) unpairedTag node should not have tag content</li> </ul> <p><strong>5.4.0 / 2026-02-25</strong></p> <ul> <li>migrate to fast-xml-builder</li> </ul> <p><strong>5.3.9 / 2026-02-25</strong></p> <ul> <li>support strictReservedNames</li> </ul> <p><strong>5.3.8 / 2026-02-25</strong></p> <ul> <li>support maxNestedTags</li> <li>handle non-array input for XML builder when preserveOrder is true (By <a href="https://github.com/Angelopvtac">Angelo Coetzee</a>)</li> <li>save use of js properies</li> </ul> <p><strong>5.3.7 / 2026-02-20</strong></p> <ul> <li>fix typings for CJS (By <a href="https://github.com/Drarig29">Corentin Girard</a>)</li> </ul> <p><strong>5.3.6 / 2026-02-14</strong></p> <ul> <li>Improve security and performance of entity processing <ul> <li>new options <code>maxEntitySize</code>, <code>maxExpansionDepth</code>, <code>maxTotalExpansions</code>, <code>maxExpandedLength</code>, <code>allowedTags</code>,<code>tagFilter</code></li> <li>fast return when no edtity is present</li> <li>improvement replacement logic to reduce number of calls</li> </ul> </li> </ul> <p><strong>5.3.5 / 2026-02-08</strong></p> <ul> <li>fix: Escape regex char in entity name</li> <li>update strnum to 2.1.2</li> <li>add missing exports in CJS typings</li> </ul> <p><strong>5.3.4 / 2026-01-30</strong></p> <ul> <li>fix: handle HTML numeric and hex entities when out of range</li> </ul> <p><strong>5.3.3 / 2025-12-12</strong></p> <ul> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/775">#775</a>: transformTagName with allowBooleanAttributes adds an unnecessary attribute</li> </ul> <p><strong>5.3.2 / 2025-11-14</strong></p> <ul> <li>fix for import statement for v6</li> </ul> <p><strong>5.3.1 / 2025-11-03</strong></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/4e7ca80e788a23b07531ac2ff8906e5e9f4bf892"><code>4e7ca80</code></a> update release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/36023b496382717c82bd68863b3f95629d0c9311"><code>36023b4</code></a> fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/785">#785</a>) unpairedTag node should not have tag content</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/b3660266f53e383193ae152cde878d9b2db7240f"><code>b366026</code></a> separate builder</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/6f333a85693e20713fea2d733795fef7e11ac51c"><code>6f333a8</code></a> update release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/c3ffbab9e5a2bab9db65803933d0af656076fc33"><code>c3ffbab</code></a> support strictReservedNames</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/c692040f6b5f5045d38b66b1da04e4d3abc97052"><code>c692040</code></a> update release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/107e34c046d4997ee3b67a32d32eef52fe63edb2"><code>107e34c</code></a> avoid <code>{}</code> to create an empty object</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/60835a4c7279ddc349d192097fb41afa52930d8b"><code>60835a4</code></a> support maxNestedTags</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/f55657c2b1cf29b433124390c32acba45a5a67aa"><code>f55657c</code></a> avoid direct call to hasOwnProperty</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a"><code>c13a961</code></a> handle non-array input for XML builder when preserveOrder is true</li> <li>Additional commits viewable in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.4.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=fast-xml-parser&package-manager=npm_and_yarn&previous-version=5.3.6&new-version=5.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Evan <evanpelle@gmail.com>	2026-03-05 20:48:15 -08:00
dependabot[bot]	15f4f5e20a	Bump rollup from 4.54.0 to 4.59.0 in the npm_and_yarn group across 1 directory (#3319 ) Bumps the npm_and_yarn group with 1 update in the / directory: [rollup](https://github.com/rollup/rollup). Updates `rollup` from 4.54.0 to 4.59.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/releases">rollup's releases</a>.</em></p> <blockquote> <h2>v4.59.0</h2> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>v4.58.0</h2> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>v4.57.1</h2> <h2>4.57.1</h2> <p><em>2026-01-30</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix heap corruption issue in Windows (<a href="https://redirect.github.com/rollup/rollup/issues/6251">#6251</a>)</li> <li>Ensure exports of a dynamic import are fully included when called from a try...catch (<a href="https://redirect.github.com/rollup/rollup/issues/6254">#6254</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6251">#6251</a>: fix: Isolate and cache <code>process.report.getReport()</code> calls in a child process for robust environment detection (<a href="https://github.com/alan-agius4"><code>@alan-agius4</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rollup/rollup/blob/master/CHANGELOG.md">rollup's changelog</a>.</em></p> <blockquote> <h2>4.59.0</h2> <p><em>2026-02-22</em></p> <h3>Features</h3> <ul> <li>Throw when the generated bundle contains paths that would leave the output directory (<a href="https://redirect.github.com/rollup/rollup/issues/6276">#6276</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6275">#6275</a>: Validate bundle stays within output dir (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>4.58.0</h2> <p><em>2026-02-20</em></p> <h3>Features</h3> <ul> <li>Also support <code>__NO_SIDE_EFFECTS__</code> annotation before variable declarations declaring function expressions (<a href="https://redirect.github.com/rollup/rollup/issues/6272">#6272</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6256">#6256</a>: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (<a href="https://github.com/njg7194"><code>@njg7194</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6259">#6259</a>: docs: Correct typo and improve sentence structure in docs for <code>output.experimentalMinChunkSize</code> (<a href="https://github.com/millerick"><code>@millerick</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6260">#6260</a>: fix(deps): update rust crate swc_compiler_base to v47 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6261">#6261</a>: fix(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6262">#6262</a>: Avoid unnecessary cloning of the code string (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6263">#6263</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6265">#6265</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6267">#6267</a>: fix(deps): update minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6268">#6268</a>: chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6269">#6269</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6270">#6270</a>: chore(deps): lock file maintenance (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6272">#6272</a>: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <h2>4.57.1</h2> <p><em>2026-01-30</em></p> <h3>Bug Fixes</h3> <ul> <li>Fix heap corruption issue in Windows (<a href="https://redirect.github.com/rollup/rollup/issues/6251">#6251</a>)</li> <li>Ensure exports of a dynamic import are fully included when called from a try...catch (<a href="https://redirect.github.com/rollup/rollup/issues/6254">#6254</a>)</li> </ul> <h3>Pull Requests</h3> <ul> <li><a href="https://redirect.github.com/rollup/rollup/pull/6251">#6251</a>: fix: Isolate and cache <code>process.report.getReport()</code> calls in a child process for robust environment detection (<a href="https://github.com/alan-agius4"><code>@alan-agius4</code></a>, <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6252">#6252</a>: chore(deps): update dependency lru-cache to v11 (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot])</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6253">#6253</a>: chore(deps): lock file maintenance minor/patch updates (<a href="https://github.com/renovate"><code>@renovate</code></a>[bot], <a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> <li><a href="https://redirect.github.com/rollup/rollup/pull/6254">#6254</a>: Fully include dynamic imports in a try-catch (<a href="https://github.com/lukastaegert"><code>@lukastaegert</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rollup/rollup/commit/ae846957f109690a866cc3e4c073613c338d3476"><code>ae84695</code></a> 4.59.0</li> <li><a href="https://github.com/rollup/rollup/commit/b39616e9175b3d9fc3977c99153174c490805a93"><code>b39616e</code></a> Update audit-resolve</li> <li><a href="https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"><code>c60770d</code></a> Validate bundle stays within output dir (<a href="https://redirect.github.com/rollup/rollup/issues/6275">#6275</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/33f39c1f205ea2eadaf4b589e493453e2baa3662"><code>33f39c1</code></a> 4.58.0</li> <li><a href="https://github.com/rollup/rollup/commit/b61c40803b717854c1c28937e8098e5ad3c7b8ca"><code>b61c408</code></a> forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...</li> <li><a href="https://github.com/rollup/rollup/commit/7f00689ec90e2cafb11c26eefbcac62343c936f6"><code>7f00689</code></a> Extend agent instructions</li> <li><a href="https://github.com/rollup/rollup/commit/e7b2b85af0901244ecc141b9d792c6db6b527ea4"><code>e7b2b85</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/rollup/rollup/issues/6270">#6270</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/2aa5da9baf82211b8207d268c8751630cb766970"><code>2aa5da9</code></a> fix(deps): update minor/patch updates (<a href="https://redirect.github.com/rollup/rollup/issues/6267">#6267</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/4319837c5448d0c10d89e9ded118888deec2eeec"><code>4319837</code></a> chore(deps): update dependency lru-cache to v11 (<a href="https://redirect.github.com/rollup/rollup/issues/6269">#6269</a>)</li> <li><a href="https://github.com/rollup/rollup/commit/c3b6b4bdc4f2ed978fa233132a526957e6513233"><code>c3b6b4b</code></a> chore(deps): update dependency eslint-plugin-unicorn to v63 (<a href="https://redirect.github.com/rollup/rollup/issues/6268">#6268</a>)</li> <li>Additional commits viewable in <a href="https://github.com/rollup/rollup/compare/v4.54.0...v4.59.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rollup&package-manager=npm_and_yarn&previous-version=4.54.0&new-version=4.59.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-01 20:18:18 -08:00
dependabot[bot]	4aa0f174ad	Bump minimatch from 3.1.3 to 3.1.5 in the npm_and_yarn group across 1 directory (#3307 ) Bumps the npm_and_yarn group with 1 update in the / directory: [minimatch](https://github.com/isaacs/minimatch). Updates `minimatch` from 3.1.3 to 3.1.5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712"><code>7bba978</code></a> 3.1.5</li> <li><a href="https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d"><code>bd25942</code></a> docs: add warning about ReDoS</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d"><code>1a9c27c</code></a> fix partial matching of globstar patterns</li> <li><a href="https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23"><code>1a2e084</code></a> 3.1.4</li> <li><a href="https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47"><code>ae24656</code></a> update lockfile</li> <li><a href="https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e"><code>b100374</code></a> limit recursion for **, improve perf considerably</li> <li><a href="https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13"><code>26ffeaa</code></a> lockfile update</li> <li><a href="https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb"><code>9eca892</code></a> lock node version to 14</li> <li>See full diff in <a href="https://github.com/isaacs/minimatch/compare/v3.1.3...v3.1.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=minimatch&package-manager=npm_and_yarn&previous-version=3.1.3&new-version=3.1.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-01 20:13:04 -08:00
dependabot[bot]	e39140733b	Bump minimatch from 3.1.2 to 3.1.3 in the npm_and_yarn group across 1 directory (#3294 ) Bumps the npm_and_yarn group with 1 update in the / directory: [minimatch](https://github.com/isaacs/minimatch). Updates `minimatch` from 3.1.2 to 3.1.3 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a"><code>00c323b</code></a> 3.1.3</li> <li><a href="https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b"><code>30486b2</code></a> update CI matrix and actions</li> <li><a href="https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802"><code>9c31b2d</code></a> update test expectations for coalesced consecutive stars</li> <li><a href="https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96"><code>46fe687</code></a> coalesce consecutive non-globstar * characters</li> <li><a href="https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd"><code>5a9ccbd</code></a> [meta] update publishConfig.tag to legacy-v3</li> <li>See full diff in <a href="https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=minimatch&package-manager=npm_and_yarn&previous-version=3.1.2&new-version=3.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-24 21:28:26 -06:00
evanpelle	9b96b07820	test: add vitest-canvas-mock for local canvas support Fixes UILayer tests failing locally due to the native canvas package not being compiled. vitest-canvas-mock provides a jsdom-compatible Canvas 2D API mock without requiring native build tools.	2026-02-24 15:59:14 -06:00
dependabot[bot]	6ed203529b	Bump fast-xml-parser from 5.3.4 to 5.3.6 in the npm_and_yarn group across 1 directory (#3266 ) Bumps the npm_and_yarn group with 1 update in the / directory: [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser). Updates `fast-xml-parser` from 5.3.4 to 5.3.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's releases</a>.</em></p> <blockquote> <h2>Entity security and performance</h2> <ul> <li>Improve security and performance of entity processing <ul> <li>new options <code>maxEntitySize</code>, <code>maxExpansionDepth</code>, <code>maxTotalExpansions</code>, <code>maxExpandedLength</code>, <code>allowedTags</code>,<code>tagFilter</code></li> <li>fast return when no edtity is present</li> <li>improvement replacement logic to reduce number of calls</li> <li></li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.5...v5.3.6">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.5...v5.3.6</a></p> <h2>v5.3.5</h2> <h2>What's Changed</h2> <ul> <li>Add missing exports to fxp commonjs types by <a href="https://github.com/jeremymeng"><code>@jeremymeng</code></a> in <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/pull/782">NaturalIntelligence/fast-xml-parser#782</a></li> <li>fix: Escape regex char in entity name</li> <li>update strnum to 2.1.2</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jeremymeng"><code>@jeremymeng</code></a> made their first contribution in <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/pull/782">NaturalIntelligence/fast-xml-parser#782</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.4...v5.3.5">https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.4...v5.3.5</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p><!-- raw HTML omitted -->Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.<!-- raw HTML omitted --></p> <p>5.3.7 <strong>5.3.7 / 2026-02-20</strong></p> <ul> <li>fix typings for CJS (By <a href="https://github.com/Drarig29">Corentin Girard</a>)</li> </ul> <p><strong>5.3.6 / 2026-02-14</strong></p> <ul> <li>Improve security and performance of entity processing <ul> <li>new options <code>maxEntitySize</code>, <code>maxExpansionDepth</code>, <code>maxTotalExpansions</code>, <code>maxExpandedLength</code>, <code>allowedTags</code>,<code>tagFilter</code></li> <li>fast return when no edtity is present</li> <li>improvement replacement logic to reduce number of calls</li> </ul> </li> </ul> <p><strong>5.3.5 / 2026-02-08</strong></p> <ul> <li>fix: Escape regex char in entity name</li> <li>update strnum to 2.1.2</li> <li>add missing exports in CJS typings</li> </ul> <p><strong>5.3.4 / 2026-01-30</strong></p> <ul> <li>fix: handle HTML numeric and hex entities when out of range</li> </ul> <p><strong>5.3.3 / 2025-12-12</strong></p> <ul> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/775">#775</a>: transformTagName with allowBooleanAttributes adds an unnecessary attribute</li> </ul> <p><strong>5.3.2 / 2025-11-14</strong></p> <ul> <li>fix for import statement for v6</li> </ul> <p><strong>5.3.1 / 2025-11-03</strong></p> <ul> <li>Performance improvement for stopNodes (By <a href="https://github.com/macieklamberski">Maciek Lamberski</a>)</li> </ul> <p><strong>5.3.0 / 2025-10-03</strong></p> <ul> <li>Use <code>Uint8Array</code> in place of <code>Buffer</code> in Parser</li> </ul> <p><strong>5.2.5 / 2025-06-08</strong></p> <ul> <li>Inform user to use <a href="https://github.com/NaturalIntelligence/fxp-cli">fxp-cli</a> instead of in-built CLI feature</li> <li>Export typings for direct use</li> </ul> <p><strong>5.2.4 / 2025-06-06</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/747">#747</a>): fix EMPTY and ANY with ELEMENT in DOCTYPE</li> </ul> <p><strong>5.2.3 / 2025-05-11</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/747">#747</a>): support EMPTY and ANY with ELEMENT in DOCTYPE</li> </ul> <p><strong>5.2.2 / 2025-05-05</strong></p> <ul> <li>fix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/746">#746</a>): update strnum to fix parsing issues related to enotations</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/ecb2ca118ad3d6c62f2cc90416b58da24db5d18b"><code>ecb2ca1</code></a> update release info</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77"><code>910dae5</code></a> fix entities performance & security issues</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/fe9a85270122036ae22637167ce38a5f71b73a5f"><code>fe9a852</code></a> update strnum and release detail</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e"><code>943ef0e</code></a> fix: Escape regex char in entity name</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69"><code>ddcd0ac</code></a> Escape regex char in entity name</li> <li><a href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/341b582219b1eb57e4c34ca58881602cba6b8711"><code>341b582</code></a> Add missing exports to fxp commonjs types (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/782">#782</a>)</li> <li>See full diff in <a href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.4...v5.3.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=fast-xml-parser&package-manager=npm_and_yarn&previous-version=5.3.4&new-version=5.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-21 21:06:07 -06:00
dependabot[bot]	68ff2773fc	Bump qs from 6.14.1 to 6.14.2 in the npm_and_yarn group across 1 directory (#3204 ) Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs). Updates `qs` from 6.14.1 to 6.14.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.2</strong></h2> <ul> <li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li> <li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li> <li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li> <li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>[actions] fix rebase workflow permissions</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b"><code>bdcf0c7</code></a> v6.14.2</li> <li><a href="https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2"><code>294db90</code></a> [readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output</li> <li><a href="https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6"><code>5c308e5</code></a> [readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation</li> <li><a href="https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc"><code>6addf8c</code></a> [Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code></li> <li><a href="https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf"><code>cfc108f</code></a> [Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/`pars...</li> <li><a href="https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77"><code>febb644</code></a> [Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when `thr...</li> <li><a href="https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482"><code>f6a7abf</code></a> [Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li><a href="https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a"><code>fbc5206</code></a> [Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove e...</li> <li><a href="https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a"><code>1b9a8b4</code></a> [actions] fix rebase workflow permissions</li> <li><a href="https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda"><code>2a35775</code></a> [meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=qs&package-manager=npm_and_yarn&previous-version=6.14.1&new-version=6.14.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-16 11:32:16 -08:00
evanpelle	f051bd8a1b	Merge branch 'v29'	2026-02-09 12:54:34 -08:00
evanpelle	9a4742f378	update package-lock.json	2026-02-03 20:30:27 -08:00
Ryan	106938c395	Add Ranked 1v1 Leaderboard (#3008 ) If this PR fixes an issue, link it below. If not, delete these two lines. Resolves #(issue number) @wraith4081 's pr updates the stats modal to show both 1v1 and clan stats - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced regression is found: w.o.n --------- Co-authored-by: Wraith <54374743+wraith4081@users.noreply.github.com> Co-authored-by: iamlewis <lewismmmm@gmail.com>	2026-02-01 15:02:43 -08:00
Ryan	e4280c28e1	Add Ranked 1v1 Leaderboard (#3008 ) If this PR fixes an issue, link it below. If not, delete these two lines. Resolves #(issue number) ## Description: @wraith4081 's pr updates the stats modal to show both 1v1 and clan stats ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: w.o.n --------- Co-authored-by: Wraith <54374743+wraith4081@users.noreply.github.com> Co-authored-by: iamlewis <lewismmmm@gmail.com>	2026-02-01 14:58:54 -08:00
dependabot[bot]	d4e09644b0	Bump lodash from 4.17.21 to 4.17.23 in the npm_and_yarn group across 1 directory (#3006 ) Bumps the npm_and_yarn group with 1 update in the / directory: [lodash](https://github.com/lodash/lodash). Updates `lodash` from 4.17.21 to 4.17.23 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/dec55b7a3b382da075e2eac90089b4cd00a26cbb"><code>dec55b7</code></a> Bump main to v4.17.23 (<a href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/19c9251b3631d7cf220b43bc757eb33f1084f117"><code>19c9251</code></a> fix: setCacheHas JSDoc return type should be boolean (<a href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b5e672995ae26929d111a6e94589f8d03fb8e578"><code>b5e6729</code></a> jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81"><code>edadd45</code></a> Prevent prototype pollution on baseUnset function</li> <li><a href="https://github.com/lodash/lodash/commit/4879a7a7d0a4494b0e83c7fa21bcc9fc6e7f1a6d"><code>4879a7a</code></a> doc: fix autoLink function, conversion of source links (<a href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/9648f692b0fc7c2f6a7a763d754377200126c2e8"><code>9648f69</code></a> chore: remove <code>yarn.lock</code> file (<a href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/dfa407db0bf5b200f2c7a9e4f06830ceaf074be9"><code>dfa407d</code></a> ci: remove legacy configuration files (<a href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/156e1965ae78b121a88f81178ab81632304e8d64"><code>156e196</code></a> feat: add renovate setup (<a href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/933e1061b8c344d3fc742cdc400175d5ffc99bce"><code>933e106</code></a> ci: add pipeline for Bun (<a href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/072a807ff7ad8ffc7c1d2c3097266e815d138e20"><code>072a807</code></a> docs: update links related to Open JS Foundation (<a href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.21&new-version=4.17.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-23 12:38:30 -08:00
dependabot[bot]	4e4e1799d7	Bump diff from 4.0.2 to 4.0.4 in the npm_and_yarn group across 1 directory (#2976 ) Bumps the npm_and_yarn group with 1 update in the / directory: [diff](https://github.com/kpdecker/jsdiff). Updates `diff` from 4.0.2 to 4.0.4 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5"><code>f06f3e4</code></a> v4.0.4</li> <li><a href="https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75"><code>0179a48</code></a> v4.0.3</li> <li><a href="https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683"><code>4568cae</code></a> Backport <a href="https://redirect.github.com/kpdecker/jsdiff/pull/649">kpdecker/jsdiff#649</a></li> <li><a href="https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a"><code>4de0ffa</code></a> Backport <a href="https://redirect.github.com/kpdecker/jsdiff/pull/647">kpdecker/jsdiff#647</a></li> <li>See full diff in <a href="https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~explodingcabbage">explodingcabbage</a>, a new releaser for diff since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=diff&package-manager=npm_and_yarn&previous-version=4.0.2&new-version=4.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-20 19:16:26 -08:00
Ryan	247c78151c	Discord(et al.) embedded URLs (#2740 ) ## Description: Changes URL embeds within other platforms, e.g. Discord, WhatsApp & X. Updates game URLs to `/game/<code>` instead of `/#join=<code>` (required for embedded URLs). An added benefit of this is that you would be able to change a url from `openfront.io/game/RQDUy8nP?replay` to `api.openfront.io/game/RQDUy8nP?replay` (add api. In front) and be in the right place for the API data. Updates URLs when joining/leaving private lobbies Appends a random string to the end of the URL when inside a private lobby and options change - this is to force discord to update the embedded details. Updates URL in different game states to ?lobby / ?live and ?replay. These do nothing other than being used as a _cache-busting_ solution. ----------------------------------------------- ### Lobby Info Discord: <img width="556" height="487" alt="image" src="https://github.com/user-attachments/assets/efd4a06d-506c-4036-9403-ee7c9a669e21" /> WhatsApp: <img width="353" height="339" alt="image" src="https://github.com/user-attachments/assets/3b2d0c69-988c-424f-9dee-f4e6a6868f6b" /> x.com: <img width="588" height="325" alt="image" src="https://github.com/user-attachments/assets/d9e78169-20be-4a3e-8df4-8ad41d08a750" /> ------------------------- ### Game Win Details Discord: <img width="506" height="468" alt="image" src="https://github.com/user-attachments/assets/69947774-c943-4a50-b470-5634ed3bf3d7" /> WhatsApp: <img width="770" height="132" alt="image" src="https://github.com/user-attachments/assets/eec28bf8-bf64-4ab8-954e-03dfdd1aae40" /> x.com <img width="584" height="350" alt="image" src="https://github.com/user-attachments/assets/168063e2-b707-422b-b7a1-0025f3ebeb92" /> ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: w.o.n	2026-01-13 19:48:00 -08:00
Evan	a77c6c3d9d	Inject server env vars into index.html, including instance id (#2888 ) ## Description: Should fix the broken 1v1 on staging. The issue was that we had multiple staging environments, and the matchmaker would often route a player to a game on a different staging server, so the client couldn't find the game. So now each deployment has a unique id, and the matchmaker only connects players & servers that have the same instance id. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I process any text displayed to the user through translateText() and I've added it to the en.json file - [x] I have added relevant tests to the test directory - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: evan	2026-01-13 13:03:58 -08:00
evanpelle	a7714cd798	add canvas dev dependency to fix failing UI test	2026-01-12 09:03:34 -08:00
dependabot[bot]	9c7709ccb5	Bump the npm_and_yarn group across 1 directory with 2 updates (#2830 ) Bumps the npm_and_yarn group with 2 updates in the / directory: [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) and [qs](https://github.com/ljharb/qs). Updates `@smithy/config-resolver` from 4.1.4 to 4.4.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/smithy-lang/smithy-typescript/releases"><code>@smithy/config-resolver</code>'s releases</a>.</em></p> <blockquote> <h2><code>@smithy/config-resolver</code><a href="https://github.com/4"><code>@4</code></a>.4.5</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [9ccb841] <ul> <li><code>@smithy/types</code><a href="https://github.com/4"><code>@4</code></a>.11.0</li> <li><code>@smithy/node-config-provider</code><a href="https://github.com/4"><code>@4</code></a>.3.7</li> <li><code>@smithy/util-endpoints</code><a href="https://github.com/3"><code>@3</code></a>.2.7</li> <li><code>@smithy/util-middleware</code><a href="https://github.com/4"><code>@4</code></a>.2.7</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md"><code>@smithy/config-resolver</code>'s changelog</a>.</em></p> <blockquote> <h2>4.4.5</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [9ccb841] <ul> <li><code>@smithy/types</code><a href="https://github.com/4"><code>@4</code></a>.11.0</li> <li><code>@smithy/node-config-provider</code><a href="https://github.com/4"><code>@4</code></a>.3.7</li> <li><code>@smithy/util-endpoints</code><a href="https://github.com/3"><code>@3</code></a>.2.7</li> <li><code>@smithy/util-middleware</code><a href="https://github.com/4"><code>@4</code></a>.2.7</li> </ul> </li> </ul> <h2>4.4.4</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [5a56762] <ul> <li><code>@smithy/types</code><a href="https://github.com/4"><code>@4</code></a>.10.0</li> <li><code>@smithy/node-config-provider</code><a href="https://github.com/4"><code>@4</code></a>.3.6</li> <li><code>@smithy/util-endpoints</code><a href="https://github.com/3"><code>@3</code></a>.2.6</li> <li><code>@smithy/util-middleware</code><a href="https://github.com/4"><code>@4</code></a>.2.6</li> </ul> </li> </ul> <h2>4.4.3</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [3926fd7] <ul> <li><code>@smithy/types</code><a href="https://github.com/4"><code>@4</code></a>.9.0</li> <li><code>@smithy/node-config-provider</code><a href="https://github.com/4"><code>@4</code></a>.3.5</li> <li><code>@smithy/util-endpoints</code><a href="https://github.com/3"><code>@3</code></a>.2.5</li> <li><code>@smithy/util-middleware</code><a href="https://github.com/4"><code>@4</code></a>.2.5</li> </ul> </li> </ul> <h2>4.4.2</h2> <h3>Patch Changes</h3> <ul> <li>372b46f: allow * region with warning</li> </ul> <h2>4.4.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [6da0ab3] <ul> <li><code>@smithy/types</code><a href="https://github.com/4"><code>@4</code></a>.8.1</li> <li><code>@smithy/node-config-provider</code><a href="https://github.com/4"><code>@4</code></a>.3.4</li> <li><code>@smithy/util-endpoints</code><a href="https://github.com/3"><code>@3</code></a>.2.4</li> <li><code>@smithy/util-middleware</code><a href="https://github.com/4"><code>@4</code></a>.2.4</li> </ul> </li> </ul> <h2>4.4.0</h2> <h3>Minor Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/521d67c38f8928c514d1fcea3fc08e40c2300513"><code>521d67c</code></a> Version NPM packages</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/8b90f360df2a5c80c105db732b3c2f6972994854"><code>8b90f36</code></a> Version NPM packages</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/cc0124e69e2d6943f0960854bcc3abf2defd2c20"><code>cc0124e</code></a> Version NPM packages</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/07f95d95712b511256b542c4dfa368bd70580be8"><code>07f95d9</code></a> Version NPM packages</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/372b46fb0751e6e61cdfccee1fa7e6a531cf6aa4"><code>372b46f</code></a> fix(config-resolver): allow asterisk region with warning (<a href="https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/1760">#1760</a>)</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/472a5ea035237e10c560ed362c0e0105805ad26f"><code>472a5ea</code></a> Version NPM packages</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/8af2d330260513d3e51c98f1f137793b5330ceb4"><code>8af2d33</code></a> Version NPM packages</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/13c5cd95b682c9252e6cf15b771b5decdc860729"><code>13c5cd9</code></a> chore(config-resolver): add region validation cache (<a href="https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/1750">#1750</a>)</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/f7c7b8249fa91391f73f62fb4237e5436c61be41"><code>f7c7b82</code></a> Version NPM packages</li> <li><a href="https://github.com/smithy-lang/smithy-typescript/commit/9fb748e02081659c1aa523cdab64621467eddbf6"><code>9fb748e</code></a> Version NPM packages</li> <li>Additional commits viewable in <a href="https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@4.4.5/packages/config-resolver">compare view</a></li> </ul> </details> <br /> Updates `qs` from 6.13.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> <li>[Tests] <code>utils.merge</code>: add some coverage</li> <li>[Tests] fix a test case</li> <li>[actions] split out node 10-20, and 20+</li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>mock-property</code>, <code>object-inspect</code>, <code>tape</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a> v6.14.1</li> <li><a href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a> [Dev Deps] update <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a> [Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li><a href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a> [Refactor] <code>parse</code>: extract key segment splitting helper</li> <li><a href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a> [eslint] add eslint 9 optional peer dep</li> <li><a href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a> [actions] add workflow permissions</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-08 19:23:34 -08:00
Wraith	e79c805804	refactor(ui): migrate tailwindcss v3 to v4 (#2735 ) ## Description: migrate tailwindcss v3 to v4 ## Please complete the following: - [X] I have added screenshots for all UI updates - [X] I process any text displayed to the user through translateText() and I've added it to the en.json file - [X] I have added relevant tests to the test directory - [X] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced ## Please put your Discord username so you can be contacted if a bug or regression is found: wraith4081 --------- Co-authored-by: iamlewis <lewismmmm@gmail.com> Co-authored-by: Ryan <7389646+ryanbarlow97@users.noreply.github.com>	2026-01-06 14:21:52 -08:00
dependabot[bot]	d9ccb0ea16	Bump qs from 6.13.0 to 6.14.1 in the npm_and_yarn group across 1 directory (#2753 ) Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs). Updates `qs` from 6.13.0 to 6.14.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.1</strong></h2> <ul> <li>[Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li> <li>[Refactor] <code>parse</code>: extract key segment splitting helper</li> <li>[meta] add threat model</li> <li>[actions] add workflow permissions</li> <li>[Tests] <code>stringify</code>: increase coverage</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li> </ul> <h2><strong>6.14.0</strong></h2> <ul> <li>[New] <code>parse</code>: add <code>throwOnParameterLimitExceeded</code> option (<a href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li> <li>[Refactor] <code>parse</code>: use <code>utils.combine</code> more</li> <li>[patch] <code>parse</code>: add explicit <code>throwOnLimitExceeded</code> default</li> <li>[actions] use shared action; re-add finishers</li> <li>[meta] Fix changelog formatting bug</li> <li>[Deps] update <code>side-channel</code></li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>has-bigints</code>, <code>has-proto</code>, <code>has-symbols</code></li> <li>[Tests] increase coverage</li> </ul> <h2><strong>6.13.1</strong></h2> <ul> <li>[Fix] <code>stringify</code>: avoid a crash when a <code>filter</code> key is <code>null</code></li> <li>[Fix] <code>utils.merge</code>: functions should not be stringified into keys</li> <li>[Fix] <code>parse</code>: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset</li> <li>[Fix] <code>stringify</code>: ensure a non-string <code>filter</code> does not crash</li> <li>[Refactor] use <code>__proto__</code> syntax instead of <code>Object.create</code> for null objects</li> <li>[Refactor] misc cleanup</li> <li>[Tests] <code>utils.merge</code>: add some coverage</li> <li>[Tests] fix a test case</li> <li>[actions] split out node 10-20, and 20+</li> <li>[Dev Deps] update <code>es-value-fixtures</code>, <code>mock-property</code>, <code>object-inspect</code>, <code>tape</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a> v6.14.1</li> <li><a href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a> [Dev Deps] update <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a> [Fix] ensure arrayLength applies to <code>[]</code> notation as well</li> <li><a href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a> [Refactor] <code>parse</code>: extract key segment splitting helper</li> <li><a href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a> [eslint] add eslint 9 optional peer dep</li> <li><a href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code></li> <li><a href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a> [actions] add workflow permissions</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=qs&package-manager=npm_and_yarn&previous-version=6.13.0&new-version=6.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openfrontio/OpenFrontIO/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-02 16:22:31 -08:00
evanpelle	550b644a40	update browserlist	2026-01-01 14:28:17 -08:00
evanpelle	f5f89e4aa7	Merge branch 'v28'	2026-01-01 14:25:45 -08:00

1 2 3

139 Commits