Bump the npm_and_yarn group across 8 directories with 11 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /Extensions/WikiPDFExport/WikiPDFExportTask/WikiPDFExportTaskV3 directory:

Package	From	To
simple-git	3.23.0	3.32.3
brace-expansion	1.1.11	1.1.12
brace-expansion	2.0.1	2.0.2
braces	3.0.2	3.0.3
form-data	2.5.1	2.5.5
js-yaml	3.14.1	3.14.2
minimatch	3.0.5	3.1.5

Bumps the npm_and_yarn group with 2 updates in the /Extensions/WikiPDFExport/WikiPDFExportTask/WikiPDFExportTaskV4 directory: simple-git and minimatch.
Bumps the npm_and_yarn group with 6 updates in the /Extensions/WikiUpdater/WikiFolderUpdaterTask/WikiFolderUpdaterTaskV2 directory:

Package	From	To
simple-git	3.16.0	3.32.3
brace-expansion	1.1.11	1.1.12
brace-expansion	2.0.1	2.0.2
braces	3.0.2	3.0.3
form-data	2.5.1	2.5.5
js-yaml	3.14.1	3.14.2
micromatch	4.0.5	4.0.8

Bumps the npm_and_yarn group with 1 update in the /Extensions/WikiUpdater/WikiFolderUpdaterTask/WikiFolderUpdaterTaskV3 directory: simple-git.
Bumps the npm_and_yarn group with 8 updates in the /Extensions/WikiUpdater/WikiUpdaterTask/WikiUpdaterTaskV2 directory:

Package	From	To
simple-git	3.24.0	3.32.3
brace-expansion	1.1.11	1.1.12
brace-expansion	2.0.1	2.0.2
braces	3.0.2	3.0.3
js-yaml	3.13.1	3.14.2
minimatch	3.0.4	3.1.5
minimist	1.2.5	1.2.8
path-parse	1.0.6	1.0.7
micromatch	4.0.5	4.0.8

Bumps the npm_and_yarn group with 2 updates in the /Extensions/WikiUpdater/WikiUpdaterTask/WikiUpdaterTaskV3 directory: simple-git and minimatch.
Bumps the npm_and_yarn group with 1 update in the /Extensions/XplatGenerateReleaseNotes/XplatGenerateReleaseNotesTask directory: minimatch.
Bumps the npm_and_yarn group with 7 updates in the /Tools/GetAPIJsonPayloads directory:

Package	From	To
brace-expansion	1.1.11	1.1.12
braces	3.0.2	3.0.3
js-yaml	3.14.1	3.14.2
minimatch	3.1.2	3.1.5
serialize-javascript	6.0.0	6.0.2
micromatch	4.0.4	4.0.8
webpack	5.76.1	5.105.4

Updates simple-git from 3.23.0 to 3.32.3

Release notes

Sourced from simple-git's releases.

simple-git@3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

simple-git@3.32.2

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

simple-git@3.32.1

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

simple-git@3.32.0

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

simple-git@3.31.1

Patch Changes

• a44184f: Resolve NPM publish steps

simple-git@3.30.0

Minor Changes

• bc77774: Correctly identify current branch name when using git.status in a cloned empty repo.

  Previously git.status would report the current branch name as No. Thank you to @​MaddyGuthridge for identifying this issue.

simple-git@3.28.0

Minor Changes

• 2adf47d: Allow repeating git options like {'--opt': ['value1', 'value2']}

simple-git@3.27.0

Minor Changes

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

3.32.2

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

3.32.1

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

3.32.0

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

3.31.1

Patch Changes

• a44184f: Resolve NPM publish steps

3.31.0

Minor Changes

• 22dc93f: Custom binary plugin should support the use of ~ character, used by Windows to shorten long folder names and folder names that have spaces in them (eg: C:\Program Files might become C:\PROGRA~1).

  Thanks to @​skyshineb for reporting this issue.

... (truncated)

Commits

• a1170e5 Version Packages
• f704208 In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...
• 4bb2081 Version Packages
• 7ae7537 Match tokens to word boundary
• c47ad10 Lint
• 8d02097 Enhanced clone switch detection
• f6909a5 Remove test timeout override
• 7740626 Update plugin.unsafe.spec.ts
• b562a6c Version Packages
• 23b070f Fix regex for CLONE_OPTIONS constant (#1122)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for simple-git since your current version.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates form-data from 2.5.1 to 2.5.5

Release notes

Sourced from form-data's releases.

v2.5.2

Fixes

• Buffer.from and Buffer.alloc require node 4+
• npmignore temporary build files (#532)
• move util.isArray to Array.isArray (#564)

Tests

• migrate from travis to GHA

Changelog

Sourced from form-data's changelog.

v2.5.5 - 2025-07-18

Commits

• [meta] actually ensure the readme backup isn’t published 10626c0
• [Fix] use proper dependency 026abe5

v2.5.4 - 2025-07-17

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] update linting config 8bf2492
• [meta] add auto-changelog b5101ad
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 0e93122
• [Fix] Switch to using crypto random for boundary values b88316c
• [Fix] validate boundary type in setBoundary() method 131ae5e
• [Tests] Switch to newer v8 prediction library; enable node 24 testing c97cfbe
• [Refactor] use hasown 97ac9c2
• [meta] remove local commit hooks be99d4e
• [Dev Deps] remove unused deps ddbc89b
• [meta] fix scripts to use prepublishOnly e351a97
• [Dev Deps] remove unused script 8f23366
• [Dev Deps] add missing peer dep 02ff026
• [meta] fix readme capitalization 2fd5f61

v2.5.3 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

Commits

• [Refactor] use Object.prototype.hasOwnProperty.call 6e682d4
• [Dev Deps] update @types/node, browserify, coveralls, eslint, formidable, in-publish, phantomjs-prebuilt, pkgfiles, pre-commit, request, tape, typescript 819f6b7
• Only apps should have lockfiles b170ee2
• [Deps] update combined-stream, mime-types 6b1ca1d
• Bumped version 2.5.3 9457283
• [Dev Deps] pin request which via tough-cookie ^2.4 depends on psl 9dbe192

v2.5.2 - 2024-10-10

... (truncated)

Commits

• 40de5a7 v2.5.5
• 026abe5 [Fix] use proper dependency
• 10626c0 [meta] actually ensure the readme backup isn’t published
• efe6c26 v2.5.4
• c97cfbe [Tests] Switch to newer v8 prediction library; enable node 24 testing
• 0e93122 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
• b88316c [Fix] Switch to using crypto random for boundary values
• b70869d [Fix] append: avoid a crash on nullish values
• 131ae5e [Fix] validate boundary type in setBoundary() method
• 8bf2492 [eslint] update linting config
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates minimatch from 3.0.5 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

• fix: serialize URL string contents to prevent XSS (#173) f27d65d
• Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0
• docs: update readme with URL support (#146) 0d88527
• chore: update node version and lock file e2a3a91
• fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Bump mocha from 9.0.1 to 9.0.2 by @​dependabot in yahoo/serialize-javascript#126
• Bump mocha from 9.0.2 to 9.0.3 by @​dependabot in yahoo/serialize-javascript#127
• Bump path-parse from 1.0.6 to 1.0.7 by @​dependabot in yahoo/serialize-javascript#129
• Bump mocha from 9.0.3 to 9.1.0 by @​dependabot in yahoo/serialize-javascript#130
• Bump mocha from 9.1.0 to 9.1.1 by @​dependabot in yahoo/serialize-javascript#131
• Bump mocha from 9.1.1 to 9.1.2 by @​dependabot in yahoo/serialize-javascript#132
• Bump mocha from 9.1.2 to 9.1.3 by @​dependabot in yahoo/serialize-javascript#133
• Bump mocha from 9.1.3 to 9.1.4 by @​dependabot in yahoo/serialize-javascript#137
• Bump mocha from 9.1.4 to 9.2.0 by @​dependabot in yahoo/serialize-javascript#138
• Bump chai from 4.3.4 to 4.3.6 by @​dependabot in yahoo/serialize-javascript#140
• Bump ansi-regex from 5.0.0 to 5.0.1 by @​dependabot in yahoo/serialize-javascript#141
• Bump mocha from 9.2.0 to 9.2.2 by @​dependabot in yahoo/serialize-javascript#143
• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in yahoo/serialize-javascript#144
• Bump mocha from 9.2.2 to 10.0.0 by @​dependabot in yahoo/serialize-javascript#145
• Bump mocha from 10.0.0 to 10.1.0 by @​dependabot in yahoo/serialize-javascript#149
• Bump chai from 4.3.6 to 4.3.7 by @​dependabot in yahoo/serialize-javascript#150
• ci: test.yml - actions bump by @​piwysocki in yahoo/serialize-javascript#151
• Bump minimatch from 3.0.4 to 3.1.2 by @​dependabot in yahoo/serialize-javascript#152
• Bump mocha from 10.1.0 to 10.2.0 by @​dependabot in yahoo/serialize-javascript#153
• Bump json5 from 2.1.3 to 2.2.3 by @​dependabot in yahoo/serialize-javascript#155
• Fix serialization issue for 0n. by @​momocow in yahoo/serialize-javascript#156
• Release v6.0.1 by @​okuryu in yahoo/serialize-javascript#157

New Contributors

• @​piwysocki made their first contribution in yahoo/serialize-javascript#151
• @​momocow made their first contribution in yahoo/serialize-javascript#156

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

Commits

• b71ec23 6.0.2
• f27d65d fix: serialize URL string contents to prevent XSS (#173)
• 02499c0 Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171)
• 0d88527 docs: update readme with URL support (#146)
• e2a3a91 chore: update node version and lock file
• 5a1fa64 fix typo (#164)
• 7139f92 Release v6.0.1 (#157)
• 7e23ae8 Fix serialization issue for 0n. (#156)
• 343abd9 Bump json5 from 2.1.3 to 2.2.3 (#155)
• 38d0e70 Bump mocha from 10.1.0 to 10.2.0 (#153)
• Additional commits viewable in compare view

Updates simple-git from 3.23.0 to 3.32.3

Release notes

Sourced from simple-git's releases.

simple-git@3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

simple-git@3.32.2

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

simple-git@3.32.1

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

simple-git@3.32.0

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

simple-git@3.31.1

Patch Changes

• a44184f: Resolve NPM publish steps

simple-git@3.30.0

Minor Changes

• bc77774: Correctly identify current branch name when using git.status in a cloned empty repo.

  Previously git.status would report the current branch name as No. Thank you to @​MaddyGuthridge for identifying this issue.

simple-git@3.28.0

Minor Changes

• 2adf47d: Allow repeating git options like {'--opt': ['value1', 'value2']}

simple-git@3.27.0

Minor Changes

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

3.32.2

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

3.32.1

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

3.32.0

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

3.31.1

Patch Changes

• a44184f: Resolve NPM publish steps

3.31.0

Minor Changes

• 22dc93f: Custom binary plugin should support the use of ~ character, used by Windows to shorten long folder names and folder names that have spaces in them (eg: C:\Program Files might become C:\PROGRA~1).

  Thanks to @​skyshineb for reporting this issue.

... (truncated)

Commits

• a1170e5 Version Packages
• f704208 In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...
• 4bb2081 Version Packages
• 7ae7537 Match tokens to word boundary
• c47ad10 Lint
• 8d02097 Enhanced clone switch detection
• f6909a5 Remove test timeout override
• 7740626 Update plugin.unsafe.spec.ts
• b562a6c Version Packages
• 23b070f Fix regex for CLONE_OPTIONS constant (#1122)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for simple-git since your current version.

Updates minimatch from 3.0.5 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates minimatch from 5.1.6 to 5.1.9

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates simple-git from 3.16.0 to 3.32.3

Release notes

Sourced from simple-git's releases.

simple-git@3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

simple-git@3.32.2

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

simple-git@3.32.1

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

simple-git@3.32.0

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

simple-git@3.31.1

Patch Changes

• a44184f: Resolve NPM publish steps

simple-git@3.30.0

Minor Changes

• bc77774: Correctly identify current branch name when using git.status in a cloned empty repo.

  Previously git.status would report the current branch name as No. Thank you to @​MaddyGuthridge for identifying this issue.

simple-git@3.28.0

Minor Changes

• 2adf47d: Allow repeating git options like {'--opt': ['value1', 'value2']}

simple-git@3.27.0

Minor Changes

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.32.3

Patch Changes

• f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

  Thanks to @​CodeAnt-AI-Security for identifying the issue

3.32.2

Patch Changes

• 8d02097: Enhanced clone unsafe switch detection.

3.32.1

Patch Changes

• 23b070f: Fix regex for detecting unsafe clone options

  Thanks to @​stevenwdv for reporting this issue.

3.32.0

Minor Changes

• 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

  Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

• d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

3.31.1

Patch Changes

• a44184f: Resolve NPM publish steps

3.31.0

Minor Changes

• 22dc93f: Custom binary plugin should support the use of ~ character, used by Windows to shorten long folder names and folder names that have spaces in them (eg: C:\Program Files might become C:\PROGRA~1).

  Thanks to @​skyshineb for reporting this issue.

... (truncated)

Commits

• a1170e5 Version Packages
• f704208 In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...
• 4bb2081 Version Packages
• 7ae7537 Match tokens to word boundary
• c47ad10 Lint
• 8d02097 Enhanced clone switch detection
• f6909a5 Remove test timeout override
• 7740626 Update plugin.unsafe.spec.ts
• b562a6c Version Packages
• 23b070f Fix regex for CLONE_OPTIONS constant (#1122)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for simple-git since your current version.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates form-data from 2.5.1 to 2.5.5

Release notes

Sourced from form-data's releases.

v2.5.2

Fixes

• Buffer.from and Buffer.alloc require node 4+
• npmignore temporary build files (#532)
• move util.isArray to Array.isArray (#564)

Tests

• migrate from travis to GHA

Changelog

Sourced from form-data's changelog.

v2.5.5 - 2025-07-18

Commits

• [meta] actually ensure the readme backup isn’t published 10626c0
• [Fix] use proper dependency 026abe5

v2.5.4 - 2025-07-17

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] update linting config 8bf2492
• [meta] add auto-changelog b5101ad
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 0e93122
• [Fix] Switch to using crypto random for boundary values b88316c
• [Fix] validate boundary type in setBoundary() method 131ae5e
• [Tests] Switch to newer v8 prediction library; enable node 24 testing c97cfbe
• [Refactor] use hasown 97ac9c2
• [meta] remove local commit hooks be99d4e
• [Dev Deps] remove unused deps ddbc89b
• [meta] fix scripts to use prepublishOnly e351a97
• [Dev Deps] remove unused script 8f23366
• [Dev Deps] add missing peer dep 02ff026
• [meta] fix readme capitalization

[github-actions]

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml