build(deps): bump the npm_and_yarn group across 8 directories with 16 updates by dependabot[bot] · Pull Request #30 · Aarogaming/AutoWizard101

dependabot · 2026-03-02T06:03:22Z

Bumps the npm_and_yarn group with 5 updates in the /ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/Ambrose directory:

Package	From	To
ajv	`6.12.6`	`6.14.0`
body-parser	`1.20.0`	`1.20.4`
minimatch	`3.1.2`	`3.1.5`
minimatch	`5.1.0`	`5.1.9`
rollup	`2.79.0`	`2.80.0`
webpack	`5.74.0`	`5.105.3`

Bumps the npm_and_yarn group with 5 updates in the /ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/GrubNinja-master/GrubNinja-master directory:

Package	From	To
ajv	`6.10.2`	`6.14.0`
axios	`0.19.0`	`0.30.3`
fast-xml-parser	`3.12.20`	`5.3.8`
bn.js	`4.11.8`	`4.12.3`
pbkdf2	`3.0.17`	`3.1.5`

Bumps the npm_and_yarn group with 1 update in the /ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/WizGallery-dev/WizGallery-dev/client directory: next.
Bumps the npm_and_yarn group with 1 update in the /ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/WizWikiAPI-main/WizWikiAPI-main directory: body-parser.
Bumps the npm_and_yarn group with 1 update in the /ProjectMaelstrom/tmp_master/ingra/ingra-main/apps/auth directory: next.
Bumps the npm_and_yarn group with 2 updates in the /ProjectMaelstrom/tmp_master/ingra/ingra-main/apps/chat directory: next and @langchain/community.
Bumps the npm_and_yarn group with 2 updates in the /ProjectMaelstrom/tmp_master/ingra/ingra-main/apps/docs directory: next and next-mdx-remote.
Bumps the npm_and_yarn group with 5 updates in the /ProjectMaelstrom/tmp_master/n8n/n8n-workflow-builder-main directory:

Package	From	To
ajv	`6.12.6`	`6.14.0`
body-parser	`2.2.0`	`2.2.2`
minimatch	`3.1.2`	`3.1.5`
minimatch	`5.1.6`	`5.1.9`
axios	`1.11.0`	`1.13.5`
@modelcontextprotocol/sdk	`1.17.0`	`1.26.0`

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates body-parser from 1.20.0 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

Remove redundant depth check by @blakeembrey in expressjs/body-parser#538

ci: add support for Node.js v23 by @Phillip9587 in expressjs/body-parser#553

ci: restore CI for 1.x branch by @bjohansebas in expressjs/body-parser#665

deps: qs@^6.14.0 by @bjohansebas in expressjs/body-parser#664

deps: use tilde notation and update certain dependencies by @Phillip9587 in expressjs/body-parser#668

chore: remove SECURITY.md by @Phillip9587 in expressjs/body-parser#669

ci: add CodeQL (SAST) by @Phillip9587 in expressjs/body-parser#670

Release: 1.20.4 by @UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20.1

deps: qs@6.11.0

perf: remove unnecessary object clone

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

deps: qs@~6.14.0

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20.1 / 2022-10-06

deps: qs@6.11.0

perf: remove unnecessary object clone

Commits

7db202c 1.20.4 (#672)
d8f8adb ci: add CodeQL (SAST) (#670)
6d133c1 chore: remove SECURITY.md (#669)
fcd1535 deps: use tilde notation and update certain dependencies (#668)
ec5fa29 deps: qs@~6.14.0 (#664)
ffb95c1 ci: restore CI for 1.x branch (#665)
48a5f07 ci: add support for Node.js v23 (#553)
f20f6ad Remove redundant depth check (#538)
1752951 1.20.3
39744cf chore: linter (#534)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates minimatch from 5.1.0 to 5.1.9

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates qs from 6.10.3 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

... (truncated)

Commits

bdcf0c7 v6.14.2
294db90 [readme] document that addQueryPrefix does not add ? to empty output
5c308e5 [readme] clarify parseArrays and arrayLimit documentation
6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
1b9a8b4 [actions] fix rebase workflow permissions
2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
Additional commits viewable in compare view

Updates rollup from 2.79.0 to 2.80.0

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

#6277: Validate bundle stays within output dir (@lukastaegert)

2.79.2

2024-09-26

Bug Fixes

Resolve CVE-2024-43788 (#5677)

Pull Requests

#5677: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (@fabianszabo)

2.79.1

2022-09-22

Bug Fixes

Avoid massive performance degradation when creating thousands of chunks (#4643)

Pull Requests

#4639: fix: typo docs and contributors link in CONTRIBUTING.md (@takurinton)

#4641: Update type definition of resolveId (@ivanjonas)

#4643: Improve performance of chunk naming collision check (@lukastaegert)

Commits

d17ae15 2.80.0
d6dee5e Validate bundle stays within output dir (#6277)
c9bd03d 2.79.2
48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
69ff418 2.79.1
04dce1b Update changelog
159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
e1392b3 Update type definition of resolveId (#4641)
7836357 Improve performance of chunk naming collision check (#4643)
71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
Additional commits viewable in compare view

Updates webpack from 5.74.0 to 5.105.3

Release notes

Sourced from webpack's releases.

v5.105.3

Patch Changes

Context modules now handle rejections correctly. (by @alexander-akait in #20455)

Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @hai-x in #20535)

Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @hai-x in #20463)

Fixed HMR failure for CSS modules with @import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @import CSS to work correctly during hot module replacement. (by @xiaoxiaojx in #20514)

Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @xiaoxiaojx in #20454)

Do not crash when a referenced chunk is not a runtime chunk. (by @alexander-akait in #20461)

Fix some types. (by @alexander-akait in #20412)

Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @hai-x in #20510)

Added createRequire support for ECMA modules. (by @stefanbinoj in #20497)

Added category for CJS reexport dependency to fix issues with ECMA modules. (by @hai-x in #20444)

Implement immutable bytes for bytes import attribute to match tc39 spec. (by @alexander-akait in #20481)

Fixed deterministic search for graph roots regardless of edge order. (by @veeceey in #20452)

v5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

v5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

v5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @hai-x in #20320)

Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @alexander-akait in #20400)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.3

Patch Changes

Context modules now handle rejections correctly. (by @alexander-akait in #20455)

Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @hai-x in #20535)

Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @hai-x in #20463)

Fixed HMR failure for CSS modules with @import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @import CSS to work correctly during hot module replacement. (by @xiaoxiaojx in #20514)

Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @xiaoxiaojx in #20454)

Do not crash when a referenced chunk is not a runtime chunk. (by @alexander-akait in #20461)

Fix some types. (by @alexander-akait in #20412)

Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @hai-x in #20510)

Added createRequire support for ECMA modules. (by @stefanbinoj in #20497)

Added category for CJS reexport dependency to fix issues with ECMA modules. (by @hai-x in #20444)

Implement immutable bytes for bytes import attribute to match tc39 spec. (by @alexander-akait in #20481)

Fixed deterministic search for graph roots regardless of edge order. (by @veeceey in #20452)

5.105.2

Patch Changes

Fixed WebpackPluginInstance type regression. (by @alexander-akait in #20440)

5.105.1

Patch Changes

Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @xiaoxiaojx in #20424)

Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @hai-x in #20433)

Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @hai-x in #20433)

5.105.0

Minor Changes

Allow resolving worker module by export condition name when using new Worker() (by @hai-x in #20353)

... (truncated)

Commits

714a0e3 chore(release): new release (#20448)
c323b39 chore(deps-dev): bump nyc from 17.1.0 to 18.0.0 (#20539)
8a01dfe refactor: deduplicate export presence logic in Harmony dependency classes (#2...
b9fc7b3 chore(deps): bump test/test262-cases in the dependencies group (#20541)
f8a5ac3 test: add coverage for nwjs exports condition and CSS modules with webworker ...
59bf024 test: add coverage for external script in EnvironmentNotSupportAsyncWarning (...
4c79ac2 test: add missing coverage for formatLocation and formatSize (#20534)
4f5c0a8 fix: mark asset module as side-effect-free when futureDefaults (#20535)
87987ca test: add test
67c5aae test: add configCase for ESM prefetch/preload under neutral target (#20524)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates ajv from 6.10.2 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates body-parser from 1.19.0 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

Remove redundant depth check by @blakeembrey in expressjs/body-parser#538

ci: add support for Node.js v23 by @Phillip9587 in expressjs/body-parser#553

ci: restore CI for 1.x branch by @bjohansebas in expressjs/body-parser#665

deps: qs@^6.14.0 by @bjohansebas in expressjs/body-parser#664

deps: use tilde notation and update certain dependencies by @Phillip9587 in expressjs/body-parser#668

chore: remove SECURITY.md by @Phillip9587 in expressjs/body-parser#669

ci: add CodeQL (SAST) by @Phillip9587 in expressjs/body-parser#670

Release: 1.20.4 by @UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20.1

deps: qs@6.11.0

perf: remove unnecessary object clone

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

deps: qs@~6.14.0

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20.1 / 2022-10-06

deps: qs@6.11.0

perf: remove unnecessary object clone

Commits

7db202c 1.20.4 (#672)
d8f8adb ci: add CodeQL (SAST) (#670)
6d133c1 chore: remove SECURITY.md (#669)
fcd1535 deps: use tilde notation and update certain dependencies (#668)
ec5fa29 deps: qs@~6.14.0 (#664)
ffb95c1 ci: restore CI for 1.x branch (#665)
48a5f07 ci: add support for Node.js v23 (#553)
f20f6ad Remove redundant depth check (#538)
1752951 1.20.3
39744cf chore: linter (#534)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates serialize-javascript from 2.1.2 to 1.9.1

Commits

2b1e4c7 Merge pull request #30 from yahoo/update-packages
25c4f40 Update dev packages to latest
11fdd02 Merge pull request #29 from yahoo/v1.4.0
72c6b4d Bump version to v1.4.0
331a6cf Merge pull request #28 from yahoo/travis
24408bb Update Node.js versions on CI
4cf1296 Merge pull request #27 from ethanresnick/feature/date-continue
3a13d54 Test using isJSON and space options together
ba11f28 Support dates
adfee60 Merge pull request #21 from nicojs/add-deserialisation-readme
Additional commits viewable in compare view

Updates url-parse from 1.4.7 to 1.5.10

Commits

8cd4c6c 1.5.10
ce7a01f [fix] Improve handling of empty port
0071490 [doc] Update JSDoc comment
a7044e3 [minor] Use more descriptive variable name
d547792 [security] Add credits for CVE-2022-0691
ad23357 1.5.9
0e3fb54 [fix] Strip all control characters from the beginning of the URL
61864a8 [security] Add credits for CVE-2022-0686
bb0104d 1.5.8
d5c6479 [fix] Handle the case where the port is specified but empty
Additional commits viewable in compare view

Updates axios from 0.19.0 to 0.30.3

Release notes

Sourced from axios's releases.

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

Backport: Fix DoS via proto key in merge config

Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

CI Infrastructure Update

Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @jasonsaayman in [PR #7407](axios/axios#7407)

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

Backport maxContentLength vulnerability fix to v0.x by @FeBe95 in axios/axios#7034

New Contributors

@FeBe95 made their first contribution in axios/axios#7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @wolandec in axios/axios#6978

Contributors to this release

@wolandec made their first contribution in axios/axios#6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

fix: modify log while request is aborted by @mori5321 in axios/axios#4917

fix: update CHANGELOG.md for v0.x by @TehZarathustra in axios/axios#6271

fix: modify upgrade guide for 0.28.1's breaking change by @nafeger in axios/axios#6787

... (truncated)

Commits

f53bcf6 chore: release 0.30.2
3ddccd3 chore: remove publish as this wont work
9ef39d0 chore: try with npm token
4775de6 chore: fix version scheme
f96f26b chore: fix issues with using replace
ead45c2 chore: update the publish workflow to run on tag
8119265 chore: tag version as legacy on v0.x
9954985 chore: dispatch for first time
3f8b70f chore: final rename
c665584 chore: revert naming
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates fast-xml-parser from 3.12.20 to 5.3.8

Release notes

Sourced from fast-xml-parser's releases.

handle non-array input for XML builder && su...
Description has been truncated

… updates Bumps the npm_and_yarn group with 5 updates in the /ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/Ambrose directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.0` | `1.20.4` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [minimatch](https://github.com/isaacs/minimatch) | `5.1.0` | `5.1.9` | | [rollup](https://github.com/rollup/rollup) | `2.79.0` | `2.80.0` | | [webpack](https://github.com/webpack/webpack) | `5.74.0` | `5.105.3` | Bumps the npm_and_yarn group with 5 updates in the /ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/GrubNinja-master/GrubNinja-master directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `6.10.2` | `6.14.0` | | [axios](https://github.com/axios/axios) | `0.19.0` | `0.30.3` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `3.12.20` | `5.3.8` | | [bn.js](https://github.com/indutny/bn.js) | `4.11.8` | `4.12.3` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.0.17` | `3.1.5` | Bumps the npm_and_yarn group with 1 update in the /ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/WizGallery-dev/WizGallery-dev/client directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/WizWikiAPI-main/WizWikiAPI-main directory: [body-parser](https://github.com/expressjs/body-parser). Bumps the npm_and_yarn group with 1 update in the /ProjectMaelstrom/tmp_master/ingra/ingra-main/apps/auth directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 2 updates in the /ProjectMaelstrom/tmp_master/ingra/ingra-main/apps/chat directory: [next](https://github.com/vercel/next.js) and [@langchain/community](https://github.com/langchain-ai/langchainjs). Bumps the npm_and_yarn group with 2 updates in the /ProjectMaelstrom/tmp_master/ingra/ingra-main/apps/docs directory: [next](https://github.com/vercel/next.js) and [next-mdx-remote](https://github.com/hashicorp/next-mdx-remote). Bumps the npm_and_yarn group with 5 updates in the /ProjectMaelstrom/tmp_master/n8n/n8n-workflow-builder-main directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` | | [axios](https://github.com/axios/axios) | `1.11.0` | `1.13.5` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.17.0` | `1.26.0` | Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `body-parser` from 1.20.0 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.0...1.20.4) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.0 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `qs` from 6.10.3 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.10.3...v6.14.2) Updates `rollup` from 2.79.0 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.0...v2.80.0) Updates `webpack` from 5.74.0 to 5.105.3 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.74.0...v5.105.3) Updates `ajv` from 6.10.2 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `body-parser` from 1.19.0 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.0...1.20.4) Updates `serialize-javascript` from 2.1.2 to 1.9.1 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v2.1.2...v1.9.1) Updates `url-parse` from 1.4.7 to 1.5.10 - [Commits](unshiftio/url-parse@1.4.7...1.5.10) Updates `axios` from 0.19.0 to 0.30.3 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.19.0...v0.30.3) Updates `fast-xml-parser` from 3.12.20 to 5.3.8 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@3.12.20...v5.3.8) Updates `bn.js` from 4.11.8 to 4.12.3 - [Release notes](https://github.com/indutny/bn.js/releases) - [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md) - [Commits](indutny/bn.js@v4.11.8...v4.12.3) Updates `pbkdf2` from 3.0.17 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.17...v3.1.5) Updates `next` from 14.1.3 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.1.3...v15.5.10) Updates `body-parser` from 1.19.1 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.0...1.20.4) Updates `qs` from 6.9.6 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.10.3...v6.14.2) Updates `next` from 15.0.3 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.1.3...v15.5.10) Updates `next` from 15.0.3 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.1.3...v15.5.10) Updates `@langchain/community` from 0.3.32 to 1.1.18 - [Release notes](https://github.com/langchain-ai/langchainjs/releases) - [Commits](https://github.com/langchain-ai/langchainjs/compare/langchain==0.3.32...@langchain/community@1.1.18) Updates `next` from 15.0.3 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.1.3...v15.5.10) Updates `next-mdx-remote` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/hashicorp/next-mdx-remote/releases) - [Changelog](https://github.com/hashicorp/next-mdx-remote/blob/main/CHANGELOG.md) - [Commits](hashicorp/next-mdx-remote@v5.0.0...v6.0.0) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.0...1.20.4) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.10.3...v6.14.2) Updates `axios` from 1.11.0 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.19.0...v0.30.3) Updates `@modelcontextprotocol/sdk` from 1.17.0 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.17.0...v1.26.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 1.9.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: url-parse dependency-version: 1.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.30.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 5.3.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: bn.js dependency-version: 4.12.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@langchain/community" dependency-version: 1.1.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next-mdx-remote dependency-version: 6.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 2, 2026

dependabot bot requested a review from Aarogaming as a code owner March 2, 2026 06:03

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 2, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 8 directories with 16 updates#30

build(deps): bump the npm_and_yarn group across 8 directories with 16 updates#30
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/ProjectMaelstrom/ProjectMaelstrom/Scripts/Library/Ambrose/npm_and_yarn-0230385a0f

dependabot bot commented on behalf of github Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 2, 2026

1.20.4

What's Changed

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.1

1.20.4 / 2025-12-01

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

1.20.1 / 2022-10-06

6.14.2

6.14.1

6.14.0

6.13.3

6.13.2

6.13.1

v.2.79.2

2.79.2

Bug Fixes

Pull Requests

2.80.0

Features

Pull Requests

2.79.2

Bug Fixes

Pull Requests

2.79.1

Bug Fixes

Pull Requests

v5.105.3

Patch Changes

v5.105.2

Patch Changes

v5.105.1

Patch Changes

v5.105.0

Minor Changes

5.105.3

Patch Changes

5.105.2

Patch Changes

5.105.1

Patch Changes

5.105.0

Minor Changes

1.20.4

What's Changed

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.1

1.20.4 / 2025-12-01

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

1.20.1 / 2022-10-06

Release notes - v0.30.3

🛡️ Security Fixes

⚙️ Maintenance & CI

⚠️ Breaking Changes

v0.30.2

What's Changed

New Contributors

Release v0.30.1

Release notes:

Bug Fixes

Contributors to this release

Release v0.30.0

Release notes:

Bug Fixes

handle non-array input for XML builder && su... Description has been truncated

Uh oh!

Reviewers

handle non-array input for XML builder && su...
Description has been truncated