Skip to content

Bump the npm_and_yarn group across 1 directory with 2 updates#2611

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/cornucopia.owasp.org/npm_and_yarn-c297c706ea
Open

Bump the npm_and_yarn group across 1 directory with 2 updates#2611
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/cornucopia.owasp.org/npm_and_yarn-c297c706ea

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 12, 2026
edited
Loading

Bumps the npm_and_yarn group with 1 update in the /cornucopia.owasp.org directory: svelte.

Updates svelte from 5.50.3 to 5.53.5

Release notes

Sourced from svelte's releases.

svelte@5.53.5

Patch Changes

svelte@5.53.4

Patch Changes

  • fix: set server context after async transformError (#17799)

  • fix: hydrate if blocks correctly (#17784)

  • fix: handle default parameters scope leaks (#17788)

  • fix: prevent flushed effects from running again (#17787)

svelte@5.53.3

Patch Changes

  • fix: render :catch of #await block with correct key (#17769)

  • chore: pin aria-query@5.3.1 (#17772)

  • fix: make string coercion consistent to toString (#17774)

svelte@5.53.2

Patch Changes

  • fix: update expressions on server deriveds (#17767)

  • fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

svelte@5.53.1

Patch Changes

  • fix: handle shadowed function names correctly (#17753)

svelte@5.53.0

Minor Changes

  • feat: allow comments in tags (#17671)

  • feat: allow error boundaries to work on the server (#17672)

Patch Changes

  • fix: use TrustedHTML to test for customizable support, where necessary (#17743)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.53.5

Patch Changes

5.53.4

Patch Changes

  • fix: set server context after async transformError (#17799)

  • fix: hydrate if blocks correctly (#17784)

  • fix: handle default parameters scope leaks (#17788)

  • fix: prevent flushed effects from running again (#17787)

5.53.3

Patch Changes

  • fix: render :catch of #await block with correct key (#17769)

  • chore: pin aria-query@5.3.1 (#17772)

  • fix: make string coercion consistent to toString (#17774)

5.53.2

Patch Changes

  • fix: update expressions on server deriveds (#17767)

  • fix: further obfuscate node:crypto import from overzealous static analysis (#17763)

5.53.1

Patch Changes

  • fix: handle shadowed function names correctly (#17753)

5.53.0

Minor Changes

  • feat: allow comments in tags (#17671)

... (truncated)

Commits

Updates devalue from 5.6.3 to 5.6.4

Release notes

Sourced from devalue's releases.

v5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

Changelog

Sourced from devalue's changelog.

5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 12, 2026
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 12, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/cornucopia.owasp.org/npm_and_yarn-c297c706ea branch 7 times, most recently from 32af507 to 03a9fd5 Compare March 23, 2026 12:43
@dependabot dependabot bot changed the title build(deps): bump the npm_and_yarn group across 1 directory with 2 updates Bump the npm_and_yarn group across 1 directory with 2 updates Apr 7, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/cornucopia.owasp.org/npm_and_yarn-c297c706ea branch 8 times, most recently from 17384ad to 77d1a64 Compare April 10, 2026 17:03
@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 2 up…
d3d997e 
…dates

Bumps the npm_and_yarn group with 1 update in the /cornucopia.owasp.org directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte).


Updates `svelte` from 5.50.3 to 5.53.5
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.5/packages/svelte)

Updates `devalue` from 5.6.3 to 5.6.4
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v5.6.3...v5.6.4)

---
updated-dependencies:
- dependency-name: svelte
  dependency-version: 5.53.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: devalue
  dependency-version: 5.6.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/cornucopia.owasp.org/npm_and_yarn-c297c706ea branch from 77d1a64 to d3d997e Compare April 10, 2026 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cw-owasp cw-owasp Awaiting requested review from cw-owasp cw-owasp is a code owner

@rewtd rewtd Awaiting requested review from rewtd rewtd is a code owner

@sydseter sydseter Awaiting requested review from sydseter sydseter is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants