chore(deps): bump the npm_and_yarn group across 2 directories with 22 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
@astrojs/cloudflare	12.4.0	12.6.6
@astrojs/node	9.1.3	9.4.1
axios	1.9.0	1.13.5
happy-dom	17.4.4	20.6.3
lodash	4.17.21	4.17.23
mdast-util-to-hast	13.2.0	13.2.1
playwright	1.51.1	1.58.2

Bumps the npm_and_yarn group with 8 updates in the /mcp-server directory:

Package	From	To
ajv	6.12.6	8.18.0
@modelcontextprotocol/sdk	1.20.1	1.26.0
esbuild	0.21.5	0.25.4
js-yaml	4.1.0	4.1.1
lodash	4.17.21	4.17.23
undici	7.14.0	7.18.2
wrangler	4.45.0	4.67.0
agents	0.2.14	0.3.10

Updates @astrojs/cloudflare from 12.4.0 to 12.6.6

Changelog

Sourced from @​astrojs/cloudflare's changelog.

12.6.6

Patch Changes

• 9ecf359 Thanks @​alexanderniebuhr! - Improves the image proxy endpoint when using the default compile option to adhere to user configuration regarding the allowed remote domains

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.0

12.6.5

Patch Changes

• #14259 02366e9 Thanks @​ascorbic! - Removes warning when using the adapter with a static build.

  The Cloudflare adapter now has several uses outside of on-demand rendered pages, so this warning is misleading. Similar warnings have already been removed from other adapters.

• #14234 15b55f3 Thanks @​yanthomasdev! - Fixes an issue that could cause duplicate exports when configuring workerEntrypoint.namedExports

• #14240 77b18fb Thanks @​delucis! - Increases the minimum supported version of Astro to 5.7.0

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.0

12.6.4

Patch Changes

• Updated dependencies [4d16de7]:
  • @​astrojs/internal-helpers@​0.7.2
  • @​astrojs/underscore-redirects@​1.0.0

12.6.3

Patch Changes

• #14066 7abde79 Thanks @​alexanderniebuhr! - Refactors the internal solution which powers Astro Sessions when running local development with ˋastro devˋ.

  The adapter now utilizes Cloudflare's local support for Cloudflare KV. This internal change is a drop-in replacement and does not require any change to your projectct code.

  However, you now have the ability to connect to the remote Cloudflare KV Namespace if desired and use production data during local development.

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.0

12.6.2

Patch Changes

• #13894 b36e72f Thanks @​florian-lefebvre! - Removes special handling of the ASTRO_STUDIO_APP_TOKEN environment variable

... (truncated)

Commits

• 24b04c1 [ci] release (#14267)
• fbec0e0 [ci] format
• 9ecf359 Merge commit from fork
• 4823c42 feat(netlify): dev context (#14269)
• d471be5 [ci] release (#14242)
• 02366e9 fix: don't warnign when using in static build (#14259)
• 15b55f3 Filter duplicate exports from Cloudflare adapter's namedExports (#14234)
• 77b18fb Update Astro peer dependency in adapters with auto-enabled sessions (#14240)
• 9288133 [ci] release (#14232)
• dc9e35c [ci] release (#14189)
• Additional commits viewable in compare view

Updates @astrojs/node from 9.1.3 to 9.4.1

Changelog

Sourced from @​astrojs/node's changelog.

9.4.1

Patch Changes

• 5fc3c59 Thanks @​ematipico! - Fixes a routing bug in standalone mode with trailingSlash set to "always".

9.4.0

Minor Changes

• #14188 e3422aa Thanks @​ascorbic! - Adds support for specifying a host to load prerendered error pages

  By default, if a user defines a custom error page that is prerendered, Astro will load it from the same host as the one that the request is made to. This change allows users to specify a different host for loading prerendered error pages. This can be useful in scenarios such as where the server is running behind a reverse proxy or when prerendered pages are hosted on a different domain.

  To use this feature, set the experimentalErrorPageHost adapter option in your Astro configuration to the desired host URL. For example, if your server is running on localhost and served via a proxy, you can ensure the prerendered error pages are fetched via the localhost URL:

  import { defineConfig } from 'astro/config';
  import node from '@astrojs/node';
  export default defineConfig({
    adapter: node({
      // If your server is running on localhost and served via a proxy, set the host like this to ensure prerendered error pages are fetched via the localhost URL
      experimentalErrorPageHost: 'http://localhost:4321',
    }),
  });

  For more information on enabling and using this experimental feature, see the @astrojs/node adapter docs.

9.3.3

Patch Changes

• Updated dependencies [0567fb7]:
  • @​astrojs/internal-helpers@​0.7.1

9.3.2

Patch Changes

• Updated dependencies [f4e8889]:
  • @​astrojs/internal-helpers@​0.7.0

9.3.1

Patch Changes

• #14148 e4d74ba Thanks @​ColoredCarrot! - fix(node): emit set-cookie header from middlewares for not-found routes (#14136)

9.3.0

... (truncated)

Commits

• a186848 [ci] release (#14217)
• d55b88a [ci] format
• 5fc3c59 Merge commit from fork
• dc9e35c [ci] release (#14189)
• 56a05aa [ci] format
• e3422aa feat: add support for specifying a prerendered error page host (#14188)
• 0f0a4c4 [ci] release (#14172)
• 5eaf524 [ci] release (#14171)
• 09b533b [ci] release (#14149)
• e4d74ba fix(node): emit set-cookie header from middlewares for not-found routes (#141...
• Additional commits viewable in compare view

Updates astro from 5.6.1 to 5.17.3

Release notes

Sourced from astro's releases.

astro@5.17.3

Patch Changes

• #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

• #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

astro@5.17.2

Patch Changes

• c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies

astro@5.17.1

Patch Changes

• #15334 d715f1f Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

  Removes the getFontBuffer() helper function exported from astro:assets when using the experimental Fonts API

  This experimental feature introduced in v15.6.13 ended up causing significant memory usage during build. This feature has been removed and will be reintroduced after further exploration and testing.

  If you were relying on this function, you can replicate the previous behavior manually:

  • On prerendered routes, read the file using node:fs
  • On server rendered routes, fetch files using URLs from fontData and context.url

astro@5.17.0

Minor Changes

• #14932 b19d816 Thanks @​patrickarlt! - Adds support for returning a Promise from the parser() option of the file() loader

  This enables you to run asynchronous code such as fetching remote data or using async parsers when loading files with the Content Layer API.

  For example:

  import { defineCollection } from 'astro:content';
  import { file } from 'astro/loaders';
  const blog = defineCollection({
  loader: file('src/data/blog.json', {
  parser: async (text) => {
  const data = JSON.parse(text);
    // Perform async operations like fetching additional data
    const enrichedData = await fetch(`https://api.example.com/enrich`, {
      method: 'POST',
      body: JSON.stringify(data),
    }).then((res) => res.json());

... (truncated)

Changelog

Sourced from astro's changelog.

5.17.3

Patch Changes

• #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

• #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

5.17.2

Patch Changes

• c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies

5.17.1

Patch Changes

• #15334 d715f1f Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

  Removes the getFontBuffer() helper function exported from astro:assets when using the experimental Fonts API

  This experimental feature introduced in v15.6.13 ended up causing significant memory usage during build. This feature has been removed and will be reintroduced after further exploration and testing.

  If you were relying on this function, you can replicate the previous behavior manually:

  • On prerendered routes, read the file using node:fs
  • On server rendered routes, fetch files using URLs from fontData and context.url

5.17.0

Minor Changes

• #14932 b19d816 Thanks @​patrickarlt! - Adds support for returning a Promise from the parser() option of the file() loader

  This enables you to run asynchronous code such as fetching remote data or using async parsers when loading files with the Content Layer API.

  For example:

  import { defineCollection } from 'astro:content';
  import { file } from 'astro/loaders';
  const blog = defineCollection({
  loader: file('src/data/blog.json', {
  parser: async (text) => {
  const data = JSON.parse(text);
    // Perform async operations like fetching additional data
    const enrichedData = await fetch(`https://api.example.com/enrich`, {
      method: 'POST',

... (truncated)

Commits

• e0f1a2b [ci] release (#15571)
• 522f880 Limit action request body size (#15564)
• 436962a chore: Upgrade Vite and esbuild (#15554)
• e01e98b Respect remote image allowlists (#15569)
• f2955fb [ci] release (#15474)
• c13b536 Validate Host header against allowedDomains
• 2bf965c update esbuild (#15193)
• 1c6c9fc [ci] release (#15339)
• d715f1f fix(fonts): remove getFontBuffer() (#15334)
• 08d38c6 [ci] release (#15325)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for astro since your current version.

Updates axios from 1.9.0 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates happy-dom from 17.4.4 to 20.6.3

Release notes

Sourced from happy-dom's releases.

v20.6.3

👷‍♂️ Patch fixes

• Refactors query selector parser to be able to handle complex rules - By @​capricorn86 in task #1910
  • This release also fixes #1912 and #2034

v20.6.2

👷‍♂️ Patch fixes

• Update entities package version to resolve missing export for vue and vue-compat v3.5 - By @​acollins1991 in task #2066

v20.6.1

👷‍♂️ Patch fixes

• Support CSS gradients with rgba() - By @​atzzCokeK in task #2042
• Support unicode characters in selectors per CSS spec - By @​kaigritun in task #2057

v20.6.0

🎨 Features

• Adds support for register on import to the @happy-dom/global-registrator package - By @​capricorn86 in task #2060

v20.5.5

👷‍♂️ Patch fixes

• Correct caption element content model to allow flow content - By @​atzzCokeK in task #2052

v20.5.4

👷‍♂️ Patch fixes

• Implement Text.wholeText property - By @​aki05162525 in task #1959

v20.5.3

👷‍♂️ Patch fixes

• Node.replaceWith does not throw w/o parent - By @​lukeed

v20.5.2

👷‍♂️ Patch fixes

• Use entities package for HTML/XML encoding and decoding - By @​TrevorBurnham in task #1947

v20.5.1

👷‍♂️ Patch fixes

• Fixes logic in HTMLInputElement.stepUp() and HTMLInputElement.stepDown() to work according to spec - By @​stevematney in task #1955

v20.5.0

👷‍♂️ Patch fixes

• Removes circular dependencies internally - By @​capricorn86 in task #2055
  • Compilers can handle simpler circular dependencies, but warnings may be outputted
• Changes naming of types used internally to follow a consistent pattern - By @​capricorn86 in task #2055
• Enforces use of the "type" modifier internally in the source code (e.g. import type and export type) - By @​capricorn86 in task #2055

v20.4.0

🎨 Features

• Adds support for caching the compiled code of EcmaScript modules - By @​capricorn86 in task #2049
• Improves the way nodes are destroyed and garbage collected - By @​capricorn86 in task #2049

... (truncated)

Commits

• e6a64da fix: #1910 Fixes issue when parsing complex query selector with has express...
• b869287 fix: #2066 Update entities package version to resolve missing export for vu...
• f8d8cad fix: #2042 Support CSS gradients with rgba() colors (#2059)
• d0fdf23 fix: #2057 Support Unicode characters in selectors per CSS spec (#2062)
• 48e675f feat: #2060 Adds support for register on import in global-registrator (#2061)
• fbef5d9 fix: #2052 Correct caption element content model to allow flow content (#2058)
• 8df62e1 fix: #1959 Implement Text.wholeText property (#2027)
• 273ad6c fix: Node.replaceWith does not throw w/o parent (#1969)
• 7c44f48 chore: #1947 Adds unit tests for decode ' / numeric character referenc...
• 560589c fix: #1947 Use entities package for HTML/XML encoding/decoding (#2016)
• Additional commits viewable in compare view

Updates devalue from 5.1.1 to 5.6.3

Release notes

Sourced from devalue's releases.

v5.6.3

Patch Changes

• 0f04d4d: fix: Properly handle __proto__
• 819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

• 1175584: fix: validate input for ArrayBuffer parsing
• e46afa6: fix: validate input for typed arrays
• 1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

• 2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

• a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
• a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

• 828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

• 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

• ca3c7b6: chore: Remove impossible void type from replacer's uneval

v5.4.0

Minor Changes

• 9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

• b617c7c: perf: shrink uneval output with null-proto objects

v5.3.2

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.6.3

Patch Changes

• 0f04d4d: fix: Properly handle __proto__
• 819f1ac: fix: better encoding for sparse arrays

5.6.2

Patch Changes

• 1175584: fix: validate input for ArrayBuffer parsing
• e46afa6: fix: validate input for typed arrays
• 1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

• 2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

• a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
• a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

• 828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

• 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

5.4.1

Patch Changes

• ca3c7b6: chore: Remove impossible void type from replacer's uneval

5.4.0

Minor Changes

... (truncated)

Commits

• a4a37d2 Version Packages (#132)
• 819f1ac Merge commit from fork
• 0f04d4d Merge commit from fork
• fcf4e88 fix tests
• 1d8a5ea Version Packages (#131)
• 1175584 Merge commit from fork
• e46afa6 Merge commit from fork
• 5e07a67 Version Packages (#129)
• aa09604 Bump js-yaml from 3.14.1 to 3.14.2 (#125)
• 2161d44 fix: add hasOwn check before calling reviver (#128)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.

Updates diff from 5.2.0 to 8.0.3

Changelog

Sourced from diff's changelog.

8.0.3

• #631 - fix support for using an Intl.Segmenter with diffWords. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).
• #635 - small tweaks to tokenization behaviour of diffWords when used without an Intl.Segmenter. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (× and ÷) are now treated as punctuation instead of as letters / word characters.
• #641 - the format of file headers in createPatch etc. patches can now be customised somewhat. It now takes a headerOptions option that can be used to disable the file headers entirely, or omit the Index: line and/or the underline. In particular, this was motivated by a request to make jsdiff patches compatible with react-diff-view, which they now are if produced with headerOptions: FILE_HEADERS_ONLY.
• #647 and #649 - fix denial-of-service vulnerabilities in parsePatch whereby adversarial input could cause a memory-leaking infinite loop, typically crashing the calling process. Also fixed ReDOS vulnerabilities whereby adversarially-crafted patch headers could take cubic time to parse. Now, parsePatch should reliably take linear time. (Handling of headers that include the line break characters \r, \u2028, or \u2029 in non-trailing positions is also now more reasonable as side effect of the fix.)

8.0.2

• #616 Restored compatibility of diffSentences with old Safari versions. This was broken in 8.0.0 by the introduction of a regex with a lookbehind assertion; these weren't supported in Safari prior to version 16.4.
• #612 Improved tree shakeability by marking the built CJS and ESM packages with sideEffects: false.

8.0.1

• #610 Fixes types for diffJson which were broken by 8.0.0. The new bundled types in 8.0.0 only allowed diffJson to be passed string arguments, but it should've been possible to pass either strings or objects (and now is). Thanks to Josh Kelley for the fix.

8.0.0

• #580 Multiple tweaks to diffSentences:
  • tokenization no longer takes quadratic time on pathological inputs (reported as a ReDOS vulnerability by Snyk); is now linear instead
  • the final sentence in the string is now handled the same by the tokenizer regardless of whether it has a trailing punctuation mark or not. (Previously, "foo. bar." tokenized to ["foo.", " ", "bar."] but "foo. bar" tokenized to ["foo.", " bar"] - i.e. whether the space between sentences was treated as a separate token depended upon whether the final sentence had trailing punctuation or not. This was arbitrary and surprising; it is no longer the case.)
  • in a string that starts with a sentence end, like "! hello.", the "!" is now treated as a separate sentence
  • the README now correctly documents the tokenization behaviour (it was wrong before)
• #581 - fixed some regex operations used for tokenization in diffWords taking O(n^2) time in pathological cases
• #595 - fixed a crash in patch creation functions when handling a single hunk consisting of a very large number (e.g. >130k) of lines. (This was caused by spreading indefinitely-large arrays to .push() using .apply or the spread operator and hitting the JS-implementation-specific limit on the maximum number of arguments to a function, as shown at https://stackoverflow.com/a/56809779/1709587; thus the exact threshold to hit the error will depend on the environment in which you were running JsDiff.)
• #596 - removed the merge function. Previously JsDiff included an undocumented function called merge that was meant to, in some sense, merge patches. It had at least a couple of serious bugs that could lead to it returning unambiguously wrong results, and it was difficult to simply "fix" because it was unclear precisely what it was meant to do. For now, the fix is to remove it entirely.
• #591 - JsDiff's source code has been rewritten in TypeScript. This change entails the following changes for end users:

  • the diff package on npm now includes its own TypeScript type definitions. Users who previously used the @types/diff npm package from DefinitelyTyped should remove that dependency when upgrading JsDiff to v8.

    Note that the transition from the DefinitelyTyped types to JsDiff's own type definitions includes multiple fixes and also removes many exported types previously used for options arguments to diffing and patch-generation functions. (There are now different exported options types for abortable calls - ones with a timeout or maxEditLength that may give a result of undefined - and non-abortable calls.) See the TypeScript section of the README for some usage tips.

  • The Diff object is now a class. Custom extensions of Diff, as described in the "Defining custom diffing behaviors" section of the README, can therefore now be done by writing a class CustomDiff extends Diff and overriding methods, instead of the old way based on prototype inheritance. (I think code that did things the old way should still work, though!)

  • diff/lib/index.es6.js and diff/lib/index.mjs no longer exist, and the ESM version of the library is no longer bundled into a single file.

  • The ignoreWhitespace option for diffWords is no longer included in the type declarations. The effect of passing ignoreWhitespace: true has always been to make diffWords just call diffWordsWithSpace instead, which was confusing, because that behaviour doesn't seem properly described as "ignoring" whitespace at all. The property remains available to non-TypeScript applications for the sake of backwards compatibility, but TypeScript applications will now see a type error if they try to pass ignoreWhitespace: true to diffWords and should change their code to call diffWordsWithSpace instead.

  • JsDiff no longer purports to support ES3 environments. (I'm pretty sure it never truly did, despite claiming to in its README, since even the 1.0.0 release used Array.map which was added in ES5.)

• #601 - diffJson's stringifyReplacer option behaves more like JSON.stringify's replacer argument now. In particular:
  • Each key/value pair now gets passed through the replacer once instead of twice
  • The key passed to the replacer when the top-level object is passed in as value is now "" (previously, was undefined), and the key passed with an array element is the array index as a string, like "0" or "1" (previously was whatever the key for the entire array was). Both the new behaviours match that of JSON.stringify.
• #602 - diffing functions now consistently return undefined when called in async mode (i.e. with a callback). Previously, there was an odd quirk where they would return true if the strings being diffed were equal and undefined otherwise.

7.0.0

Just a single (breaking) bugfix, undoing a behaviour change introduced accidentally in 6.0.0:

• #554 diffWords treats numbers and underscores as word characters again. This behaviour was broken in v6.0.0.

6.0.0

... (truncated)

Commits

• 13576bf 8.0.3 release (#652)
• 1179ccb Ignore .zed (#651)
• 949d6e2 Add test for the vuln I just fixed (#650)
• ...

  Description has been truncated