Bump the all-dependencies group across 1 directory with 29 updates

[dependabot]

Bumps the all-dependencies group with 28 updates in the /action directory:

Package	From	To
@actions/core	1.10.1	3.0.0
@actions/exec	1.1.1	3.0.0
@actions/github	6.0.0	9.0.0
ajv	8.13.0	8.18.0
cross-env	7.0.3	10.1.0
cross-fetch	4.0.0	4.1.0
eslint-plugin-prettier	5.1.3	5.5.5
form-data	4.0.4	4.0.5
handlebars	4.7.8	4.7.9
jimp	0.22.12	1.6.0
lodash	4.17.21	4.18.1
@types/lodash	4.17.1	4.17.24
mime-types	2.1.35	3.0.2
@types/mime-types	2.1.4	3.0.1
pixelmatch	5.3.0	7.1.0
@octokit/openapi-types	22.2.0	27.0.0
@trivago/prettier-plugin-sort-imports	4.3.0	6.0.2
@types/node	20.12.12	25.5.0
@vercel/ncc	0.38.1	0.38.4
eslint-config-prettier	9.1.0	10.1.8
eslint-plugin-github	4.10.2	6.0.0
eslint-plugin-jest	28.5.0	29.15.1
husky	9.0.11	9.1.7
jest	29.7.0	30.3.0
js-yaml	4.1.0	4.1.1
lint-staged	15.2.2	16.4.0
prettier	3.2.5	3.8.1
ts-jest	29.1.2	29.4.9

Updates @actions/core from 1.10.1 to 3.0.0

Changelog

Sourced from @​actions/core's changelog.

3.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

2.0.3

• Bump @actions/http-client to 3.0.2

2.0.1

• Bump @​actions/exec from 1.1.1 to 2.0.0 #2199

2.0.0

• Add support for Node 24 #2110
• Bump @​actions/http-client from 2.0.1 to 3.0.0

1.11.1

• Fix uses of crypto.randomUUID on Node 18 and earlier #1842

1.11.0

• Add platform info utilities #1551
• Remove dependency on uuid package #1824

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​actions/core since your current version.

Updates @actions/exec from 1.1.1 to 3.0.0

Changelog

Sourced from @​actions/exec's changelog.

3.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()

2.0.0

• Add support for Node 24 #2110
• Bump @​actions/io dependency from ^1.0.1 to ^2.0.0

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​actions/exec since your current version.

Updates @actions/github from 6.0.0 to 9.0.0

Changelog

Sourced from @​actions/github's changelog.

9.0.0

• Breaking change: Package is now ESM-only
  • CommonJS consumers must use dynamic import() instead of require()
  • Example: const { getOctokit, context } = await import('@actions/github')
• Fix TypeScript compilation by migrating to ESM, enabling proper imports from @octokit/core/types

8.0.1

• Update undici to 6.23.0
• Update @actions/http-client to 3.0.2

8.0.0

• Update @​octokit dependencies
  • @octokit/core ^7.0.6
  • @octokit/plugin-paginate-rest ^14.0.0
  • @octokit/plugin-rest-endpoint-methods ^17.0.0
  • @octokit/request ^10.0.7
  • @octokit/request-error ^7.1.0
• Breaking change: Minimum Node.js version is now 20 (previously 18)

7.0.0

• Update to v3.0.1 of @actions/http-client

6.0.1

• Dependency updates #2043
• Add context.runAttempt #1588

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​actions/github since your current version.

Updates ajv from 8.13.0 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

• feat: allow tree-shaking by adding "sideEffects": false to package.json by @​josdejong in ajv-validator/ajv#2480
• fix: #2482 Infinity and NaN serialise to null by @​jasoniangreen in ajv-validator/ajv#2487
• fix: small grammatical error in managing-schemas.md by @​monteiro-renato in ajv-validator/ajv#2508
• fix: typos in schema-language.md by @​monteiro-renato in ajv-validator/ajv#2507
• fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @​epoberezkin in ajv-validator/ajv#2586

New Contributors

• @​josdejong made their first contribution in ajv-validator/ajv#2480
• @​monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

v8.17.1

What's Changed

• bump version to 8.17.1 by @​jasoniangreen in ajv-validator/ajv#2472

Full Changelog: ajv-validator/ajv@v8.17.0...v8.17.1

Plus everything in 8.17.0 which failed to release

The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

Revert "Revert fast-uri change (ajv-validator/ajv#2444)" by @​gurgunday in ajv-validator/ajv#2448 fix: ignore new eslint error for @​typescript-eslint/no-extraneous-class by @​jasoniangreen in ajv-validator/ajv#2455 docs: clarify behaviour of addVocabulary by @​jasoniangreen in ajv-validator/ajv#2454 docs: refactor to improve legibility by @​blottn in ajv-validator/ajv#2432 Fix grammatical typo in managing-schemas.md by @​wetneb in ajv-validator/ajv#2305 docs: Fix broken strict-mode link by @​alexanderjsx in ajv-validator/ajv#2459 feat: add test for encoded refs and bump fast-uri by @​jasoniangreen in ajv-validator/ajv#2449 fix: changes for @​typescript-eslint/array-type rule by @​jasoniangreen in ajv-validator/ajv#2467 fixes ajv-validator/ajv#2217 - clarify custom keyword naming by @​jasoniangreen in ajv-validator/ajv#2457

v8.17.0

What's Changed

The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

• Revert "Revert fast-uri change (#2444)" by @​gurgunday in ajv-validator/ajv#2448
• fix: ignore new eslint error for @​typescript-eslint/no-extraneous-class by @​jasoniangreen in ajv-validator/ajv#2455
• docs: clarify behaviour of addVocabulary by @​jasoniangreen in ajv-validator/ajv#2454
• docs: refactor to improve legibility by @​blottn in ajv-validator/ajv#2432
• Fix grammatical typo in managing-schemas.md by @​wetneb in ajv-validator/ajv#2305
• docs: Fix broken strict-mode link by @​alexanderjsx in ajv-validator/ajv#2459
• feat: add test for encoded refs and bump fast-uri by @​jasoniangreen in ajv-validator/ajv#2449
• fix: changes for @​typescript-eslint/array-type rule by @​jasoniangreen in ajv-validator/ajv#2467
• fixes #2217 - clarify custom keyword naming by @​jasoniangreen in ajv-validator/ajv#2457

... (truncated)

Commits

• 142ce84 8.18.0
• 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
• 82735a1 fix: typos in schema-language.md (#2507)
• b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
• 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
• f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
• 9050ba1 bump version to 8.17.1 (#2472)
• f7831b4 fixes #2217 - clarify custom keyword naming (#2457)
• a523784 fix: changes for @​typescript-eslint/array-type rule (#2467)
• 595fe58 feat: add test for encoded refs and bump fast-uri (#2449)
• Additional commits viewable in compare view

Updates cross-env from 7.0.3 to 10.1.0

Release notes

Sourced from cross-env's releases.

v10.1.0

10.1.0 (2025-09-29)

Features

• add support for default value syntax (152ae6a)

For example:

"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",

If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

v10.0.0

10.0.0 (2025-07-25)

TL;DR: You should probably not have to change anything if:

• You're using a modern maintained version of Node.js (v20+ is tested)
• You're only using the CLI (most of you are as that's the intended purpose)

In this release (which should have been v8 except I had some issues with automated releases 🙈), I've updated all the things and modernized the package. This happened in #261

Was this needed? Not really, but I just thought it'd be fun to modernize this package.

Here's the highlights of what was done.

• Replace Jest with Vitest for testing
• Convert all source files from .js to .ts with proper TypeScript types
• Use zshy for ESM-only builds (removes CJS support)
• Adopt @​epic-web/config for TypeScript, ESLint, and Prettier
• Update to Node.js >=20 requirement
• Remove kcd-scripts dependency
• Add comprehensive e2e tests with GitHub Actions matrix testing
• Update GitHub workflow with caching and cross-platform testing
• Modernize documentation and remove outdated sections
• Update all dependencies to latest versions
• Add proper TypeScript declarations and exports

The tool maintains its original functionality while being completely modernized with the latest tooling and best practices

BREAKING CHANGES

• This is a major rewrite that changes the module format from CommonJS to ESM-only. The package now requires Node.js >=20 and only exports ESM modules (not relevant in most cases).

Commits

• 152ae6a feat: add support ofr default value syntax
• bd70d1a chore: upgrade zshy
• 8e0b190 chore(ci): get coverage
• 8635e80 fix(release): manually release a major version
• 3a58f22 chore: fix npmrc registry
• b70bfff chore(ci): add names to steps and workflows
• cc5759d fix(release): manually release a major version
• 080a859 chore: remove publish script
• 31e5bc7 chore(ci): restore built files
• 81e9c34 chore(ci): add back semantic-release
• Additional commits viewable in compare view

Updates cross-fetch from 4.0.0 to 4.1.0

Release notes

Sourced from cross-fetch's releases.

v4.1.0

What's Changed

FEATURES

• Added support for Node 22.
• Upgraded node-fetch to 2.7.0. Please refer to node-fetch release notes between 2.6.13 and 2.7.0 for features and bug fixes.

FIXES

• Upgraded whatwg-fetch to 3.6.20. Please refer to whatwg-fetch release notes between 3.6.2 and 3.6.20 for bug fixes.

Changelog

Sourced from cross-fetch's changelog.

4.1.0 (2024-12-21)

Features

• added support for node 22 (074cd87)
• updated node-fetch to 2.7.0 (#192) (0ab2481)

Bug Fixes

• updated whatwg-fetch to 3.6.20 (#197) (df46c2a)

Commits

• 3415e1f chore(release): 4.1.0
• f0dbe54 chore: fixed release workflow
• df46c2a fix: updated whatwg-fetch to 3.6.20 (#197)
• 04846bc refactor: improved make targets output
• 0ab2481 feat: updated node-fetch to 2.7.0 (#192)
• 074cd87 feat: added support for node 22
• 4283bd9 chore: changed default node version to 20
• 625bf57 chore: updated action/setup-node to v4 and hmarr/debug-action to v3
• d24345b chore: updated actions/checkout and actions/cache to v4
• ccaf40b chore: switched minifier from @​rollup/plugin-terser to rollup-plugin-esbuild ...
• Additional commits viewable in compare view

Updates eslint-plugin-prettier from 5.1.3 to 5.5.5

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.5

Patch Changes

• #772 7264ed0 Thanks @​BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

• #776 77651a3 Thanks @​aswils! - fix: bump synckit for yarn PnP ESM issue

v5.5.4

Patch Changes

• #755 723f7a8 Thanks @​kbrilla! - fix: add 'oxc', 'oxc-ts' and 'hermes' parsers to parserBlocklist

• #751 cf52b30 Thanks @​andreww2012! - fix: disallow extra properties in rule options

v5.5.3

republish the latest version

Full Changelog: prettier/eslint-plugin-prettier@v5.5.2...v5.5.3

v5.5.2

republish the latest version

Full Changelog: prettier/eslint-plugin-prettier@v5.5.1...v5.5.2

v5.5.1

Patch Changes

• #748 bfd1e95 Thanks @​JounQin! - fix: use prettierRcOptions directly for prettier 3.6+

Full Changelog: prettier/eslint-plugin-prettier@v5.5.0...v5.5.1

v5.5.0

Minor Changes

• #743 92f2c9c Thanks @​dotcarmen! - feat: support non-js languages like css for @eslint/css and json for @eslint/json

New Contributors

• @​dotcarmen made their first contribution in prettier/eslint-plugin-prettier#743

Full Changelog: prettier/eslint-plugin-prettier@v5.4.1...v5.5.0

v5.4.1

Patch Changes

• #740 c21521f Thanks @​JounQin! - fix(deps): bump synckit to v0.11.7 to fix potential TypeError: Cannot read properties of undefined (reading 'message') error

Full Changelog: prettier/eslint-plugin-prettier@v5.4.0...v5.4.1

v5.4.0

Minor Changes

... (truncated)

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.5

Patch Changes

• #772 7264ed0 Thanks @​BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

• #776 77651a3 Thanks @​aswils! - fix: bump synckit for yarn PnP ESM issue

5.5.4

Patch Changes

• #755 723f7a8 Thanks @​kbrilla! - fix: add 'oxc', 'oxc-ts' and 'hermes' parsers to parserBlocklist

• #751 cf52b30 Thanks @​andreww2012! - fix: disallow extra properties in rule options

5.5.1

Patch Changes

• #748 bfd1e95 Thanks @​JounQin! - fix: use prettierRcOptions directly for prettier 3.6+

5.5.0

Minor Changes

• #743 92f2c9c Thanks @​dotcarmen! - feat: support non-js languages like css for @eslint/css and json for @eslint/json

5.4.1

Patch Changes

• #740 c21521f Thanks @​JounQin! - fix(deps): bump synckit to v0.11.7 to fix potential TypeError: Cannot read properties of undefined (reading 'message') error

5.4.0

Minor Changes

• #736 59a0cae Thanks @​yashtech00! - refactor: migrate worker.js to worker.mjs

5.3.1

Patch Changes

• #734 dcf2c80 Thanks @​JounQin! - ci: enable NPM_CONFIG_PROVENANCE env

5.3.0

Minor Changes

... (truncated)

Commits

• e2c154a chore: release eslint-plugin-prettier (#773)
• 6795c1a build(deps): Bump the actions group across 1 directory with 2 updates (#774)
• 77651a3 fix: bump synckit for yarn PnP ESM issue (#776)
• 7264ed0 chore: bump prettier-linter-helpers to v1.0.1 (#772)
• e11a5b7 build(deps): Bump the actions group across 1 directory with 3 updates (#769)
• befda88 ci: enable trusted publishing (#757)
• e2c31d2 chore: release eslint-plugin-prettier (#756)
• 98a8bfd chore(deps): update all dependencies (#750)
• cf52b30 fix: disallow extra properties in rule options (#751)
• 723f7a8 fix: add 'oxc', 'oxc-ts' and 'hermes' parsers to parserBlocklist (#755)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-prettier since your current version.

Updates form-data from 4.0.4 to 4.0.5

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

• [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
• [Dev Deps] update @ljharb/eslint-config, eslint 5822467
• [Fix] set Symbol.toStringTag in the proper place 76d0dee

Commits

• 68ff7dd v4.0.5
• 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
• 76d0dee [Fix] set Symbol.toStringTag in the proper place
• 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
• See full diff in compare view

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Updates jimp from 0.22.12 to 1.6.0

Release notes

Sourced from jimp's releases.

v1.6.0

Release Notes

Add support for image decoder options (#1336)

Can now have options for the underlying image codecs

---

🚀 Enhancement

• @jimp/core, @jimp/types, @jimp/js-bmp, @jimp/js-jpeg, @jimp/js-png
  • Add support for image decoder options #1336 (@​hipstersmoothie)

⚠️ Pushed to main

• jimp
  • add readme to jimp (@​hipstersmoothie)

Authors: 1

• Andrew Lisowski (@​hipstersmoothie)

v1.4.0

🚀 Enhancement

• @jimp/core
  • Let Jimp.read accept a Buffer #1332 (@​hipstersmoothie)
• jimp
  • Export measure text functions from jimp package #1333 (@​hipstersmoothie)
  • Add JimpMime constant #1331 (@​hipstersmoothie)
  • add JimpInstance type #1330 (@​hipstersmoothie)

🐛 Bug Fix

• @jimp/utils, @jimp/plugin-print
  • Bind callback to image instance #1335 (@​hipstersmoothie)

⚠️ Pushed to main

• @jimp/core, @jimp/types, @jimp/utils, @jimp/plugin-print, @jimp/plugin-quantize, @jimp/wasm-webp
  • fix docs build (@​hipstersmoothie)

📝 Documentation

• @jimp/plugin-blit, @jimp/plugin-print
  • Misc doc updates #1334 (@​hipstersmoothie)

... (truncated)

Changelog

Sourced from jimp's changelog.

v1.5.0 (Mon Sep 09 2024)

Release Notes

Add support for image decoder options (#1336)

Can now have options for the underlying image codecs

---

🚀 Enhancement

• @jimp/core, @jimp/types, @jimp/js-bmp, @jimp/js-jpeg, @jimp/js-png
  • Add support for image decoder options #1336 (@​hipstersmoothie)

⚠️ Pushed to main

• jimp
  • add readme to jimp (@​hipstersmoothie)

Authors: 1

• Andrew Lisowski (@​hipstersmoothie)

---

v1.5.0 (Sat Sep 07 2024)

Release Notes

Add support for image decoder options (#1336)

Can now have options for the underlying image codecs

---

🚀 Enhancement

• @jimp/core, @jimp/types, @jimp/js-bmp, @jimp/js-jpeg, @jimp/js-png
  • Add support for image decoder options #1336 (@​hipstersmoothie)

Authors: 1

• Andrew Lisowski (@​hipstersmoothie)

---

... (truncated)

Commits

• c88abe6 Bump version to: v1.6.0 [skip ci]
• 62ce3d7 Update CHANGELOG.md [skip ci]
• afa0917 add readme to jimp
• 9b8d610 Bump version to: v1.5.0 [skip ci]
• 9eceb9b Update CHANGELOG.md [skip ci]
• a1fac89 Add support for image decoder options (#1336)
• c1b91e9 Bump version to: v1.4.0 [skip ci]
• 39dfcbc Update CHANGELOG.md [skip ci]
• ea01eac Bind callback to image instance (#1335)
• 11cd408 Let Jimp.read accept a Buffer (#1332)
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Updates @types/lodash from 4.17.1 to 4.17.24

Commits

• See full diff in compare view

Updates mime-types from 2.1.35 to 3.0.2

Release notes

Sourced from mime-types's releases.

v3.0.2

What's Changed

• fix: use ubuntu-latest as ci runner by @​UlisesGascon in jshttp/mime-types#143
• [StepSecurity] Apply security best practices by @​step-security-bot in jshttp/mime-types#141
• fix: mime-score logic for mp4 types by @​broofa in jshttp/mime-types#140
• 🧪 add engines test by @​ctcpip in jshttp/mime-types#136
• chore: add funding to package.json by @​Phillip9587 in jshttp/mime-types#158
• build(deps): bump github/codeql-action from 3.27.9 to 3.30.0 by @​dependabot[bot] in jshttp/mime-types#163
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in jshttp/mime-types#164
• build(deps): bump actions/setup-node from 4 to 5 by @​dependabot[bot] in jshttp/mime-types#166
• build(deps): bump github/codeql-action from 3.30.0 to 3.30.5 by @​dependabot[bot] in jshttp/mime-types#168
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by @​dependabot[bot] in jshttp/mime-types#167
• build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @​dependabot[bot] in jshttp/mime-types#150
• build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in jshttp/mime-types#144
• build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @​dependabot[bot] in jshttp/mime-types#148
• build(deps-dev): bump mocha from 10.2.0 to 10.8.2 by @​dependabot[bot] in jshttp/mime-types#149
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in jshttp/mime-types#147
• fix: update JSDoc to convey only false return by @​kellyselden in jshttp/mime-types#152
• build(deps-dev): bump eslint-plugin...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
stoat-docs	Ready	Preview	Apr 2, 2026 4:07am

[stoat-app]

Easy and customizable dashboards for your build system. Learn more about Stoat ↗︎

Chart

Job Runtime