Skip to content

build(deps): bump devalue from 5.6.3 to 5.8.1 (via audit fix)#530

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/devalue-5.8.1
Open

build(deps): bump devalue from 5.6.3 to 5.8.1 (via audit fix)#530
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/devalue-5.8.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Bumps devalue from 5.6.3 to 5.8.1.

Release notes

Sourced from devalue's releases.

v5.8.1

Patch Changes

  • 206ca67: fix: force sparse arrays to allocate sparsely

v5.8.0

Minor Changes

  • c5115b0: feat: add stringifyAsync for async serialization

v5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

v5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values

v5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

Changelog

Sourced from devalue's changelog.

5.8.1

Patch Changes

  • 206ca67: fix: force sparse arrays to allocate sparsely

5.8.0

Minor Changes

  • c5115b0: feat: add stringifyAsync for async serialization

5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values

5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 18, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 18, 2026 19:02
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 18, 2026
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented May 18, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
chat Error Error May 20, 2026 1:05pm
chat-sdk-nextjs-chat Error Error May 20, 2026 1:05pm

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/devalue-5.8.1 branch from 8fa420a to 504e822 Compare May 20, 2026 01:24
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/devalue-5.8.1 branch from 504e822 to bd1ccfe Compare May 20, 2026 01:38
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/devalue-5.8.1 branch from bd1ccfe to 59b9a4f Compare May 20, 2026 01:43
@dependabot
build(deps): bump devalue from 5.6.3 to 5.8.1 (via audit fix)
4e0e810 
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.6.3 to 5.8.1.
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v5.6.3...v5.8.1)

---
updated-dependencies:
- dependency-name: devalue
  dependency-version: 5.8.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/devalue-5.8.1 branch from 59b9a4f to 4e0e810 Compare May 20, 2026 13:05
@dancer dancer closed this May 20, 2026
@dancer dancer reopened this May 20, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 20, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dancer