chore(deps): bump the minor-patch-other group across 1 directory with 32 updates

[dependabot]

Bumps the minor-patch-other group with 31 updates in the / directory:

Package	From	To
@godaddy/terminus	4.11.0	4.12.1
bowser	2.11.0	2.14.1
braintree-web-drop-in	1.42.0	1.46.1
canvas	3.1.0	3.2.3
canvas-confetti	1.5.1	1.9.4
deepool	3.0.0	3.0.1
dompurify	3.3.2	3.4.10
express-winston	4.1.0	4.2.0
fuse.js	7.1.0	7.4.2
gsap	3.12.5	3.15.0
js-cookie	3.0.5	3.0.8
jsonwebtoken	9.0.2	9.0.3
libphonenumber-js	1.11.4	1.13.6
linkify-string	4.3.2	4.3.3
lodash	4.17.23	4.18.1
make-fetch-happen	15.0.4	15.0.6
memjs	1.3.0	1.3.2
passport-auth0	1.4.4	1.4.5
prom-client	15.0.0	15.1.3
qrcode.vue	3.4.1	3.10.0
serialize-javascript	7.0.4	7.0.5
timesync	1.0.8	1.0.11
whatwg-fetch	3.6.2	3.6.20
winston	3.3.3	3.19.0
happy-dom	20.0.10	20.10.4
istanbul-reports	3.1.7	3.2.0
junit-report-merger	9.0.3	9.0.4
mocha-junit-reporter	2.0.2	2.2.1
sass	1.89.0	1.101.0
semver	7.7.2	7.8.4
wait-on	9.0.4	9.0.10

Updates @godaddy/terminus from 4.11.0 to 4.12.1

Release notes

Sourced from @​godaddy/terminus's releases.

v4.12.1

4.12.1 (2023-06-23)

Bug Fixes

• example/postgres/package.json to reduce vulnerabilities (#275) (aea2f6d)

v4.12.0

4.12.0 (2023-04-16)

Features

• status: Custom status response (#192) (f61009a)

v4.11.2

4.11.2 (2022-08-29)

Bug Fixes

• upgrade mongodb from 3.1.13 to 3.7.3 (#218) (47cca48)

v4.11.1

4.11.1 (2022-07-10)

Bug Fixes

• ts: trigger release for PR 214 (#215) (85141ce)

Commits

• aea2f6d fix: example/postgres/package.json to reduce vulnerabilities (#275)
• d0df104 Create PULL_REQUEST_TEMPLATE.md
• 734c6f7 Update issue templates
• 408729a Update README.md
• be9d4dd chore(deps): bump actions/checkout from 2 to 3 (#237)
• f61009a feat(status): Custom status response (#192)
• c02925b Add cluster section to readme (#213)
• f626532 chore(deps-dev): bump mocha from 10.0.0 to 10.2.0 (#229)
• 5e5361d chore(deps-dev): bump @​types/koa from 2.13.1 to 2.13.5 (#228)
• cf57391 chore(deps): bump json5 from 1.0.1 to 1.0.2 (#225)
• Additional commits viewable in compare view

Updates bowser from 2.11.0 to 2.14.1

Release notes

Sourced from bowser's releases.

v2.14.1

Changes

• FIX: attempt to resolve including not needed files in bundle @​naorpeled (#604)

v2.14.0

Changes

• [FEAT]: Add Smart TV platform detection @​copilot-swe-agent (#582)
• [FEAT]: Add Brave browser support @​copilot-swe-agent (#597)
• [FEAT]: Add Line spider detection @​hijamoya (#600)
• [FEAT]: Add DuckDuckGo browser support @​jonathanKingston (#595)
• [FEAT]: Add Slack bot detection @​hijamoya (#596)

v2.13.1

Changes

• [REVERT]: rollback addition of named exports @​naorpeled (#591)

v2.13.0

Changes

• [FEAT]: add support for latest MacOS @​naorpeled & @​seijikohara (#580)
• [FEAT]: add Sogou browser support @​naorpeled & @​NotEvenANeko (#579)
• [FEAT]: add LibreWolf browser detection as standalone type @​copilot-swe-agent (#578)
• [FEAT]: add support for AI crawl bots @​naorpeled (#577)
• [FEAT]: add more bot platforms @​luciomartinez (#542)
• [FEAT]: Add some named exports for tree shaking support with Vite and modern bundlers @​copilot-swe-agent (#566)
• [FEAT]: Add Support for HarmonyOS User-Agent Detection @​copilot-swe-agent (#567)
• [CHORE]: Add Copilot instructions for repository @​copilot-swe-agent (#574)

v2.12.1

Changes

• [REVERT] rollback default export to = syntax in type definitions @​naorpeled (#570)

v2.12.0

Changes

• [DOCS]: remove artifact links from README @​meirroth (#549)
• [CI]: add release drafter @​naorpeled (#545)
• [DOCS]: fix link to doc page on README.md @​pastak (#543)
• [FEAT]: add bot as a platform @​luciomartinez (#540)
• [FEAT]: update types of parser methods @​cwenwen (#449)
• [FIX]: fixed getBrowserTypeByAlias docs @​idmadj (#467)
• [FEAT]: Nokia Vendor @​daniol (#448)
• [FIX]: correct default export in type definitions @​radiosilence (#465)
• [FEAT]: Pale Moon Browser Support @​mehmetakify (#495)
• [FEAT]: added missing type definitions for isEngine, isOS, isPlatform, compareVersion @​matheushahnn (#500)
• [DOCS]: resolve typos @​naorpeled (#528)

... (truncated)

Changelog

Sourced from bowser's changelog.

Bowser Changelog

Commits

• eb3f153 fix: attempt to resolve build issues (#604)
• 740d6c4 Update npm to latest version before publishing to npm registry (#603)
• 2bb8cae fix: remove prepublish hook
• 382bc22 chore: update publish flow
• e2318ef fix: attemp to resolve NPM publish issues
• 8f9badd chore: update publish flow
• 5032e0e docs: resolve missing referenced links in index page
• a2d6ce8 feat: add Smart TV platform detection (#582)
• 227f5ec feat: add Brave browser support via clientHints (#597)
• fa08e7c docs: fix badges
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for bowser since your current version.

Updates braintree-web-drop-in from 1.42.0 to 1.46.1

Release notes

Sourced from braintree-web-drop-in's releases.

v1.46.1

• Sanitize Venmo username before adding it to the DOM

v1.46.0

• Apple Pay
  • Add optional domainName parameter to Drop-in Apple Pay configuration to support merchants using Drop-in in cross-origin iframes.

v1.44.0

• Update Braintree web dependency
  • braintree-web to 3.113.0

v1.43.0

Update Braintree web dependancies

• asset-loader to 2.0.1
• browser-detection to 2.0.1
• uuid to 1.0.0
• braintree-web to 3.103.0

Changelog

Sourced from braintree-web-drop-in's changelog.

1.46.1

• Sanitize Venmo username before adding it to the DOM

1.46.0

• Add optional domainName parameter to Drop-in Apple Pay configuration to support merchants using Drop-in in cross-origin iframes.

1.45.2

• Fix translations strings that had an extra '}' in some languages.

1.45.1

• Update dependencies
  • braintree-web to 3.123.2
    • Fixes bug where some UK postal codes were incorrectly failing validation

1.45.0

• Fix bug where field would be incorrectly presented as invalid while using autocomplete
• Update Braintree web dependencies
  • braintree-web to 3.122.0

1.44.1

• Fix bug where the last card field would not display a message if the user tabbed to the Paypal Collection notice
• Update Braintree web dependencies
  • asset-loader to 2.0.2
  • browser-detection to 2.0.2
  • uuid to 1.0.1
  • braintree-web to 3.115.1

1.44.0

• Update Braintree web dependency
  • braintree-web to 3.113.0

1.43.0

• Update Braintree web dependencies
  • asset-loader to 2.0.1
  • browser-detection to 2.0.1
  • uuid to 1.0.0
  • braintree-web to 3.103.0

Commits

• 9b76e31 1.46.1
• df908f0 Update version to 1.46.1
• 63ce586 Merge pull request #983 from braintree/sanitize-venmo-username
• 02bbdbe sanitize venmo username
• 696bb0b change browserstack CI build to manual trigger
• dc6279d Merge pull request #980 from braintree/DTBTWEB-1087-bstack-projectname
• 3a47985 fix path
• 2724e70 update projectName
• 950d523 update browserstack projectName
• 7b22864 1.46.0
• Additional commits viewable in compare view

Updates canvas from 3.1.0 to 3.2.3

Release notes

Sourced from canvas's releases.

v3.2.3

Fixed

• Fix building with gcc (#2559)

v3.2.2

Fixed

• Fix dangling env pointer in image MIME data cleanup (#2550)
• Fix ctx.direction not affected by ctx.save and ctx.restore
• Preserve rest of PDF pages when changing width and height (#2538)
• Several security fixes for untrusted inputs to getImageData and putImageData. Thanks to Ethan Kim for the report.

v3.2.1

3.2.1

• Fix error message HTTP response status code in image src setter
• roundRect() shape incorrect when radii were large relative to rectangle size (#2400)
• Reject loadImage when src is null or invalid (#2304)
• Fix compilation on GCC 15 by including <cstdint> (#2545)

v3.2.0

3.2.0

Added

• Added ctx.lang to set the ISO language code for text

v3.1.2

3.1.2

Fixed

• Fix crash when setting width/height on PDF, SVG canvas (#2520)

v3.1.1

3.1.1

This release also introduces arm64 prebuilds for Linux!

Fixed

• Fix a crash when SVGs without width or height are loaded (#2486)
• Fix fetching prebuilds during installation on certain newer versions of Node (#2497)
• Fixed issue with fillText that was breaking subsequent fillText calls (#2171)
• Fix svg rendering when the image is resized (#2498)
• Fix measureText with direction rtl textAlign start/end
• Fix a crash in Node 24, due to external memory API change (#2514)

Changelog

Sourced from canvas's changelog.

3.2.3

Fixed

• Fix building with gcc (#2559)

3.2.2

Fixed

• Fix dangling env pointer in image MIME data cleanup (#2550)
• Fix ctx.direction not affected by ctx.save and ctx.restore
• Preserve rest of PDF pages when changing width and height (#2538)
• Several security fixes for untrusted inputs to getImageData and putImageData. Thanks to Ethan Kim for the report.

3.2.1

• Fix error message HTTP response status code in image src setter
• roundRect() shape incorrect when radii were large relative to rectangle size (#2400)
• Reject loadImage when src is null or invalid (#2304)
• Fix compilation on GCC 15 by including (#2545)

3.2.0

Added

• Added ctx.lang to set the ISO language code for text

3.1.2

Fixed

• Fix crash when setting width/height on PDF, SVG canvas (#2520)

3.1.1

Fixed

• Fix a crash when SVGs without width or height are loaded (#2486)
• Fix fetching prebuilds during installation on certain newer versions of Node (#2497)
• Fixed issue with fillText that was breaking subsequent fillText calls (#2171)
• Fix svg rendering when the image is resized (#2498)
• Fix measureText with direction rtl textAlign start/end
• Fix a crash in Node 24, due to external memory API change (#2514)

Commits

• f91598e v3.2.3
• 1541544 PAGE_SIZE shouldn't be unsigned
• ac82fa7 v3.2.2
• 103a620 add the last flurry of commits to CHANGELOG
• 7304c7a avoid integer overflow in getImageData
• f9fcc5f avoid integer overflow in putImageData
• 802a8ca avoid integer overflow in new ImageData
• 9d1b478 wrap negative values passed to createImageData
• 779483c bail early when setting zero-length image source
• 22ed2b7 make canvas types unsigned
• Additional commits viewable in compare view

Updates canvas-confetti from 1.5.1 to 1.9.4

Release notes

Sourced from canvas-confetti's releases.

1.9.4

What's Changed

• Fix error in canDrawBitmap if OffscreenCanvas exists but is not supported by @​Gavin-Hofer in catdad/canvas-confetti#258

Maintenance

• updating github actions to the latest versions by @​catdad in catdad/canvas-confetti#259

New Contributors

• @​Gavin-Hofer made their first contribution in catdad/canvas-confetti#258

Full Changelog: catdad/canvas-confetti@1.9.3...1.9.4

1.9.3

Bug Fixes

• Checking that the canvas is still on the page before removing it by @​Bwc9876 in catdad/canvas-confetti#229

Testing improvements

• using new Chrome headless mode for tests (mostly because the annoying message, but also because it will be the default soon) by @​catdad in catdad/canvas-confetti#216
• using flat confetti for scale tests, for better consistency by @​catdad in catdad/canvas-confetti#218

New Contributors

• @​Bwc9876 made their first contribution in catdad/canvas-confetti#229

Full Changelog: catdad/canvas-confetti@1.9.2...1.9.3

1.9.2

• Fixed a bug that caused Emoji confetti to render poorly in Firefox -- see #213

catdad/canvas-confetti@1.9.1...1.9.2

1.9.1

• Fixed a bug that caused Emoji confetti to not work in Safari -- see #209

catdad/canvas-confetti@1.9.0...1.9.1

1.9.0

• 🎉 Emoji are finally here 🎉 Create confetti from any emoji you'd like, using the confetti.shapeFromText() helper -- see #82 and #206

catdad/canvas-confetti@1.8.0...1.9.0

1.8.0

• Custom confetti shapes are here! You can now use any SVG Path string to make a custom confetti shape, using the confetti.shapeFromPath() helper -- see #81 and #203

catdad/canvas-confetti@1.7.0...1.8.0

1.7.0

• Added a flat option to allow rendering confetti without any tilt or wobble -- see #157 and #202

catdad/canvas-confetti@1.6.1...1.7.0

... (truncated)

Commits

• 5f77cde bumping version to 1.9.4
• f0027c6 updating to use github action as trusted publisher
• 0566ad2 Merge pull request #258 from Gavin-Hofer/gavin/fix-offscreen-canvas-error
• 51e7932 Merge branch 'master' into gavin/fix-offscreen-canvas-error
• c4385c8 Merge pull request #259 from catdad/actions-update
• 4bf60a5 updating linting to later versions that work in node 24
• 0d755bc using latest version of node
• 664a8bb updating actions to the latest versions
• c1748fe Fixed error in canDrawBitmap if OffscreenCanvas exists but is not supported
• 320381b bumping version to 1.9.3
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for canvas-confetti since your current version.

Updates deepool from 3.0.0 to 3.0.1

Commits

• d204153 updating moduloze and qunit dependencies
• 65ed552 README: adding new info badge(s)
• See full diff in compare view

Updates dompurify from 3.3.2 to 3.4.10

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.10

• Refactored codebase for clarity: extracted the public type declarations into types.ts
• Decomposed the three largest sanitizer functions into focused helpers
• Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
• Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
• Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
• Reduced CI cost by running the full three-engine browser suite once per PR
• Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
• Documented the bench and test:happydom scripts in the README
• Completed the Attack Classes & Bypass History wiki page
• Bumped several dependencies where possible

DOMPurify 3.4.9

• Further improved the handling of Trusted Types config options, thanks @​offset
• Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
• Added more test coverage for IN_PLACE and Trusted Types related usage
• Bumped several dependencies where possible
• Updated README and wiki with more accurate documentation & attack samples

DOMPurify 3.4.8

• Cleaned up the repository root, renamed some and removed unneeded files
• Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
• Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
• Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
• Bumped several dependencies where possible

DOMPurify 3.4.7

• Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
• Removed a problem leading to permanent hook pollution, thanks @​offset
• Refactored the test suite and expanded test coverage significantly

DOMPurify 3.4.6

• Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @​offset & @​Bankde
• Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @​offset & @​Bankde
• Added more test coverage for IN_PLACE and general DOM Clobbering attacks
• Bumped several dependencies where possible

DOMPurify 3.4.5

• Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @​KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

• Added the selectedcontent element to default allow-list, thanks @​lukewarlow
• Added the command and commandfor attributes to default allowed-list, thanks @​lukewarlow
• Added better template scrubbing for IN_PLACE operations, thanks @​DEMON1A
• Added stronger checks for cross-realm windows, thanks @​DEMON1A & @​fg0x0
• Updated demo website and made sure it uses the latest from main
• Updated existing workflows, fuzzer, dependabot, etc., added more tests
• Bumped several dependencies where possible

... (truncated)

Commits

• 6ee5716 release: 3.4.10 (#1478)
• 5210247 release: 3.4.9 (#1459)
• bcdd828 release: 3.4.8 (#1439)
• ca30f07 release: 3.4.7 (#1414)
• bb7739e release: 3.4.6 (#1394)
• 011b0c7 release: 3.4.5 (#1382)
• 5817ad9 release: 3.4.4 (#1374)
• 520edb0 release: 3.4.3 (#1352)
• 6f67fd3 Sync/3.4.2 (#1322)
• 5b0cdbb chore: merge main into 3.x for 3.4.1 release (#1301)
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates express-winston from 4.1.0 to 4.2.0

Release notes

Sourced from express-winston's releases.

v4.2.0

• Upgraded lodash to 4.17.21 minimum (#264)
• Fixed typos and Readme format (#262)

Published as + [email protected]

Changelog

Sourced from express-winston's changelog.

4.2.0

• Upgraded lodash to 4.17.21 minimum (#264)
• Fixed typos and Readme format (#262)

Commits

• e17d87b Version bump 4.2.0
• bdba1d3 Fix #264: Upgrade lodash to 4.17.21 minimum
• 10cd3a4 Fix Readme typos and format (#262)
• See full diff in compare view

Updates fuse.js from 7.1.0 to 7.4.2

Release notes

Sourced from fuse.js's releases.

v7.4.2

Bug Fixes

• types: ship CommonJS type declarations (.d.cts) so consumers on moduleResolution: node16/nodenext no longer hit TS1479 ("masquerading as ESM") when importing the package from a CommonJS project. The lib entries now resolve to a runtime-accurate export = declaration and the worker to its named declaration, via the require exports condition. (#780)

Full Changelog: krisk/Fuse@v7.4.1...v7.4.2

v7.4.1

Bug Fixes

• types: ship TypeScript declarations for fuse.js/worker (572ad1e), closes #828
• types: add TypeScript declarations for fuse.js/worker-script (6ef6c33), closes #828

Both worker subpaths now resolve types under node16/nodenext and bundler module resolution.

v7.4.0

First stable on the 7.4 line. Aggregates everything from the 7.4.0-beta.1 → 7.4.0-beta.8 cycle. See CHANGELOG.md for the per-beta breakdown.

Features

• FuseWorker — parallel search via Web Workers (9ba192c). New FuseWorker class shards the collection across workers, runs searches in parallel, and preserves the same result ordering as Fuse. See the Web Workers guide.
• token-search: tokenMatch: 'all' | 'any' option for AND/OR semantics (#827, 9f979d0). Default 'any' preserves existing behavior; 'all' requires every query word to match somewhere in a record (term-centric AND), useful for filter-style queries.
• token-search: customizable tokenizer with unicode-aware default (#821, 8e55cae). New tokenize?: RegExp | (text: string) => string[] option; the default regex now segments CJK, Cyrillic, Greek, Arabic, etc. out of the box.

Bug Fixes

• matches: report array-path keys as dotted strings (acd54e8). Previously match.key leaked a raw string[] for keys declared as path arrays (e.g. keys: [['author', 'firstName']]), contradicting the documented FuseResultMatch.key: string type. Now emits the canonical dotted string ('author.firstName'). Behavior change: consumers relying on the array shape need to update.
• bitap: restrict highlight indices to matched window (#792, 622f105). Closes #505, #611, #691, #793.
• index: correct doc-index alignment for Fuse<string> with blank docs (0b8e3ca).
• core: invalidate searcher cache on collection mutation (fcf4228).
• token-search: renumber inverted index after doc removal (ea9356d).
• workers: preserve global refIndex across shards (e4217f9), match Fuse ordering and reject non-cloneable options (d571390), reject useTokenSearch in FuseWorker (8c6183d).
• match: explicitly reject useTokenSearch in Fuse.match (3959d91).
• correct fieldCount accounting and add reverse lookup in inverted index (54e702c).
• guard against empty-string crash in fieldNorm (e550ab1); skip consecutive spaces in fieldNorm word counting (5929af6).
• types: resolve typecheck errors and align KeyStore types (dbc115d).
• docs: reflect data edits in playground demo (#825, 6eff909).

Performance

• reuse bit arrays in Bitap search instead of allocating per error level (ec9b446)
• replace forEach with for loops in search hot paths (1945f49)
• fast-path Math.pow when exponent is 1 in computeScore (c82de57)
• pre-allocate records array and use for loops in FuseIndex.create (5800036)
• replace regex with loop for word counting in fieldNorm (5517a9b)
• use filter instead of reverse-splice in removeAll / remove (c74823b, 8372b0a)
• token-search: drop unused postings from inverted index (5ea216f)

Internal

... (truncated)

Changelog

Sourced from fuse.js's changelog.

7.4.2 (2026-06-05)

Bug Fixes

• types: emit CommonJS declarations (.d.cts) for node16/nodenext (#780) (33f5d29)

7.4.1 (2026-06-02)

Bug Fixes

• types: add TypeScript declarations for fuse.js/worker-script (6ef6c33), closes #828
• types: ship TypeScript declarations for fuse.js/worker (572ad1e), closes #828

7.4.0 (2026-05-30)

7.4.0-beta.8 (2026-05-25)

Bug Fixes

• matches: report array-path keys as dotted strings (acd54e8)

7.4.0-beta.7 (2026-05-22)

Features

• token-search: add tokenMatch 'all' | 'any' for AND/OR (#827) (9f979d0)

Bug Fixes

• docs: reflect data edits in playground demo (#825) (6eff909)

7.4.0-beta.6 (2026-05-14)

Bug Fixes

• bitap: restrict highlight indices to matched window (622f105), closes #792 #505 #611 #691 #793

7.4.0-beta.5 (2026-05-10)

Features

• token-search: add customizable tokenizer with unicode-aware default (8e55cae), closes #821

... (truncated)

Commits

• 9e63058 chore(release): 7.4.2
• 33f5d29 fix(types): emit CommonJS declarations (.d.cts) for node16/nodenext (#780)
• 7c6af4e build: replace rollup/babel/terser build with tsdown
• 50f6b24 chore(deps): pin fast-uri to ^3.1.2 via overrides
• 9e6ec22 chore(build): exit non-zero when a build step fails
• ff51f6b chore: source docs version from package.json, not npm view
• 08b77d9 chore: bump doc versions to 7.4.1
• ce75998 chore(release): 7.4.1
• e842baf test(types): guard that every exports subpath resolves to declarations
• 6ef6c33 fix(types): add TypeScript declarations for fuse.js/worker-script
• Additional commits viewable in compare view

Updates gsap from 3.12.5 to 3.15.0

Commits

• 13e2b79 3.15.0
• e830e8f 3.14.2
• 134104c 3.14.1
• 71c32b7 3.14.0
• 9f8eca1 3.13.0
• 5e13097 3.12.7
• f4f16d6 3.12.6
• See full diff in compare view

Updates js-cookie from 3.0.5 to 3.0.8

Release notes

Sourced from js-cookie's releases.

v3.0.8

• Restore ES5 compatibility, inadvertently broken in 3.0.7 - #959
• Lift Node version restriction, inadvertently restricted to >= 20 in 3.0.7 - #956

v3.0.7

• Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)
• Add Partitioned attribute to readme (b994768)
• Publish to npm registry via trusted publisher exclusively (4dc71be)
• Ensure consistent behaviour for get('name') + get() (1953d30)

Commits

• d7a1096 Craft v3.0.8 release
• 248e685 Use existing Chrome with puppeteer
• fc04269 Remove QUnit related workaround in Grunt config
• 265a685 Tidy up package lock file
• 478e591 Disable Node deprecation DEP0044 for release workflow
• 331d524 Fix node version config for E2E test job
• 11d773d Ensure ECMAScript compatibility
• d788646 Remove engines property from package
• e7d9a4d Fix typo in test assertion message
• b5fca24 Make credentials use explicit in release workflow
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for js-cookie since your current version.

Updates jsonwebtoken from 9.0.2 to 9.0.3

Changelog

Sourced from jsonwebtoken's changelog.

9.0.3 - 2025-12-04

• updates jws version to 4.0.1.

Commits

• ed59e76 chore: bump jws to 4.0.1 (#1007)
• See full diff in compare view

Updates libphonenumber-js from 1.11.4 to 1.13.6

Changelog

Sourced from libphonenumber-js's changelog.

1.13.6 / 5.6.2026

• Updated metadata to version 9.0.32:
  • Updated phone metadata for region code(s): DZ, JP, NO, SJ, SO, UG
  • Updated carrier data for country calling code(s): 33 (en), 47 (en), 233 (en), 252 (en), 256 (en)

1.13.5 / 03.06.2026

• Converted any "tagged" types back to simple strings. Originally, some developers lobbied the use of so-called "tagged" types in this package in order to return more "strict" values. My knowledge of TypeScript at that time was limited to just its title, so I naturally succumbed to that influence and merged whatever changes seemed to be consensual between the participants in the issue discussions. Now though I can see how the concept of "tagged" types is redundant and adds nothing, so I decided to revert any "tagged" types back to simple strings.

1.13.3 / 22.5.2026

• Updated metadata to version 9.0.31:
  • Updated alternate formatting data for country calling code(s): 84
  • Updated phone metadata for region code(s): AI, BO, DZ, ET, GE, GM, IN, TR, UG, VN
  • Updated short number metadata for region code(s): IT
  • Updated geocoding data for country calling code(s): 213 (en)
  • Updated carrier data for country calling code(s): 34 (en), 43 (en), 84 (en), 90 (en), 220 (en), 251 (en), 256 (en), 354 (en), 591 (en), 1264 (en)

1.13.0 / 08.05.2026

• Merged a pull request by Matt d'Entremont that adds ES6-only versions of min/max/mobile/core exports.

  • The new exports are:

    • min — libphonenumber-js/min/es6
    • max — libphonenumber-js/max/es6
    • mobile — libphonenumber-js/mobile/es6
    • "custom" — libphonenumber-js/core/es6

  • The bundle size reduction is roughly 37 KB raw and 3.8-4.1 KB gzipped.

                        | legacy raw | modern raw | legacy gzip | modern gzip
  min                   | 177,666 B  | 140,563 B  | 42,081 B    | 38,223 B
  max                   | 251,327 B  | 214,2...
Description has been truncated