Sourced from fastify's releases.

v5.8.1

⚠️ Security Release

Fixes "Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation": GHSA-573f-x89g-hqp9.

CVE-2026-3419

Full Changelog: fastify/fastify@v5.8.0...v5.8.1

v5.8.0

What's Changed

• docs(request): add host security warning references by @​mcollina in fastify/fastify#6476
• docs: fix note style by @​Fdawgs in fastify/fastify#6487
• chore: rename deploy website ci by @​Eomm in fastify/fastify#6492
• chore: support pino v9 and v10 by @​mcollina in fastify/fastify#6496
• chore: update logger types and fix TODO comment by @​Tony133 in fastify/fastify#6470
• refactor(test-types): migrate dummy-plugin to FastifyPluginAsync by @​Tony133 in fastify/fastify#6472
• docs: fix markdown typo in README.md by @​droppingbeans in fastify/fastify#6491
• test: cover non-numeric content-length client error path by @​mcollina in fastify/fastify#6500
• ci: remove tests-checker workflow by @​Tony133 in fastify/fastify#6481
• ci: remove stale.yml file by @​Tony133 in fastify/fastify#6504
• docs(security): remove hackerone references; change note style by @​Fdawgs in fastify/fastify#6501
• chore: rename @​sinclair/typebox to typebox by @​Tony133 in fastify/fastify#6494
• ci(links-check): add external link checker using linkinator-action by @​umxr in fastify/fastify#6386
• chore: upgrade borp to v1.0.0 by @​Tony133 in fastify/fastify#6510
• docs: Add OpenJS CNA reference to SECURITY.md by @​mcollina in fastify/fastify#6516
• fix: avoid mutating shared routerOptions across instances by @​mcollina in fastify/fastify#6515
• fix(types): accept async route hooks in shorthand options by @​mcollina in fastify/fastify#6514
• docs: Improve shutdown lifecycle documentation by @​kibertoad in fastify/fastify#6517
• chore: remove unused tsconfig.eslint.json by @​mrazauskas in fastify/fastify#6524
• feat: First-class support for handler-level timeouts by @​kibertoad in fastify/fastify#6521
• docs(security): clarify insecureHTTPParser threat model scope by @​mcollina in fastify/fastify#6533
• chore(license): standardise license notice by @​Fdawgs in fastify/fastify#6511
• docs: clarify anyOf nullable coercion behavior with primitive types by @​slegarraga in fastify/fastify#6531
• fix: remove format placeholder from FST_ERR_CTP_INVALID_MEDIA_TYPE message by @​super-mcgin in fastify/fastify#6528
• docs(reference/hooks): fix note style by @​Fdawgs in fastify/fastify#6538
• chore: Bump lycheeverse/lychee-action from 2.7.0 to 2.8.0 by @​dependabot[bot] in fastify/fastify#6539
• chore: Bump actions/dependency-review-action from 4.8.2 to 4.8.3 by @​dependabot[bot] in fastify/fastify#6540
• chore: Bump markdownlint-cli2 from 0.20.0 to 0.21.0 by @​dependabot[bot] in fastify/fastify#6542
• ci: remove broken links and add ecosystem link validator by @​mcollina in fastify/fastify#6421
• ci(validate-ecoystem-links): add job level permission by @​Fdawgs in fastify/fastify#6545
• style: remove trailing whitespace by @​Fdawgs in fastify/fastify#6543

New Contributors

• @​droppingbeans made their first contribution in fastify/fastify#6491
• @​umxr made their first contribution in fastify/fastify#6386
• @​slegarraga made their first contribution in fastify/fastify#6531
• @​super-mcgin made their first contribution in fastify/fastify#6528

Full Changelog: fastify/fastify@v5.7.4...v5.8.0

... (truncated)

• 073ff81 Bumped v5.8.1
• 67f6c9b Merge commit from fork
• 161578a chore: sync version
• 9b06a78 Bumped v5.8.0
• bbdfe82 style: remove trailing whitespace (#6543)
• cd58ed4 ci(validate-ecoystem-links): add job level permission (#6545)
• 2590592 ci: remove broken links and add ecosystem link validator (#6421)
• 09b55b6 chore: Bump markdownlint-cli2 from 0.20.0 to 0.21.0 (#6542)
• 43c4e38 chore: Bump actions/dependency-review-action from 4.8.2 to 4.8.3 (#6540)
• 3b40573 chore: Bump lycheeverse/lychee-action from 2.7.0 to 2.8.0 (#6539)
• Additional commits viewable in compare view

Sourced from qs's changelog.

6.14.2

• [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
• [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
• [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
• [Fix] parse: enforce arrayLimit on comma-parsed values
• [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
• [Robustness] avoid .push, use void
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [meta] fix changelog typo (arrayLength → arrayLimit)
• [actions] fix rebase workflow permissions

6.14.1

• [Fix] ensure arrayLimit applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

• [New] parse: add throwOnParameterLimitExceeded option (#517)
• [Refactor] parse: use utils.combine more
• [patch] parse: add explicit throwOnLimitExceeded default
• [actions] use shared action; re-add finishers
• [meta] Fix changelog formatting bug
• [Deps] update side-channel
• [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
• [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

• [Robustness] avoid .push, use void
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [actions] fix rebase workflow permissions

6.13.1

• [Fix] stringify: avoid a crash when a filter key is null
• [Fix] utils.merge: functions should not be stringified into keys
• [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
• [Fix] stringify: ensure a non-string filter does not crash
• [Refactor] use __proto__ syntax instead of Object.create for null objects
• [Refactor] misc cleanup

... (truncated)

• bdcf0c7 v6.14.2
• 294db90 [readme] document that addQueryPrefix does not add ? to empty output
• 5c308e5 [readme] clarify parseArrays and arrayLimit documentation
• 6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
• cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
• febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
• f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
• fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
• 1b9a8b4 [actions] fix rebase workflow permissions
• 2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
• Additional commits viewable in compare view

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

• Added DotenvPlugin and top level dotenv option to enable this plugin
• Added WebpackManifestPlugin
• Added support the ignoreList option in devtool plugins
• Allow to use custom javascript parse function

... (truncated)

Sourced from webpack's changelog.

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

• 24e3c2d chore(release): new release (#20253)
• 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
• c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
• 4b0501c ci: fix release (#20252)
• 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
• 5bf8bc5 refactor: types for benchmarks and tests
• 505a5e7 chore(release): new release (#20188)
• 0c06680 refactor: update eslint configuration
• 2eb0d6a ci: release announcement (#20238)
• b2b2459 ci: cancel in progress (#20239)
• Additional commits viewable in compare view

This version modifies prepare script that runs during installation. Review the package contents before updating.

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

• 60a2aa9 v15.5.10
• e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
• bf9f084 Sync DoS mitigations for React Flight
• c5de33e v15.5.9
• dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
• 7526cd6 v15.5.8
• 1e9ec41 Update React Version (#41)
• 16141e5 Update React Version (#30)
• e01e589 Backport Next.js changes to v15.5.8 (#23)
• Additional commits viewable in compare view

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

• f06f3e4 v4.0.4
• 0179a48 v4.0.3
• 4568cae Backport kpdecker/jsdiff#649
• 4de0ffa Backport kpdecker/jsdiff#647
• See full diff in compare view

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• d3418c7 3.4.0
• 7eb65d8 Merge pull request #88 from WebReflection/avoid-recusrion
• 7774aae Avoid recursion on parse due possible shenanigans
• Additional commits viewable in compare view

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Sourced from react-router's releases.

v6.30.3

See the changelog for release notes: https://github.com/remix-run/react-router/blob/v6/CHANGELOG.md#v6303

v6.30.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/v6/CHANGELOG.md#v6302

v6.30.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6301

v6.30.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6300

v6.29.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6290

v6.28.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6282

v6.28.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6281

v6.28.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6280

v6.27.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6270

v6.26.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6262

v6.26.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6261

v6.26.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6260

v6.25.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6251

v6.25.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6250

v6.24.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6241

v6.24.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6240

v6.23.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6231

... (truncated)

Sourced from react-router's changelog.

6.30.3

Patch Changes

• Updated dependencies:
  • @remix-run/[email protected]

6.30.2

Patch Changes

• Updated dependencies:
  • @remix-run/[email protected]

6.30.1

Patch Changes

• Partially revert optimization added in 6.29.0 to reduce calls to matchRoutes because it surfaced other issues (#13623)
• Stop logging invalid warning when v7_relativeSplatPath is set to false (#13502)

6.30.0

Minor Changes

• Add fetcherKey as a parameter to patchRoutesOnNavigation (#13109)

Patch Changes

• Updated dependencies:
  • @remix-run/[email protected]

6.29.0

Minor Changes

• Provide the request signal as a parameter to patchRoutesOnNavigation (#12900)

  • This can be used to abort any manifest fetches if the in-flight navigation/fetcher is aborted

Patch Changes

• Do not log v7 deprecation warnings in production builds (#12794)
• Limit matchRoutes optimization to client side routers (#12881)
• Optimize route matching by skipping redundant matchRoutes calls when possible (#12169)
• Updated dependencies:
  • @remix-run/[email protected]

6.28.2

... (truncated)

• c662ca3 chore: Update version for release (#14713)
• 98ad691 chore: Update version for release (pre-v6) (#14710)
• 26b5d45 chore: Update version for release (#14541)
• 919f8a8 chore: Update version for release (pre-v6) (#14540)
• 69bf705 Normalize double slashes in resolvePath (#14537)
• 3f2400e chore: Update version for release (#13647)
• 25a264d chore: Update version for release (pre-v6) (#13638)
• b5705a0 Remove matchRoutes optimization from render pass (#13623)
• 785f6f6 Prevent invalid warning for v7_relativeSplatPath (#13502)
• e4ba522 chore: Update version for release (#13128)
• Additional commits viewable in compare view

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for react-router since your current version.

Sourced from rollup's releases.

v3.30.0

3.30.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

• #6276: Validate bundle stays within output dir (@​lukastaegert)

v3.29.5

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Sourced from rollup's changelog.

3.30.0

2026-02-22

Features

• Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

• #6276: Validate bundle stays within output dir (@​lukastaegert)

3.29.5

2024-09-21

Bug Fixes

• Resolve CVE-2024-43788

3.29.4

2023-09-28

Bug Fixes

• Fix static analysis when an exported function uses callbacks (#5158)

Pull Requests

• #5158: Deoptimize all parameters when losing track of a function (@​lukastaegert)

3.29.3

2023-09-24

Bug Fixes

• Fix a bug where code was wrongly tree-shaken after mutating function parameters (#5153)

Pull Requests

• #5145: docs: improve the docs repl appearance in the light mode (@​TrickyPi)
• #5148: chore(deps): update dependency @​vue/eslint-config-typescript to v12 (@​renovate[bot])
• #5149: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5153: Fully deoptimize first level path when deoptimizing nested parameter paths (@​lukastaegert)

3.29.2

2023-09-15

... (truncated)

• d91d5e1 3.30.0
• 9677409 Update release script for backports
• c8cf1f9 Validate bundle stays within output dir (#6276)
• dfd233d 3.29.5
• 2ef77c0 Fix DOM Clobbering CVE
• a6448b9 3.29.4
• 4e92d60 Deoptimize all parameters when losing track of a function (#5158)
• 801ffd1 3.29.3
• 353e462 Fully deoptimize first level path when deoptimizing nested parameter paths (#...
• a1a89e7 chore(deps): update dependency @​vue/eslint-config-typescript to v12 (#5148)
• Additional commits viewable in compare view

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

• 60a2aa9 v15.5.10
• e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
• bf9f084 Sync DoS mitigations for React Flight
• c5de33e v15.5.9
• dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
• 7526cd6 v15.5.8
• 1e9ec41 Update React Version (#41)
• 16141e5 Update React Version (#30)
• e01e589 Backport Next.js changes to v15.5.8 (#23)
• Additional commits viewable in compare view

Sourced from qs's changelog.

6.14.2

• [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
• [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
• [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
• [Fix] parse: enforce arrayLimit on comma-parsed values
• [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
• [Robustness] avoid .push, use void
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [meta] fix changelog typo (arrayLength → arrayLimit)
• [actions] fix rebase workflow permissions

6.14.1

• [Fix] ensure arrayLimit applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

• [New] parse: add throwOnParameterLimitExceeded option (#517)
• [Refactor] parse: use utils.combine more
• [patch] parse: add explicit throwOnLimitExceeded default
• [actions] use shared action; re-add finishers
• [meta] Fix changelog formatting bug
• [Deps] update side-channel
• [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
• [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

• [Robustness] avoid .push, use void
• [readme] clarify parseArraysDescription has been truncated