build(deps): bump the npm_and_yarn group across 15 directories with 8 updates by dependabot[bot] · Pull Request #12 · omercnet/sst

dependabot · 2026-03-17T22:25:56Z

Bumps the npm_and_yarn group with 1 update in the /examples/aws-express directory: multer.
Bumps the npm_and_yarn group with 1 update in the /examples/aws-nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/aws-nextjs-redis directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/aws-nextjs-sharp directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/aws-nextjs-stream directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/aws-realtime-nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/aws-svelte-redis directory: svelte.
Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground directory: valibot.
Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground/sites/astro4 directory: astro.
Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground/sites/astro5 directory: astro.
Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground/sites/astro5-static directory: astro.
Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground/sites/nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/scrap directory: esbuild.
Bumps the npm_and_yarn group with 2 updates in the /platform directory: esbuild and glob.
Bumps the npm_and_yarn group with 1 update in the /sdk/js directory: hono.

Updates multer from 1.4.5-lts.2 to 2.1.1

Release notes

Sourced from multer's releases.

v2.1.1

Important

Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

What's Changed

chore: add node version to 25.x in CI by @imangas in expressjs/multer#1372

chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by @dependabot[bot] in expressjs/multer#1378

chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/multer#1377

chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by @dependabot[bot] in expressjs/multer#1376

chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by @dependabot[bot] in expressjs/multer#1375

chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by @dependabot[bot] in expressjs/multer#1374

fix error/abort handling by @ctcpip in expressjs/multer#1373

2.1.1 by @UlisesGascon in expressjs/multer#1380

New Contributors

@imangas made their first contribution in expressjs/multer#1372

@dependabot[bot] made their first contribution in expressjs/multer#1378

Full Changelog: expressjs/multer@v2.1.0...v2.1.1

v2.1.0

Important

Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)

Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

What's Changed

chore: add funding to package.json by @bjohansebas in expressjs/multer#1346

chore: drop mkdirp dependency by @wojtekmaj in expressjs/multer#1350

chore: drop object-assign dependency by @wojtekmaj in expressjs/multer#1351

chore: drop xtend dependency by @wojtekmaj in expressjs/multer#1352

chore(gitignore): ignore .nyc_output directory by @ShubhamOulkar in expressjs/multer#1332

Fix typo in README-vi.md regarding file upload by @Kunniii in expressjs/multer#1366

Fix typo in README-pt-br.md for array method by @matheushbm192 in expressjs/multer#1367

headers-support-utf8 by @Doc999tor in expressjs/multer#1210

Add Turkish translation (README-tr.md) by @Sabandogan in expressjs/multer#1360

Release: 2.1.0 by @UlisesGascon in expressjs/multer#1371

New Contributors

@wojtekmaj made their first contribution in expressjs/multer#1350

@ShubhamOulkar made their first contribution in expressjs/multer#1332

@Kunniii made their first contribution in expressjs/multer#1366

@matheushbm192 made their first contribution in expressjs/multer#1367

@Doc999tor made their first contribution in expressjs/multer#1210

@Sabandogan made their first contribution in expressjs/multer#1360

Full Changelog: expressjs/multer@v2.0.2...v2.1.0

... (truncated)

Changelog

Sourced from multer's changelog.

2.1.1

Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

fix error/abort handling

2.1.0

Add defParamCharset option for UTF-8 filename support (#1210)

Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)

Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

2.0.2

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

2.0.1

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

2.0.0

Breaking change: The minimum supported Node version is now 10.16.0

Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)

Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

Commits

368c8a1 2.1.1 (#1380)
7e66481 🐛 fix recursion issue
643571e ✅ add explicit test for client able to send body without abrupt disconnect
e86fa52 fix error/abort handling
ca37779 chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (#1374)
13088f4 chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (#1375)
bc6a1d1 chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (#1376)
c496e93 chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (#1377)
fa173d3 chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#1378)
17d7f51 chore: add node version to 25.x in CI
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Updates next from 14.2.15 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates next from 14.2.14 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates next from 15.3.0 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates next from 14.2.12 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates next from 14.2.3 to 16.1.7

Release notes

Sourced from next's releases.

v16.1.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

[Cache Components] Prevent streaming fetch calls from hanging in dev (#89194)

Apply server actions transform to node_modules in route handlers (#89380)

ensure maxPostponedStateSize is always respected (See: CVE-2026-27979)

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (See: CVE-2026-27980)

Allow blocking cross-site dev-only websocket connections from privacy-sensitive origins (See: CVE-2026-27977)

Disallow Server Action submissions from privacy-sensitive contexts by default (See: CVE-2026-27978)

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @unstubbable, @styfle, @eps1lon, and @ztanner for helping!

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

... (truncated)

Commits

bdf3e35 v16.1.7
dc98c04 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
9023c0a [backport] Disallow Server Action submissions from privacy-sensitive contexts...
36a97b9 Allow blocking cross-site dev-only websocket connections from privacy-sensiti...
93c3993 [backport]: feat(next/image): add lru disk cache and `images.maximumDiskCache...
c68d62d Backport documentation fixes for 16.1.x (#90655)
5214ac1 [backport]: ensure maxPostponedStateSize is always respected (#90060) (#90471)
c95e357 Backport/docs fixes 16.1.x (#90125)
cba6144 [backport] Apply server actions transform to node_modules in route handlers...
3db9063 [backport] [Cache Components] Prevent streaming fetch calls from hanging in d...
Additional commits viewable in compare view

Updates svelte from 4.2.20 to 5.54.0

Release notes

Sourced from svelte's releases.

[email protected]

Minor Changes

feat: allow css, runes, customElement compiler options to be functions (#17951)

Patch Changes

fix: reinstate reactivity loss tracking (#17801)

[email protected]

Patch Changes

fix: ensure $inspect after top level await doesn't break builds (#17943)

fix: resume inert effects when they come from offscreen (#17942)

fix: don't eagerly access not-yet-initialized functions in template (#17938)

fix: discard batches made obsolete by commit (#17934)

fix: ensure "is standalone child" is correctly reset (#17944)

fix: remove nodes in boundary when work is pending and HMR is active (#17932)

[email protected]

Patch Changes

fix: update select.__value on change (#17745)

chore: add invariant helper for debugging (#17929)

fix: ensure deriveds values are correct across batches (#17917)

fix: handle async RHS in assignment_value_stale (#17925)

fix: avoid traversing clean roots (#17928)

[email protected]

Patch Changes

fix: remove untrack circular dependency (#17910)

fix: recover from errors that leave a corrupted effect tree (#17888)

fix: properly lazily evaluate RHS when checking for assignment_value_stale (#17906)

fix: resolve boundary in correct batch when hydrating (#17914)

chore: rebase batches after process, not during (#17900)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.54.0

Minor Changes

feat: allow css, runes, customElement compiler options to be functions (#17951)

Patch Changes

fix: reinstate reactivity loss tracking (#17801)

5.53.13

Patch Changes

fix: ensure $inspect after top level await doesn't break builds (#17943)

fix: resume inert effects when they come from offscreen (#17942)

fix: don't eagerly access not-yet-initialized functions in template (#17938)

fix: discard batches made obsolete by commit (#17934)

fix: ensure "is standalone child" is correctly reset (#17944)

fix: remove nodes in boundary when work is pending and HMR is active (#17932)

5.53.12

Patch Changes

fix: update select.__value on change (#17745)

chore: add invariant helper for debugging (#17929)

fix: ensure deriveds values are correct across batches (#17917)

fix: handle async RHS in assignment_value_stale (#17925)

fix: avoid traversing clean roots (#17928)

5.53.11

Patch Changes

fix: remove untrack circular dependency (#17910)

fix: recover from errors that leave a corrupted effect tree (#17888)

fix: properly lazily evaluate RHS when checking for assignment_value_stale (#17906)

... (truncated)

Commits

7ec156a Version Packages (#17953)
c89f6ab feat: allow css, runes, customElement compiler options to be functions ...
5faf102 fix: reinstate reactivity loss tracking (#17801)
6a303c3 Version Packages (#17936)
f081a6c fix: resume inert effects when they come from offscreen (#17942)
1cd0645 fix: remove nodes in boundary when work is pending and HMR is active (#17932)
32a48ed fix: don't eagerly access not-yet-initialized functions in template (#17938)
b472171 fix: ensure $inspect after top level await doesn't break builds (#17943)
d4bd6ad fix: ensure "is standalone child" is correctly reset (#17944)
98e8b63 fix: discard batches made obsolete by commit (#17934)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for svelte since your current version.

Updates valibot from 1.0.0-beta.9 to 1.2.0

Release notes

Sourced from valibot's releases.

v1.2.0

Many thanks to @EskiMojo14, @makenowjust, @ysknsid25 and @jacekwilczynski for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

Add toBigint, toBoolean, toDate, toNumber and toString transformation actions (pull request #1212)

Add examples action to add example values to a schema (pull request #1199)

Add getExamples method to extract example values from a schema (pull request #1199)

Add isbn validation action to validate ISBN-10 and ISBN-13 strings (pull request #1097)

Add exports for RawCheckAddIssue, RawCheckContext, RawCheckIssueInfo, RawTransformAddIssue, RawTransformContext and RawTransformIssueInfo types for better developer experience with rawCheck and rawTransform actions (pull request #1359)

Change build step to tsdown

Fix ReDoS vulnerability in EMOJI_REGEX used by emoji action

v1.2.0 (to-json-schema)

Many thanks to @cruzdanilo and @Xiot for contributing to this release.

Add support for title, description and examples in metadata action (pull request #1189)

Add new override configurations to override default behaviour of JSON Schema conversion (pull request #1197)

Add storage for global definitions with addGlobalDefs and getGlobalDefs (pull request #1197)

Add new toJsonSchemaDefs function to convert Valibot schema definitions to JSON Schema definitions (pull request #1197)

v1.1.0

Many thanks to @EltonLobo07, @sacrosanctic, @muningis, @EskiMojo14, @MOZGIII, @vktrl and @jasperteo for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

Add message method to overwrite local error message configuration of a schema (pull request #1103)

Add summarize method to summarize issues into a pretty-printable multi-line string (pull request #1158)

Add getTitle, getDescription and getMetadata methods to extract metadata of a schema (pull request #1154)

Add minEntries and maxEntries validation action to validate number of object entries (pull request #1100)

Add entries and notEntries validation action to validate number of object entries (pull request #1156)

Add parseJson and stringifyJson transformation action to parse and stringify JSON (pull request #1137)

Add flavor transformation action to flavor the output type of a schema (pull request #950)

Add support for bigints to multipleOf validation action (pull request #1164)

Change implementation of variant and variantAsync schema to improve performance by aborting validation of discriminators early (pull request #1110)

Change name of NanoIDAction and NanoIDIssue interface to NanoIdAction and NanoIdIssue (pull request #1171)

Fix internal MarkOptional type to fix input and output type of objects in edge cases (issue #1176)

v1.1.0 (to-json-schema)

Many thanks to @sruenwg, @muningis and @EltonLobo07 for contributing to this release.

Add support for minEntries and maxEntries action (pull request #1100)

Add support for entries action (pull request #1156)

Change Valibot peer dependency to v1.1.0

Fix toJsonSchema to be independent of definition order (pull request #1133)

Fix additionalItems for tuple schemas and add minItems (pull request #1126)

v1.0.0

This is a summary of the changes between v0 and v1. Many thanks to everyone who contributed to this release.

... (truncated)

Commits

053ae97 Bump version to 1.2.0 and update changelog
de76d7c Merge pull request #1361 from open-circle/v1.2-blog-post
c14f092 Add security fix for ReDoS vulnerability in emoji action and update release n...
cfb799d Merge commit from fork
36fafd0...
Description has been truncated

… updates Bumps the npm_and_yarn group with 1 update in the /examples/aws-express directory: [multer](https://github.com/expressjs/multer). Bumps the npm_and_yarn group with 1 update in the /examples/aws-nextjs directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/aws-nextjs-redis directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/aws-nextjs-sharp directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/aws-nextjs-stream directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/aws-realtime-nextjs directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/aws-svelte-redis directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground directory: [valibot](https://github.com/open-circle/valibot). Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground/sites/astro4 directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground/sites/astro5 directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground/sites/astro5-static directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). Bumps the npm_and_yarn group with 1 update in the /examples/internal/playground/sites/nextjs directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /examples/scrap directory: [esbuild](https://github.com/evanw/esbuild). Bumps the npm_and_yarn group with 2 updates in the /platform directory: [esbuild](https://github.com/evanw/esbuild) and [glob](https://github.com/isaacs/node-glob). Bumps the npm_and_yarn group with 1 update in the /sdk/js directory: [hono](https://github.com/honojs/hono). Updates `multer` from 1.4.5-lts.2 to 2.1.1 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.2...v2.1.1) Updates `next` from 14.2.15 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.15...v16.1.7) Updates `next` from 14.2.14 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.15...v16.1.7) Updates `next` from 15.3.0 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.15...v16.1.7) Updates `next` from 14.2.12 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.15...v16.1.7) Updates `next` from 14.2.3 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.15...v16.1.7) Updates `svelte` from 4.2.20 to 5.54.0 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/[email protected]/packages/svelte) Updates `valibot` from 1.0.0-beta.9 to 1.2.0 - [Release notes](https://github.com/open-circle/valibot/releases) - [Commits](open-circle/valibot@v1.0.0-beta.9...v1.2.0) Updates `astro` from 4.16.19 to 6.0.5 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/[email protected]/packages/astro) Updates `astro` from 5.8.1 to 5.15.9 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/[email protected]/packages/astro) Updates `astro` from 5.8.1 to 5.15.9 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/[email protected]/packages/astro) Updates `next` from 14.2.15 to 16.1.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.15...v16.1.7) Updates `esbuild` from 0.21.5 to 0.27.4 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.21.5...v0.27.4) Updates `esbuild` from 0.20.2 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.21.5...v0.27.4) Updates `glob` from 10.3.10 to 12.0.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.3.10...v12.0.0) Updates `hono` from 4.3.9 to 4.12.7 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.3.9...v4.12.7) --- updated-dependencies: - dependency-name: multer dependency-version: 2.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.54.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: valibot dependency-version: 1.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 6.0.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 5.15.9 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 5.15.9 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.27.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 12.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.7 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 17, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 15 directories with 8 updates#12

build(deps): bump the npm_and_yarn group across 15 directories with 8 updates#12
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/npm_and_yarn/examples/aws-express/npm_and_yarn-775801dccf

dependabot Bot commented on behalf of github Mar 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 17, 2026

v2.1.1

Important

What's Changed

New Contributors

v2.1.0

Important

What's Changed

New Contributors

2.1.1

2.1.0

2.0.2

2.0.1

2.0.0

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

v16.1.7

Core Changes

Credits

v16.1.6

Core Changes

Credits

v16.1.5

v16.0.11

v15.6.0-canary.61

v15.5.13

Core Changes

[email protected]

Minor Changes

Patch Changes

[email protected]

Patch Changes

[email protected]

Patch Changes

[email protected]

Patch Changes

5.54.0