Bump the prod-dependencies-minor group across 1 directory with 9 updates

[dependabot]

Bumps the prod-dependencies-minor group with 9 updates in the / directory:

Package	From	To
@tanstack/react-virtual	3.13.19	3.14.3
css-tree	3.1.0	3.2.1
monaco-yaml	5.4.0	5.5.1
overlayscrollbars	2.14.0	2.16.0
react-frame-component	5.2.7	5.3.2
semver	7.7.3	7.8.4
tailwind-merge	3.5.0	3.6.0
yaml	2.8.3	2.9.0
sass	1.91.0	1.101.0

Updates @tanstack/react-virtual from 3.13.19 to 3.14.3

Release notes

Sourced from @​tanstack/react-virtual's releases.

@​tanstack/react-virtual@​3.14.3

Patch Changes

• #1201 2ba5eb6 - Make directDomUpdates a no-op for direct DOM writes when containerRef is omitted. Previously the virtualizer still wrote item positions while never sizing the container (a broken half-state). Now omitting containerRef skips all direct writes while still skipping re-renders, letting consumers own the DOM updates themselves (e.g. in onChange).

• Updated dependencies [ef69ea3]:

  • @​tanstack/virtual-core@​3.17.1

@​tanstack/react-virtual@​3.14.2

Patch Changes

• Updated dependencies [c0b84c8, fbf3bdb]:
  • @​tanstack/virtual-core@​3.17.0

@​tanstack/react-virtual@​3.14.1

Patch Changes

• Updated dependencies [c746841]:
  • @​tanstack/virtual-core@​3.16.1

@​tanstack/react-virtual@​3.14.0

Minor Changes

• Add opt-in direct DOM updates for scroll positioning with directDomUpdates, directDomUpdatesMode, and containerRef. (#1180)

@​tanstack/react-virtual@​3.13.26

Patch Changes

• Updated dependencies [fc992ab]:
  • @​tanstack/virtual-core@​3.16.0

@​tanstack/react-virtual@​3.13.25

Patch Changes

• Replace the useReducer(() => ({}), {}) force-rerender pattern with an (#1168) incrementing number counter. Same semantics (every dispatch changes the reducer state, forcing a render); zero per-dispatch object allocation. Trivial individual cost, but eliminates one steady-state GC source on scroll-heavy apps.
• Updated dependencies [99355ad, 99355ad, 99355ad, 99355ad, 99355ad, 99355ad, 99355ad]:
  • @​tanstack/virtual-core@​3.15.0

@​tanstack/react-virtual@​3.13.24

Patch Changes

• Updated dependencies [97a204d]:
  • @​tanstack/virtual-core@​3.14.0

@​tanstack/react-virtual@​3.13.23

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-virtual's changelog.

3.14.3

Patch Changes

• #1201 2ba5eb6 - Make directDomUpdates a no-op for direct DOM writes when containerRef is omitted. Previously the virtualizer still wrote item positions while never sizing the container (a broken half-state). Now omitting containerRef skips all direct writes while still skipping re-renders, letting consumers own the DOM updates themselves (e.g. in onChange).

• Updated dependencies [ef69ea3]:

  • @​tanstack/virtual-core@​3.17.1

3.14.2

Patch Changes

• Updated dependencies [c0b84c8, fbf3bdb]:
  • @​tanstack/virtual-core@​3.17.0

3.14.1

Patch Changes

• Updated dependencies [c746841]:
  • @​tanstack/virtual-core@​3.16.1

3.14.0

Minor Changes

• Add opt-in direct DOM updates for scroll positioning with directDomUpdates, directDomUpdatesMode, and containerRef. (#1180)

3.13.26

Patch Changes

• Updated dependencies [fc992ab]:
  • @​tanstack/virtual-core@​3.16.0

3.13.25

Patch Changes

• Replace the useReducer(() => ({}), {}) force-rerender pattern with an (#1168) incrementing number counter. Same semantics (every dispatch changes the reducer state, forcing a render); zero per-dispatch object allocation. Trivial individual cost, but eliminates one steady-state GC source on scroll-heavy apps.
• Updated dependencies [99355ad, 99355ad, 99355ad, 99355ad, 99355ad, 99355ad, 99355ad]:
  • @​tanstack/virtual-core@​3.15.0

3.13.24

... (truncated)

Commits

• 75ae896 ci: Version Packages (#1202)
• 2ba5eb6 fix(react-virtual): make directDomUpdates a no-op without containerRef (#1201)
• ef69ea3 fix(virtual-core): adjust scroll on first measurement during backward scroll ...
• 932c358 test(react-virtual): add e2e test for React Compiler with directDomUpdates, b...
• b983b21 ci: Version Packages (#1184)
• fbf3bdb feat(virtual-core): add useCachedMeasurements option to preserve sizes when...
• 13dec39 docs: add directDomUpdates and directDomUpdatesMode options (#1185)
• c33902f ci: Version Packages (#1182)
• d789c6e ci: Version Packages (#1181)
• 73e115d feat(react-virtual): add directDomUpdates for re-render-free scroll positioni...
• Additional commits viewable in compare view

Updates css-tree from 3.1.0 to 3.2.1

Release notes

Sourced from css-tree's releases.

3.2.1

• Fixed parsing of nested function in a group in definition syntax (#358)

3.2.0

• Added "sideEffects": false in package.json
• Added list option to the parse() method to specify whether the parser should produce a List (by default, list: true) or an array (list: false) for node's children (e.g., SelectorList, Block, etc.)
• Added support for Functional Notation in definition syntax (for now by wrapping function arguments into an implicit group when necessary, see #292)
• Added support for stacked multipliers {A}? and {A,B}? according to spec in definition syntax parsing (#346)
• Added math functions support in syntax matching (e.g., min(), max(), etc.) (#344)
• Added onToken option to the parse() method, which can be either an array or a function:
  • When the value is an array, it is populated with objects { type, start, end } (token type, and its start and end offsets).
  • When the value is a function, it accepts type, start, end, and index parameters, and is invoked with a token API as this, enabling advanced token handling (see onToken). For example, the following demonstrates checking if all block tokens have matching pairs:

    parse(css, {
        onToken(type, start, end, index) {
            if (this.isBlockOpenerTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No closing pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            } else if (this.isBlockCloserTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No opening pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            }
        }
    });

• Extended TokenStream with the following methods:
  • getTokenEnd(tokenIndex) – returns the token's end offset by index, complementing getTokenStart(tokenIndex)
  • getTokenType(tokenIndex) – returns the token's type by index
  • isBlockOpenerTokenType(tokenType) – returns true for <function-token>, <(-token>, <[-token>, and <{-token>
  • isBlockCloserTokenType(tokenType) – returns true for <)-token>, <]-token>, and <}-token>
  • getBlockTokenPairIndex(tokenIndex) – returns the index of the pair token for a block, or -1 if no pair exists
• Changed generate() to not auto insert whitespaces between tokens for raw values (#356)
• Fixed fork() to extend node definitions instead of overriding them. For example, fork({ node: { Dimension: { generate() { /* ... */ } } } }) will now update only the generate() method on the Dimension node, while inheriting all other properties from the previous syntax definition.
• Bumped mdn/data to 2.27.1 and various fixes in syntaxes

Changelog

Sourced from css-tree's changelog.

3.2.1 (March 5, 2026)

• Fixed parsing of nested function in a group in definition syntax (#358)

3.2.0 (March 4, 2026)

• Added "sideEffects": false in package.json
• Added list option to the parse() method to specify whether the parser should produce a List (by default, list: true) or an array (list: false) for node's children (e.g., SelectorList, Block, etc.)
• Added support for Functional Notation in definition syntax (for now by wrapping function arguments into an implicit group when necessary, see #292)
• Added support for stacked multipliers {A}? and {A,B}? according to spec in definition syntax parsing (#346)
• Added math functions support in syntax matching (e.g., min(), max(), etc.) (#344)
• Added onToken option to the parse() method, which can be either an array or a function:
  • When the value is an array, it is populated with objects { type, start, end } (token type, and its start and end offsets).
  • When the value is a function, it accepts type, start, end, and index parameters, and is invoked with a token API as this, enabling advanced token handling (see onToken). For example, the following demonstrates checking if all block tokens have matching pairs:

    parse(css, {
        onToken(type, start, end, index) {
            if (this.isBlockOpenerTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No closing pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            } else if (this.isBlockCloserTokenType(type)) {
                if (this.getBlockPairTokenIndex(index) === -1) {
                    console.warn('No opening pair for', this.getTokenValue(index), this.getRangeLocation(start, end));
                }
            }
        }
    });

• Extended TokenStream with the following methods:
  • getTokenEnd(tokenIndex) – returns the token's end offset by index, complementing getTokenStart(tokenIndex)
  • getTokenType(tokenIndex) – returns the token's type by index
  • isBlockOpenerTokenType(tokenType) – returns true for <function-token>, <(-token>, <[-token>, and <{-token>
  • isBlockCloserTokenType(tokenType) – returns true for <)-token>, <]-token>, and <}-token>
  • getBlockTokenPairIndex(tokenIndex) – returns the index of the pair token for a block, or -1 if no pair exists
• Changed generate() to not auto insert whitespaces between tokens for raw values (#356)
• Fixed fork() to extend node definitions instead of overriding them. For example, fork({ node: { Dimension: { generate() { /* ... */ } } } }) will now update only the generate() method on the Dimension node, while inheriting all other properties from the previous syntax definition.
• Bumped mdn/data to 2.27.1 and various fixes in syntaxes

Commits

• 8a6caba 3.2.1
• 7c7f9ee Fix parsing of nested function in a group in definition syntax (fixes #358)
• c42fee2 3.2.0
• aad332e Add Function Notation in syntax definition (#292)
• 264d09d Fix GitHub actions
• 5766a65 Fix syntax definition issues
• 307d8df Bump deps
• c008c01 Add support for stacked multipliers {A}? and {A,B}? in definition syntax ...
• 20f5671 Add list option for parser (fixes #348)
• 39a0c72 Update nodejs versions
• Additional commits viewable in compare view

Updates monaco-yaml from 5.4.0 to 5.5.1

Release notes

Sourced from monaco-yaml's releases.

v5.5.0

What's Changed

• 39b2e9e Update to yaml-language-server 1.23.0
• d472fd9 Make optional features togglable
• 33c426a Implement code lens support
• fbe60fd Implement rename support
• fbe60fd Declare and implement new language service options

Full Changelog: remcohaszing/monaco-yaml@v5.4.1...v5.5.0

v5.4.1

What's Changed

• d095257 Add getOptions method to retrieve current configuration of monaco-yaml by @​pmahdicheraghi in remcohaszing/monaco-yaml#280
• 187d130 Use OIDC for publishing to npm

New Contributors

• @​pmahdicheraghi made their first contribution in remcohaszing/monaco-yaml#280

Full Changelog: remcohaszing/monaco-yaml@v5.4.0...v5.4.1

Commits

• 9a15c65 5.5.1
• 9782fb3 Use staged publishing
• 9a73984 Remove useless argument form eslint in CI
• cc92ff9 Use Node.js 26 in CI
• 4419559 Fix the dist ignore pattern
• 93a35d2 Cleanup disposables in tests
• 4abd6b7 Return real values from defaultMeta methods on ajv instances (#283)
• 47f405b Update lockfile
• ffe35fd 5.5.0
• daa5789 Stub ajv-i18n
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for monaco-yaml since your current version.

Updates overlayscrollbars from 2.14.0 to 2.16.0

Changelog

Sourced from overlayscrollbars's changelog.

2.16.0

Features

• The package now contains an additional css file overlayscrollbars.scriptingenabled.css which uses the scripting: enabled media query to enable the data-overlayscrollbars-initialize styles. This ensures that native scrollbars stay visible when JavaScript is not executed. For browser backwards compatibility reasons this can't be the default. #751

Bug Fixes

• Make sure the expensive "non default flow direction" check is not running when it shouldn't. #756

2.15.1

Improvements

• The instance.sleep function will now also put the scrollbars.autoHide timer to sleep.

2.15.0

Features

• The option options.scrollbars.clickScroll now also accepts a function which can be used to customize the click scroll behavior. #754
• Added the instance.sleep function. Can be used to optimize performance or visual feedback. (for example during animations) #755

Commits

• dfa8196 v2.16.0
• 0157bf3 deploy
• c8a0827 improve tests and fix codecov
• 9ac5d68 add animation test
• 85abc7c make adjustMeasuredScrollCoordinates less 'strict'
• 7dc0f25 fix getMeasuredScrollCoordinates short circuit
• 0753587 export more types
• ade6e45 v2.15.1
• 9f6c8b2 build & improve docs for v2.15.0
• 28d3588 v2.15.0
• Additional commits viewable in compare view

Updates react-frame-component from 5.2.7 to 5.3.2

Release notes

Sourced from react-frame-component's releases.

v5.3.2

Patch Changes

• f191d58: Add types condition to package.json exports to fix TypeScript resolution with TSGo and modern ESM tools

• 1820bc3: ## Fix race condition in getMountTarget() (issue #250)

  Fixed "Cannot read properties of null" errors when initialContent changes rapidly by adding null checks for doc and doc.body in getMountTarget().

  Changes

  • src/Frame.jsx: Added null check in getMountTarget() to handle cases when iframe document is temporarily unavailable during rapid rerenders

v5.3.0

What's Changed

Add fallback to document.write() for initial frame rendering via dangerouslyUseDocWrite prop to support libraries like Repcaptcha and Google Maps that depend on the frame's location/origin.

PR #248: Add document.write() fallback (@​andrewpye)

---

Previous releases: https://github.com/ryanseddon/react-frame-component/releases

Changelog

Sourced from react-frame-component's changelog.

5.3.2

Patch Changes

• f191d58: Add types condition to package.json exports to fix TypeScript resolution with TSGo and modern ESM tools

• 1820bc3: ## Fix race condition in getMountTarget() (issue #250)

  Fixed "Cannot read properties of null" errors when initialContent changes rapidly by adding null checks for doc and doc.body in getMountTarget().

  Changes

  • src/Frame.jsx: Added null check in getMountTarget() to handle cases when iframe document is temporarily unavailable during rapid rerenders

5.3.1

Patch Changes

• 14c215c: Fix React 19 and Vite compatibility by externalizing react/jsx-runtime

  The ESM and UMD builds were incorrectly bundling react/jsx-runtime inline from CommonJS source, which caused two issues:

  1. ESM builds contained __require("react") calls - This failed in browser ESM environments with "Could not dynamically require react" errors when using Vite.
  2. UMD builds referenced __SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED.ReactCurrentOwner - This internal API was removed in React 19, causing "Cannot read properties of undefined" errors.

  The fix adds react/jsx-runtime and react/jsx-dev-runtime to the external dependencies list in the Vite configuration. This ensures the JSX transform is loaded from the proper module format rather than being bundled inline from CJS source.

  Bundle size improvements:

  • ESM: 35.7 KB → 4.6 KB (-87%)
  • UMD: 37.9 KB → 6.8 KB (-82%)

  Fixes #280

5.3.0

Minor Changes

• 8d922c3: Add fallback to document.write() for initial frame rendering via dangerouslyUseDocWrite prop to support libraries like Repcaptcha and Google Maps that depend on the frame's location/origin.

Commits

• 3f4cb97 Update npm to latest for OIDC trusted publishing (#290)
• eddb677 Revert "Update npm to latest for OIDC trusted publishing"
• 194d769 Update npm to latest for OIDC trusted publishing
• ed62652 Version Packages (#289)
• fb302a0 Bump follow-redirects from 1.15.0 to 1.15.11
• c44e385 Merge pull request #285 from ryanseddon/dependabot/npm_and_yarn/picomatch-2.3.2
• 722560a Bump picomatch from 2.3.1 to 2.3.2
• d6b8e30 Merge pull request #288 from ryanseddon/fix/issue-287-types-exports
• f191d58 Add changeset
• 1820bc3 fix: add null check in getMountTarget to prevent race condition (#286)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-frame-component since your current version.

Updates semver from 7.7.3 to 7.8.4

Release notes

Sourced from semver's releases.

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

• bea6028 #870 increment dotted prerelease identifiers (#870) (@​liuzemei, @​SheldonNeo)

v7.8.1

7.8.1 (2026-05-21)

Bug Fixes

• 17aa702 #869 strip build metadata before comparator trimming (#869) (@​owlstronaut)
• 5f3ca13 #867 handle prerelease bounds in subset (#867) (@​puneetdixit200, Puneet Dixit)

v7.8.0

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@​ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@​abhu85, @​claude)

Chores

• 9542e09 #860 template-oss-apply (@​owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@​dependabot[bot], @​npm-cli-bot)

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

7.8.2 (2026-06-04)

Bug Fixes

• bea6028 #870 increment dotted prerelease identifiers (#870) (@​liuzemei, @​SheldonNeo)

7.8.1 (2026-05-21)

Bug Fixes

• 17aa702 #869 strip build metadata before comparator trimming (#869) (@​owlstronaut)
• 5f3ca13 #867 handle prerelease bounds in subset (#867) (@​puneetdixit200, Puneet Dixit)

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@​ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@​abhu85, @​claude)

Chores

• 9542e09 #860 template-oss-apply (@​owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@​dependabot[bot], @​npm-cli-bot)

7.7.4 (2026-01-16)

Bug Fixes

• a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@​mldangelo)

Documentation

• 1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@​mldangelo)

Dependencies

• 120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

• 44d7130 #824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@​dependabot[bot])
• 7073576 #820 reorder parameters in invalid-versions.js test (#820) (@​reggi)
• 5816d4c #829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@​dependabot[bot], @​npm-cli-bot)

Commits

• 8640bd6 chore: release 7.8.4 (#875)
• e583226 fix: reject numeric segments after x-ranges
• 6b77aa8 chore: release 7.8.3 (#873)
• 3485dda chore: bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866)
• 046da7f fix: align caret includePrerelease lower bounds (#872)
• efafcf8 chore: release 7.8.2 (#871)
• bea6028 fix: increment dotted prerelease identifiers (#870)
• 7641608 chore: release 7.8.1 (#868)
• 17aa702 fix: strip build metadata before comparator trimming (#869)
• 5f3ca13 fix: handle prerelease bounds in subset (#867)
• Additional commits viewable in compare view

Updates tailwind-merge from 3.5.0 to 3.6.0

Release notes

Sourced from tailwind-merge's releases.

v3.6.0

New Features

• Add support for Tailwind CSS v4.3 by @​dcastil in dcastil/tailwind-merge#677
  • Add postfixLookupClassGroups option to config to support Tailwind utilities where a slash is part of the full class name, like named container queries
• Add support for readonly array values by @​unional in dcastil/tailwind-merge#652

Documentation

• Fix broken links in README by @​maurer2 in dcastil/tailwind-merge#662

Other

• Harden internal CI pipeline security by omitting git checkout by @​dcastil, suggested by @​kyletaylored in dcastil/tailwind-merge@6b2499c

Full Changelog: dcastil/tailwind-merge@v3.5.0...v3.6.0

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph, @​mike-healy and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• d54f7e5 v3.6.0
• 638871a Update README to add info about Tailwind CSS v4.3 support
• 39fc7b5 Revert "v3.6.0"
• bd8390f v3.6.0
• 802877c add v3.6.0 changelog
• a35feda Merge pull request #665 from dcastil/renovate/rollup-plugin-babel-7.x
• 940389c Merge pull request #667 from dcastil/renovate/release-drafter-release-drafter...
• 005af6d pin to specific version
• 5816ced implement breaking changes
• 17041e1 Merge pull request #676 from dcastil/dependabot/npm_and_yarn/babel/plugin-tra...
• Additional commits viewable in compare view

Updates yaml from 2.8.3 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

• fix: Avoid calling Array.prototype.push.apply() with large source array
• fix(lexer): Avoid recursive calls that may exhaust the call stack

v2.8.4

• Disable alias resolution with maxAliasCount:0 (#677)
• Handle invalid unicode escapes (e1a1a77)
• Apply minFractionDigits only to decimal strings (#676)

Commits

• ddb21b0 2.9.0
• 167365b docs: Clarify that not all errors can be avoided
• 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
• 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
• ccdf743 2.8.4
• f625789 fix: Disable alias resolution with maxAliasCount:0 (#677)
• e1a1a77<...

  Description has been truncated

[cloudflare-workers-and-pages]

Deploying waveterm with    Cloudflare Pages

Latest commit:	c3af32b
Status:	✅  Deploy successful!
Preview URL:	https://1998ad19.waveterm.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-prod-7o54.waveterm.pages.dev

View logs

[sawka]

@dependabot ignore sass versions 1.101.0