Skip to content

build(deps): bump qs, @lhci/cli, @hint/utils-network, @hint/utils-connector-tools, jsdom and lighthouse#12

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-823579ddd9
Open

build(deps): bump qs, @lhci/cli, @hint/utils-network, @hint/utils-connector-tools, jsdom and lighthouse#12
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-823579ddd9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 13, 2026

Copy link
Copy Markdown

Bumps qs to 6.14.2 and updates ancestor dependencies qs, @lhci/cli, @hint/utils-network, @hint/utils-connector-tools, jsdom and lighthouse. These dependencies need to be updated together.

Updates qs from 6.7.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

6.14.1

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup

... (truncated)

Commits
  • bdcf0c7 v6.14.2
  • 294db90 [readme] document that addQueryPrefix does not add ? to empty output
  • 5c308e5 [readme] clarify parseArrays and arrayLimit documentation
  • 6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
  • cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
  • febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
  • f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
  • fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
  • 1b9a8b4 [actions] fix rebase workflow permissions
  • 2a35775 [meta] fix changelog typo (arrayLengtharrayLimit)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.


Updates @lhci/cli from 0.6.1 to 0.15.1

Release notes

Sourced from @​lhci/cli's releases.

v0.15.1

What's Changed

New Contributors

Full Changelog: GoogleChrome/lighthouse-ci@v0.15.0...v0.15.1

v0.15.0

v0.15.0 (2025-06-09)

BREAKING CHANGE

  • upgrade to lighthouse 12.6.1

v0.14.0

v0.14.0 (2024-06-20)

  • feat: upgrade to lighthouse 12.0.0 (#1035) (cc564a6), closes #1035
  • feat: support .htm files in fallback server (#1033) (2ed3b31), closes #1033
  • feat: increase column width for project name (#1006) (8fe7e8d), closes #1006
  • feat: upgrade to lighthouse 12.1.0 (#1046) (8a0e3dc), closes #1046
  • feat(cli): add --lhr to assert command to load LHRs from anywhere (#1024) (19c7ca6), closes #1024
  • fix(cli): use ProxyAgent instead of HttpsProxyAgent (#1038) (cdf4605), closes #1038
  • chore: bump lhci references to 0.13 (083d639)
  • misc(release): remove hulk from release process (mostly) (36e629e)

... (truncated)

Commits
  • 76a49c7 fix: use viewer origin as string instead of object (#1109)
  • 602bf7d chore: bump lhci references to 0.15
  • d2cdea9 chore: update docker images with latest version
  • 6b3b50e feat: upgrade to lighthouse 12.6.1 (#1103)
  • 912d985 chore: update versions in ci (#1104)
  • e83b2f6 fix(cli): improve filename sanitization for hash routes (#1084)
  • d04aba1 feat(cli): change wizard default branch to main (#1069)
  • 115818a chore: Heroku Postgres Hobby plan doesn't exist anymore (#1077)
  • ef83477 chore: update versions in heroku-server recipe (#1078)
  • 3cac9eb docs: update GitHub Actions versions in README.md (#1086)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by hoten, a new releaser for @​lhci/cli since your current version.


Updates @hint/utils-network from 1.0.7 to 1.0.27

Release notes

Sourced from @​hint/utils-network's releases.

Dist files

Fake release to host all the compiled files from master.

hint-no-p3p-v3.0.1

Bug fixes / Improvements

Changelog

Sourced from @​hint/utils-network's changelog.

1.0.26 (June 27, 2023)

Bug fixes / Improvements

1.0.25 (June 8, 2023)

Chores

1.0.23 (October 6, 2022)

Chores

1.0.22 (September 6, 2022)

Breaking Changes

New features

1.0.19 (June 13, 2022)

New features

1.0.17 (May 3, 2022)

Chores

1.0.15 (March 9, 2022)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vidorteg, a new releaser for @​hint/utils-network since your current version.


Updates @hint/utils-connector-tools from 4.0.22 to 4.0.42

Release notes

Sourced from @​hint/utils-connector-tools's releases.

Dist files

Fake release to host all the compiled files from master.

hint-no-p3p-v3.0.1

Bug fixes / Improvements

Changelog

Sourced from @​hint/utils-connector-tools's changelog.

4.0.41 (June 27, 2023)

Bug fixes / Improvements

4.0.40 (June 8, 2023)

Chores

4.0.39 (March 16, 2023)

Chores

4.0.38 (October 6, 2022)

Bug fixes / Improvements

Chores

4.0.37 (September 6, 2022)

Breaking Changes

New features

Bug fixes / Improvements

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vidorteg, a new releaser for @​hint/utils-connector-tools since your current version.


Updates jsdom from 16.4.0 to 21.1.2

Release notes

Sourced from jsdom's releases.

Version 21.1.2

  • Fixed setRangeText() used on <input> and <textarea> elements to calculate the new end index correctly. (pmstss)
  • Fixed pageX, pageY, offsetX, and offsetY on MouseEvents during dispatch. (jenseng)
  • Upgraded nwsapi to v2.2.4, bringing along various fixes to our selector engine.

Version 21.1.1

  • Fixed jsdom.reconfigure() to also adjust the URL as seen by the history API, so that e.g. history.replaceState(null, "") would not mess up the URL. (jdufresne)
  • Fixed location.hash = "" to leave any # in location.href.
  • Fixes a few bugs with CSS parsing by replacing cssom with rweb-cssom, since the latter is maintained. (seanparmelee)

Version 21.1.0

  • Added x, y, pageX, pageY, offsetX, and offsetY to MouseEvent. (jenseng, ViniciusFXavier)
  • Added support for unset with getComputedStyle(). (jsnajdr)
  • Added the submitter property to SubmitEvent. (jenseng)
  • Fixed MouseEvent's screenX and screenY to no longer coerce to integers, allowing fractional values. (jenseng)
  • Fixed formEl.submit() to not longer fire submit events. (jenseng)
  • Fixed stylesheets to no longer affect the document after their corresponding <link> is removed. (jsnajdr)
  • Fixed pointer-events to inherit when used with getComputedStyle(). (jsnajdr)
  • Fixed <script> elements with no src="" to no longer fire load events. (t1ger2080)
  • Improved getComputedStyle() to cache its results, which should make it much faster. (jsnajdr)

Version 21.0.0

A potentially-breaking bug fix:

  • Fixed the window, document, location, and top properties of Window to be non-configurable. (ExE-Boss)

Other changes:

  • Added support for <input type=image> submitting forms. (jenseng)
  • Added the location setter to the Window object, which forwards to the location.href setter. Setting the URL is still only implemented for fragment navigations, however. (ExE-Boss)
  • Fixed defer="" <script> elements that are added after DOMContentLoaded to execute, instead of being skipped.
  • Fixed selectElement.selectedOptions being incorrect when optionElement.selected is set. This was a regression introduced in v20.0.1. Unfortunately this also reverts the performance improvement when appending <option> elements that was introduced then. (eps1lon)
  • Fixed the self, locationbar, menubar, personalbar, scrollbars, statusbar, toolbar, frames, parent, external, length, and screen properties of Window to be replaceable: that is, setting them will override their values, instead of having the new value be ignored. (ExE-Boss)
  • Fixed a few issues with JSDOM.fromURL() in the browser build of jsdom. (LungZeno)

Version 20.0.3

  • Updated dependencies, notably w3c-xmlserializer, which fixes using DOMParser on XML documents containing emoji.

Version 20.0.2

  • Fixed xhr.abort() to no longer give an exception when the constructed XMLHttpRequest was invalid. (whamtet)
  • Fixed event.getModifierState() on MouseEvent and KeyboardEvent instances to properly consult the ctrlKey, altKey, metaKey, and shiftKey properties of the event. (juzerzarif)
  • Fixed custom element creation to not be affected by any modifications to the window.customElements property. (bicknellr)

Version 20.0.1

  • Improved the performance of appending <option> elements to <select> elements. (TheHound)
  • Fixed location.pathname getter to not crash when the JSDOM instance was created using an opaque-path URL, including the default URL of about:blank.
  • Fixed crypto.getRandomValues() to accept typed array subclasses. (sebamarynissen)
  • Updated various dependency minor versions. Notably, nwsapi fixed some selectors bugs, and tough-cookie fixed some cookie bugs.

Version 20.0.0

... (truncated)

Changelog

Sourced from jsdom's changelog.

21.1.2

  • Fixed setRangeText() used on <input> and <textarea> elements to calculate the new end index correctly. (pmstss)
  • Fixed pageX, pageY, offsetX, and offsetY on MouseEvents during dispatch. (jenseng)
  • Upgraded nwsapi to v2.2.4, bringing along various fixes to our selector engine.

21.1.1

  • Fixed jsdom.reconfigure() to also adjust the URL as seen by the history API, so that e.g. history.replaceState(null, "") would not mess up the URL. (jdufresne)
  • Fixed location.hash = "" to leave any # in location.href.
  • Fixes a few bugs with CSS parsing by replacing cssom with rweb-cssom, since the latter is maintained. (seanparmelee)

21.1.0

  • Added x, y, pageX, pageY, offsetX, and offsetY to MouseEvent. (jenseng, ViniciusFXavier)
  • Added support for unset with getComputedStyle(). (jsnajdr)
  • Added the submitter property to SubmitEvent. (jenseng)
  • Fixed MouseEvent's screenX and screenY to no longer coerce to integers, allowing fractional values. (jenseng)
  • Fixed formEl.submit() to not longer fire submit events. (jenseng)
  • Fixed stylesheets to no longer affect the document after their corresponding <link> is removed. (jsnajdr)
  • Fixed pointer-events to inherit when used with getComputedStyle(). (jnajdr)
  • Fixed <script> elements with no src="" to no longer fire load events. (t1ger2080)
  • Improved getComputedStyle() to cache its results, which should make it much faster. (jsnajdr)

21.0.0

A potentially-breaking bug fix:

  • Fixed the window, document, location, and top properties of Window to be non-configurable. (ExE-Boss)

Other changes:

  • Added support for <input type=image> submitting forms. (jenseng)
  • Added the location setter to the Window object, which forwards to the location.href setter. Setting the URL is still only implemented for fragment navigations, however. (ExE-Boss)
  • Fixed defer="" <script> elements that are added after DOMContentLoaded to execute, instead of being skipped.
  • Fixed selectElement.selectedOptions being incorrect when optionElement.selected is set. This was a regression introduced in v20.0.1. Unfortunately this also reverts the performance improvement when appending <option> elements that was introduced then. (eps1lon)
  • Fixed the self, locationbar, menubar, personalbar, scrollbars, statusbar, toolbar, frames, parent, external, length, and screen properties of Window to be replaceable: that is, setting them will override their values, instead of having the new value be ignored. (ExE-Boss)
  • Fixed a few issues with JSDOM.fromURL() in the browser build of jsdom. (LungZeno)

20.0.3

  • Updated dependencies, notably w3c-xmlserializer, which fixes using DOMParser on XML documents containing emoji.

20.0.2

  • Fixed xhr.abort() to no longer give an exception when the constructed XMLHttpRequest was invalid. (whamtet)
  • Fixed event.getModifierState() on MouseEvent and KeyboardEvent instances to properly consult the ctrlKey, altKey, metaKey, and shiftKey properties of the event. (juzerzarif)
  • Fixed custom element creation to not be affected by any modifications to the window.customElements property. (bicknellr)

20.0.1

... (truncated)

Commits
  • 4d1ef41 Version 21.1.2
  • 2167822 Add a temporary workaround for a Node 18 bug
  • 7512ce9 Add more selector regression tests
  • f75a9d1 Update nwsapi
  • f76d3a2 Fix the end index in setRangeText() for input and textarea
  • 12a24a9 MouseEvent: fix {page,offset}{X,Y} during dispatch
  • 31cfdd4 Version 21.1.1
  • 946050a Update dependencies and dev dependencies
  • 0e7b488 Fix location.hash setter with the empty string input
  • 7b15dc8 Make reconfigure() adjust the history API too
  • Additional commits viewable in compare view

Updates lighthouse from 6.5.0 to 12.6.1

Release notes

Sourced from lighthouse's releases.

v12.6.1

Full Changelog

We expect this release to ship in the DevTools of Chrome 139, and to PageSpeed Insights within a couple days.

New contributors

Thanks to our new contributor 👽🐷🐰🐯🐻!

Ian Kerins @​isker

Core

  • emulation: bump chrome UA to m136 (#16489)
  • insights: add a bunch of debugData (#16472)
  • inspector-issues: remove trusted types csp issue filter (#16514)
  • inspector-issues: add userReidentificationIssue to artifact (#16497)

Report

  • remove innerHTML usage from insights announce icon (#16469)

Deps

  • upgrade deps (#16515)
  • upgrade trace_engine to 0.0.53 (#16496)
  • bump chrome-launcher to 1.2.0 (#16479)

Clients

  • lr: disable modern-http-insight (#16471)

Tests

  • fix some lantern test failures (#16498)
  • use newer trace in metrics test (#16492)

Misc

  • import i18n messages as JSON modules (#16500)
  • scripts: add bytes-in-trace script (#16477)
  • treemap: hide unused-bytes view mode when missing data (#16478)
  • treemap: highlight many nodes on hover in duplicate modules table (#16470)

v12.6.0

Full Changelog

We expect this release to ship in the DevTools of Chrome 137, and to PageSpeed Insights within a few days.

New contributors

... (truncated)

Changelog

Sourced from lighthouse's changelog.

Pre-10.0 Changelog

See the newer changelog for newer revisions.

9.6.8 (2022-10-31)

Full Changelog

We expect this release to ship in the DevTools of Chrome 109, and to PageSpeed Insights within 2 weeks.

Core

  • deprecations: use translated strings from devtools repo (#13961)
  • network-request: backport rendererStartTime (#14481)

9.6.7 (2022-09-01)

Full Changelog

This is an npm-only release. We have no plans to release this specific version to DevTools or PSI, but the changes will be rolled up into the next release in those clients.

Core

  • core(trace-elements): include LCP type in artifact (#14344)
  • core: add priority to network-requests debug audit (#14340)

9.6.6 (2022-08-16)

Full Changelog

We expect this release to ship in the DevTools of Chrome 106, and to PageSpeed Insights within 2 weeks.

New Contributors

Thanks to our new contributor 👽🐷🐰🐯🐻!

Core

  • unsized-images: ignore non-network SVGs (#13737)

Deps

  • upgrade csp-evaluator (#14281)

9.6.5 (2022-08-01)

Full Changelog

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…nector-tools, jsdom and lighthouse

Bumps [qs](https://github.com/ljharb/qs) to 6.14.2 and updates ancestor dependencies [qs](https://github.com/ljharb/qs), [@lhci/cli](https://github.com/GoogleChrome/lighthouse-ci), [@hint/utils-network](https://github.com/webhintio/hint/tree/HEAD/packages/utils-network), [@hint/utils-connector-tools](https://github.com/webhintio/hint/tree/HEAD/packages/utils-connector-tools), [jsdom](https://github.com/jsdom/jsdom) and [lighthouse](https://github.com/GoogleChrome/lighthouse). These dependencies need to be updated together.


Updates `qs` from 6.7.0 to 6.14.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.7.0...v6.14.2)

Updates `@lhci/cli` from 0.6.1 to 0.15.1
- [Release notes](https://github.com/GoogleChrome/lighthouse-ci/releases)
- [Commits](GoogleChrome/lighthouse-ci@v0.6.1...v0.15.1)

Updates `@hint/utils-network` from 1.0.7 to 1.0.27
- [Release notes](https://github.com/webhintio/hint/releases)
- [Changelog](https://github.com/webhintio/hint/blob/main/packages/utils-network/CHANGELOG.md)
- [Commits](https://github.com/webhintio/hint/commits/HEAD/packages/utils-network)

Updates `@hint/utils-connector-tools` from 4.0.22 to 4.0.42
- [Release notes](https://github.com/webhintio/hint/releases)
- [Changelog](https://github.com/webhintio/hint/blob/main/packages/utils-connector-tools/CHANGELOG.md)
- [Commits](https://github.com/webhintio/hint/commits/HEAD/packages/utils-connector-tools)

Updates `jsdom` from 16.4.0 to 21.1.2
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](jsdom/jsdom@16.4.0...21.1.2)

Updates `lighthouse` from 6.5.0 to 12.6.1
- [Release notes](https://github.com/GoogleChrome/lighthouse/releases)
- [Changelog](https://github.com/GoogleChrome/lighthouse/blob/main/changelog-pre10.md)
- [Commits](GoogleChrome/lighthouse@v6.5.0...v12.6.1)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.2
  dependency-type: indirect
- dependency-name: "@lhci/cli"
  dependency-version: 0.15.1
  dependency-type: direct:development
- dependency-name: "@hint/utils-network"
  dependency-version: 1.0.27
  dependency-type: indirect
- dependency-name: "@hint/utils-connector-tools"
  dependency-version: 4.0.42
  dependency-type: indirect
- dependency-name: jsdom
  dependency-version: 21.1.2
  dependency-type: indirect
- dependency-name: lighthouse
  dependency-version: 12.6.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants