Skip to content

Build(deps): Bump devalue from 5.6.1 to 5.7.1#42299

Merged
julien-deramond merged 1 commit intomainfrom
dependabot/npm_and_yarn/devalue-5.7.1
Apr 14, 2026
Merged

Build(deps): Bump devalue from 5.6.1 to 5.7.1#42299
julien-deramond merged 1 commit intomainfrom
dependabot/npm_and_yarn/devalue-5.7.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 9, 2026
edited
Loading

Bumps devalue from 5.6.1 to 5.7.1.

Release notes

Sourced from devalue's releases.

v5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

v5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values

v5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

v5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows
Changelog

Sourced from devalue's changelog.

5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values

5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows
Commits

@dependabot dependabot Bot mentioned this pull request Apr 9, 2026
Closed
@julien-deramond
Copy link
Copy Markdown
Member

julien-deramond commented Apr 14, 2026

@dependabot rebase

@dependabot
Build(deps): Bump devalue from 5.6.1 to 5.7.1
84f94c1 
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.6.1 to 5.7.1.
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v5.6.1...v5.7.1)

---
updated-dependencies:
- dependency-name: devalue
  dependency-version: 5.7.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/devalue-5.7.1 branch from 6f9ce35 to 84f94c1 Compare April 14, 2026 19:39
@julien-deramond julien-deramond merged commit 51fa56a into main Apr 14, 2026
13 checks passed
@julien-deramond julien-deramond deleted the dependabot/npm_and_yarn/devalue-5.7.1 branch April 14, 2026 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julien-deramond julien-deramond julien-deramond approved these changes

Assignees

No one assigned

Labels

backport-done backport-to-v6 dependencies v5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@julien-deramond