chore(deps): bump the npm_and_yarn group across 6 directories with 6 updates by dependabot[bot] · Pull Request #2008 · it-at-m/eappointment

dependabot · 2026-02-22T11:53:34Z

Bumps the npm_and_yarn group with 3 updates in the /zmsadmin directory: @parcel/reporter-dev-server, js-yaml and qs.
Bumps the npm_and_yarn group with 2 updates in the /zmscalldisplay directory: @parcel/reporter-dev-server and ajv.
Bumps the npm_and_yarn group with 1 update in the /zmscitizenapi directory: ajv.
Bumps the npm_and_yarn group with 4 updates in the /zmscitizenview directory: ajv, qs, altcha and lodash.
Bumps the npm_and_yarn group with 2 updates in the /zmsstatistic directory: @parcel/reporter-dev-server and ajv.
Bumps the npm_and_yarn group with 2 updates in the /zmsticketprinter directory: @parcel/reporter-dev-server and ajv.

Updates @parcel/reporter-dev-server from 2.16.3 to 2.16.4

Release notes

Sourced from @parcel/reporter-dev-server's releases.

v2.16.4

Fixed

Dev server

Add --no-cors option to disable CORS headers – Details

Changelog

Sourced from @parcel/reporter-dev-server's changelog.

[2.16.4] – 2026-02-01

Fixed

Dev server

Add --no-cors option to disable CORS headers – Details

Commits

See full diff in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates qs from 6.13.0 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

... (truncated)

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates @parcel/reporter-dev-server from 2.16.3 to 2.16.4

Release notes

Sourced from @parcel/reporter-dev-server's releases.

v2.16.4

Fixed

Dev server

Add --no-cors option to disable CORS headers – Details

Changelog

Sourced from @parcel/reporter-dev-server's changelog.

[2.16.4] – 2026-02-01

Fixed

Dev server

Add --no-cors option to disable CORS headers – Details

Commits

See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates ajv from 8.17.1 to 8.18.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates qs from 6.14.0 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

... (truncated)

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates altcha from 1.5.1 to 2.3.0

Release notes

Sourced from altcha's releases.

v2.3.0

Breaking change

As of version 2.3.0, the obfuscation and other plugins have been removed from the main package and moved to a separate package: @altcha/plugins.

See the migration guide for v2.3.0.

This release does not include any other change.

v2.2.4

Changes:

Fix: use custom fetch in requestSentinelVerification

v2.2.3

Changes:

Fix: refetchonexpire #130

This release introduces the new disablerefetchonexpire attribute, replacing the deprecated refetchonexpire. The previous attribute did not function correctly when set as an HTML attribute.

v2.2.2

Changes:

Fix: form submitted twice with auto=onsubmit #129

v2.2.1

Changes:

Fix build (wrong version reported)

v2.2.0

Changes:

Fix challenge expiration status reporting #127

New translations: Albanian, Amharic, Kazakh, Luxembourgish, Persian, Swahili, Yoruba

v2.1.0

Changes:

New feature: Overlay UI mode

New translations: Armenian, Azerbaijani, Georgian, Macedonian, Montenegrin, Turkmen

v2.0.5

Changes:

Fix auto=onsubmit with code challenges #118

v2.0.4

Changes:

... (truncated)

Commits

8b87cf5 2.3.0
bf72a27 fix: disable broken firefox e2e tests
d610bef refactor: remove widget plugins from the main package
ac1e619 chore: update development deps
154f874 chore: update dev deps
5c5aa3f 2.2.4
e19d1cc chore: update deps
b1de843 fix: use custom fetch in requestSentinelVerification
b24555c 2.2.3
7274089 fix: refetchonexpire #130
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates @parcel/reporter-dev-server from 2.16.3 to 2.16.4

Release notes

Sourced from @parcel/reporter-dev-server's releases.

v2.16.4

Fixed

Dev server

Add --no-cors option to disable CORS headers – Details

Changelog

Sourced from @parcel/reporter-dev-server's changelog.

[2.16.4] – 2026-02-01

Fixed

Dev server

Add --no-cors option to disable CORS headers – Details

Commits

See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates @parcel/reporter-dev-server from 2.16.3 to 2.16.4

Release notes

Sourced from @parcel/reporter-dev-server's releases.

v2.16.4

Fixed

Dev server

Add --no-cors option to disable CORS headers – Details

Changelog

Sourced from @parcel/reporter-dev-server's changelog.

[2.16.4] – 2026-02-01

Fixed

Dev server

Add --no-cors option to disable CORS headers – Details

Commits

See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 3 updates in the /zmsadmin directory: [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel), [js-yaml](https://github.com/nodeca/js-yaml) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 2 updates in the /zmscalldisplay directory: [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) and [ajv](https://github.com/ajv-validator/ajv). Bumps the npm_and_yarn group with 1 update in the /zmscitizenapi directory: [ajv](https://github.com/ajv-validator/ajv). Bumps the npm_and_yarn group with 4 updates in the /zmscitizenview directory: [ajv](https://github.com/ajv-validator/ajv), [qs](https://github.com/ljharb/qs), [altcha](https://github.com/altcha-org/altcha) and [lodash](https://github.com/lodash/lodash). Bumps the npm_and_yarn group with 2 updates in the /zmsstatistic directory: [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) and [ajv](https://github.com/ajv-validator/ajv). Bumps the npm_and_yarn group with 2 updates in the /zmsticketprinter directory: [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) and [ajv](https://github.com/ajv-validator/ajv). Updates `@parcel/reporter-dev-server` from 2.16.3 to 2.16.4 - [Release notes](https://github.com/parcel-bundler/parcel/releases) - [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md) - [Commits](https://github.com/parcel-bundler/parcel/commits/v2.16.4) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `qs` from 6.13.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.15.0) Updates `@parcel/reporter-dev-server` from 2.16.3 to 2.16.4 - [Release notes](https://github.com/parcel-bundler/parcel/releases) - [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md) - [Commits](https://github.com/parcel-bundler/parcel/commits/v2.16.4) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.15.0) Updates `altcha` from 1.5.1 to 2.3.0 - [Release notes](https://github.com/altcha-org/altcha/releases) - [Commits](altcha-org/altcha@v1.5.1...v2.3.0) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `@parcel/reporter-dev-server` from 2.16.3 to 2.16.4 - [Release notes](https://github.com/parcel-bundler/parcel/releases) - [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md) - [Commits](https://github.com/parcel-bundler/parcel/commits/v2.16.4) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `@parcel/reporter-dev-server` from 2.16.3 to 2.16.4 - [Release notes](https://github.com/parcel-bundler/parcel/releases) - [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md) - [Commits](https://github.com/parcel-bundler/parcel/commits/v2.16.4) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) --- updated-dependencies: - dependency-name: "@parcel/reporter-dev-server" dependency-version: 2.16.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@parcel/reporter-dev-server" dependency-version: 2.16.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: altcha dependency-version: 2.3.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@parcel/reporter-dev-server" dependency-version: 2.16.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@parcel/reporter-dev-server" dependency-version: 2.16.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-02-28T10:14:27Z

Superseded by #2037.

dependabot bot added dependencies Pull requests that update a dependency file javascript Everything Javascript that's not vuejs labels Feb 22, 2026

dependabot bot closed this Feb 28, 2026

dependabot bot deleted the dependabot/npm_and_yarn/zmsadmin/npm_and_yarn-74570cb7da branch February 28, 2026 10:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 6 directories with 6 updates#2008

chore(deps): bump the npm_and_yarn group across 6 directories with 6 updates#2008
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/zmsadmin/npm_and_yarn-74570cb7da

dependabot bot commented on behalf of github Feb 22, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 22, 2026

v2.16.4

Fixed

[2.16.4] – 2026-02-01

Fixed

[4.1.1] - 2025-11-12

Security

6.15.0

6.14.2

6.14.1

6.14.0

6.13.3

6.13.2

6.13.1

v2.16.4

Fixed

[2.16.4] – 2026-02-01

Fixed

6.15.0

6.14.2

6.14.1

6.14.0

6.13.3

6.13.2

6.13.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.5

v2.0.4

v2.16.4

Fixed

[2.16.4] – 2026-02-01

Fixed

v2.16.4

Fixed

[2.16.4] – 2026-02-01

Fixed

Uh oh!

dependabot bot commented on behalf of github Feb 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants