Skip to content

chore(deps-dev): bump devalue from 5.3.2 to 5.8.1#687

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/devalue-5.8.1
Open

chore(deps-dev): bump devalue from 5.3.2 to 5.8.1#687
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/devalue-5.8.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Bumps devalue from 5.3.2 to 5.8.1.

Release notes

Sourced from devalue's releases.

v5.8.1

Patch Changes

  • 206ca67: fix: force sparse arrays to allocate sparsely

v5.8.0

Minor Changes

  • c5115b0: feat: add stringifyAsync for async serialization

v5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

v5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values

v5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

v5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.8.1

Patch Changes

  • 206ca67: fix: force sparse arrays to allocate sparsely

5.8.0

Minor Changes

  • c5115b0: feat: add stringifyAsync for async serialization

5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values

5.6.4

Patch Changes

  • 87c1f3c: fix: reject __proto__ keys in malformed Object wrapper payloads

    This validates the "Object" parse path and throws when the wrapped value has an own __proto__ key.

  • 40f1db1: fix: ensure sparse array indices are integers

  • 87c1f3c: fix: disallow __proto__ keys in null-prototype object parsing

    This disallows __proto__ keys in the "null" parse path so null-prototype object hydration cannot carry that key through parse/unflatten.

5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

5.6.2

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for devalue since your current version.

@dependabot dependabot Bot requested a review from a team as a code owner May 14, 2026 23:49
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/devalue-5.8.1 branch 2 times, most recently from 53a9dd0 to 1e0457a Compare May 15, 2026 14:25
@dependabot dependabot Bot changed the title build(deps-dev): bump devalue from 5.3.2 to 5.8.1 chore(deps-dev): bump devalue from 5.3.2 to 5.8.1 May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/devalue-5.8.1 branch 4 times, most recently from ce6f2f5 to 7f8825d Compare May 18, 2026 13:58
@dependabot
chore(deps-dev): bump devalue from 5.3.2 to 5.8.1
dd317bc 
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.3.2 to 5.8.1.
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v5.3.2...v5.8.1)

---
updated-dependencies:
- dependency-name: devalue
  dependency-version: 5.8.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/devalue-5.8.1 branch from 7f8825d to dd317bc Compare May 18, 2026 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies javascript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants