build(deps): bump the npm_and_yarn group across 2 directories with 16 updates by dependabot[bot] · Pull Request #593 · AllianceBioversityCIAT/onecgiar_pr

dependabot · 2026-01-29T15:38:30Z

Bumps the npm_and_yarn group with 6 updates in the /onecgiar-pr-client directory:

Package	From	To
@angular/common	`19.2.14`	`19.2.16`
@angular/compiler	`19.2.14`	`19.2.18`
pdfjs-dist	`3.11.174`	`4.2.67`
qs	`6.14.0`	`6.14.1`
js-yaml	`3.14.1`	`3.14.2`
tmp	`0.2.3`	`0.2.5`

Bumps the npm_and_yarn group with 11 updates in the /onecgiar-pr-server directory:

Package	From	To
qs	`6.13.0`	`6.14.1`
js-yaml	`3.14.1`	`3.14.2`
glob	`10.4.5`	`10.5.0`
glob	`11.0.1`	`11.1.0`
tmp	`0.0.33`	`removed`
form-data	`4.0.1`	`4.0.5`
aws-sdk	`2.1692.0`	`2.1693.0`
axios	`1.10.0`	`1.13.4`
typeorm	`0.3.20`	`0.3.28`
@smithy/config-resolver	`4.1.0`	`4.4.6`
jws	`3.2.2`	`3.2.3`
validator	`13.12.0`	`13.15.26`

Updates @angular/common from 19.2.14 to 19.2.16

Release notes

Sourced from @angular/common's releases.

19.2.16

http

Commit Description

prevent XSRF token leakage to protocol-relative URLs

19.2.15

core

Commit Description

introduce BootstrapContext for improved server bootstrapping (#63639)

Breaking Changes

core
The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

Before:
const bootstrap = () => bootstrapApplication(AppComponent, config);
After:
const bootstrap = (context: BootstrapContext) =>
  bootstrapApplication(AppComponent, config, context);
A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.
For more information please see: GHSA-68x2-mx4q-78m7

Changelog

Sourced from @angular/common's changelog.

19.2.16 (2025-11-26)

http

Commit Type Description

05fe6686a9 fix prevent XSRF token leakage to protocol-relative URLs

20.3.14 (2025-11-25)

http

Commit Type Description

0276479e7d fix prevent XSRF token leakage to protocol-relative URLs

21.0.1 (2025-11-25)

compiler-cli

Commit Type Description

39c577bc36 fix do not type check native controls with ControlValueAccessor

8d3a89a477 fix escape angular control flow in jsdoc

bc34083d34 fix ignore non-existent files

core

Commit Type Description

0ea1e07174 fix apply bootstrap-options migration to platformBrowserDynamic

70507b8c1c fix debug data causing memory leak for root effects

a55482fca3 fix notify profiler events in case of errors

49ad7c6508 fix use injected DOCUMENT for CSP_NONCE

cc1ec09931 perf avoid repeat searches for field directive

forms

Commit Type Description

7d5c7cf99a feat add DI option for classes on Field directive

8acf5d2756 fix allow dynamic type bindings on signal form controls

... (truncated)

Commits

05fe668 fix(http): prevent XSRF token leakage to protocol-relative URLs
See full diff in compare view

Updates @angular/compiler from 19.2.14 to 19.2.18

Release notes

Sourced from @angular/compiler's releases.

19.2.18

core

Commit Description

sanitize sensitive attributes on SVG script elements

19.2.17

compiler

Commit Description

prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16

http

Commit Description

prevent XSRF token leakage to protocol-relative URLs

19.2.15

core

Commit Description

introduce BootstrapContext for improved server bootstrapping (#63639)

Breaking Changes

core
The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

Before:
const bootstrap = () => bootstrapApplication(AppComponent, config);
After:
const bootstrap = (context: BootstrapContext) =>
  bootstrapApplication(AppComponent, config, context);
A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.
For more information please see: GHSA-68x2-mx4q-78m7

Changelog

Sourced from @angular/compiler's changelog.

19.2.18 (2026-01-07)

core

Commit Type Description

26cdc53d9c fix sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit Type Description

8e808740c9 fix better types for a few expression AST nodes

63b1cdcf70 fix produce accurate span for typeof and void expressions

3c3ae0cb64 fix provide location information for literal map keys

523dbaf1c3 fix stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit Type Description

4d9c4567ed fix ensure component import diagnostics are reported within the imports expression

cd405685af fix fix up spelling of diagnostic

778460fcca fix support qualified names in typeof type references

core

Commit Type Description

7c74674eb0 fix avoid leaking view data in animations

0edbee4550 fix explicitly cast signal node value to String

f9c29572d2 fix sanitize sensitive attributes on SVG script elements

forms

Commit Type Description

e3fba182f9 feat add [formField] directive

561772b152 fix allow custom controls to require dirty input

f0fb1d8581 fix allow custom controls to require hidden input

ec110f170b fix allow custom controls to require pending input

ae1dc16bb0 fix clean up abort listener after timeout

9748b0d5da fix support custom controls with non signal-based models

6bd22df987 fix Support readonly arrays in signal forms

router

Commit Type Description

41cd4a6af8 fix Fix RouterLink href not updating with queryParamsHandling

5e9e09aee0 fix handle errors from view transition updateCallbackDone promise

21.0.6 (2025-12-17)

Breaking Changes (affecting only experimental features)

... (truncated)

Commits

26cdc53 fix(core): sanitize sensitive attributes on SVG script elements
7c42e2e fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
See full diff in compare view

Updates pdfjs-dist from 3.11.174 to 4.2.67

Release notes

Sourced from pdfjs-dist's releases.

v4.2.67

This release includes a new JPX decoder, based on OpenJPEG, which improves JPX image rendering performance and correctness. Moreover, this release contains improvements for the annotation editor, font conversion and the viewer.

Note that text selection boxes for some PDF files may overlap visually. This is a known issue that we currently track in mozilla/pdf.js#17561.

Changes since v4.1.392

Bump the stable version in pdfjs.config by @timvandermeij in mozilla/pdf.js#17924

Convert the history code to use proper private methods by @timvandermeij in mozilla/pdf.js#17925

Update dependencies and translations to the most recent versions by @timvandermeij in mozilla/pdf.js#17927

Remove the tag for missing font subset when trying to find a substitution by @calixteman in mozilla/pdf.js#17930

Fix resetting of cursor-tools when closing the document (PR 17464 follow-up) by @Snuffleupagus in mozilla/pdf.js#17933

Warn when a non-embedded font has an invalid name by @calixteman in mozilla/pdf.js#17934

Remove the mkdirp dependency in favor of the built-in Node.js fs.mkdirSync by @timvandermeij in mozilla/pdf.js#17935

Improve type definitions for the viewer by @ex37 in mozilla/pdf.js#17879

Fix the "must check that invisible fields are made visible" scripting integration test by @timvandermeij in mozilla/pdf.js#17940

Remove the rimraf dependency in favor of the built-in Node.js fs.rmSync in the test folder by @timvandermeij in mozilla/pdf.js#17938

[api-minor] Update the minimum supported Safari version to 16.4 by @Snuffleupagus in mozilla/pdf.js#17942

Fix the "must check that a field has the correct value when a choice is changed" scripting integration test by @timvandermeij in mozilla/pdf.js#17947

[api-minor] Add a jpx decoder based on OpenJPEG 2.5.2 by @calixteman in mozilla/pdf.js#17946

Bump library version to 4.2 by @Snuffleupagus in mozilla/pdf.js#17949

Build the openjpeg-based decoder in a web environment in order to avoid issues when used in node by @calixteman in mozilla/pdf.js#17954

Fix JpxImage API issues (PR 17946 follow-up) by @timvandermeij in mozilla/pdf.js#17951

[JPX] Throw an exception with the error messages returned by openjpeg by @calixteman in mozilla/pdf.js#17956

[Editor] Provide an element to render in the annotation layer after a freetext has been edited (bug 1890535) by @calixteman in mozilla/pdf.js#17914

Remove waitForTimeout usage from the helper functions by @timvandermeij in mozilla/pdf.js#17966

Remove some event listeners with signal in the viewer by @Snuffleupagus in mozilla/pdf.js#17964

[Editor] Don't show the context menu when resizing by @calixteman in mozilla/pdf.js#17973

Correctly update the xref table when an annotation is deleted by @calixteman in mozilla/pdf.js#17970

Update dependencies and translations to the most recent versions by @timvandermeij in mozilla/pdf.js#17972

Improve jpx decoding by around 20% in enabling simd support when compiling OpenJPEG by @calixteman in mozilla/pdf.js#17983

[api-minor] Remove the image-related error message prefixes by @Snuffleupagus in mozilla/pdf.js#17979

Use the pdf.js warn when using jpx decoder by @calixteman in mozilla/pdf.js#17985

Extend the globally cached image main-thread copying to "complex" images as well (PR 17428 follow-up) by @Snuffleupagus in mozilla/pdf.js#17978

Update JpxImage.parseImageProperties to support TypedArray data in IMAGE_DECODERS builds by @Snuffleupagus in mozilla/pdf.js#17977

Add signal-support in the EventBus, and utilize it in the viewer (PR 17964 follow-up) by @Snuffleupagus in mozilla/pdf.js#17967

Set correctly the change property for the event triggered when a choice list is changed by @calixteman in mozilla/pdf.js#17999

Remove all waitForTimeout usage from the annotation integration tests by @timvandermeij in mozilla/pdf.js#17969

Validate explicit destinations on the worker-thread to prevent DataCloneError (issue 17981) by @Snuffleupagus in mozilla/pdf.js#17984

Allow to insert several annotations under the same parent in the structure tree by @calixteman in mozilla/pdf.js#17986

Always enable smoothing when rendering downscaled image by @calixteman in mozilla/pdf.js#17868

Simplify the way to pass the glyph drawing instructions from the worker to the main thread by @calixteman in mozilla/pdf.js#18015

Validate additional font-dictionary properties by @Snuffleupagus in mozilla/pdf.js#18014

Add more validation of width-data by @Snuffleupagus in mozilla/pdf.js#18017

Reduce code-duplication when caching data in CompiledFont.getPathJs by @Snuffleupagus in mozilla/pdf.js#18018

Re-factor SimpleLinkService to extend PDFLinkService by @Snuffleupagus in mozilla/pdf.js#18013

[api-minor] Move the page reference/number caching into the API by @Snuffleupagus in mozilla/pdf.js#18001

v4.1.392

This release features improvements, bugfixes and optimizations for accessibility, annotation rendering, annotation editing, font rendering, form handling, image rendering, text selection and the viewer.

... (truncated)

Commits

49b3881 Merge pull request #18001 from Snuffleupagus/api-pageRefCache
150964d Remove unnecessary check from PDFLinkService.goToDestination (PR 17984 foll...
f6cd039 [api-minor] Move the page reference/number caching into the API
fa69d9a Inline the helper method in PDFLinkService.goToDestination
3052e99 Merge pull request #18013 from Snuffleupagus/SimpleLinkService-extends-PDFLin...
2b2ade7 Merge pull request #18018 from Snuffleupagus/CompiledFont-tweak-caching
627fe2d Merge pull request #18017 from Snuffleupagus/validate-widths
85ff8f3 Reduce code-duplication when caching data in CompiledFont.getPathJs
d411a07 Add more validation of width-data
234067e Merge pull request #18014 from Snuffleupagus/validate-font-properties
Additional commits viewable in compare view

Updates qs from 6.14.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

Types are now exported as yaml.types.XXX.

Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

Check migration guide to see details for all breaking changes.

Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.

Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.

yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.

yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.

!!binary now always mapped to Uint8Array on load.

Reduced nesting of /lib folder.

Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).

dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.

Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.

Code snippet created in exceptions now contains multiple lines with line numbers.

dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.

dump() with skipInvalid=true now serializes invalid items in collections as null.

Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.

Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

Added .mjs (es modules) support.

Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.

Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

9963d36 3.14.2 released
10d3c8e dist rebuild
5278870 fix prototype pollution in merge (<<) (#731)
See full diff in compare view

Updates tmp from 0.2.3 to 0.2.5

Commits

3d2fe38 Bump up the version
e162828 Merge pull request #309 from fflorent/fix-tmp-dir-with-dir
b847d2f Fix use of tmp.dir() with dir option
08fa3ab Update version
1cf4ec5 Merge commit from fork
188b25e Fix GHSA-52f5-9888-hmc6
73b9fe4 Add test case for GHSA-52f5-9888-hmc6
b8e2f29 Remove broken tests
2892a02 Remove outdated URL
f592318 Reformat package.json
Additional commits viewable in compare view

Updates form-data from 4.0.3 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

[Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076

[Dev Deps] update @ljharb/eslint-config, eslint 5822467

[Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

... (truncated)

Commits

68ff7dd v4.0.5
5822467 [Dev Deps] update @ljharb/eslint-config, eslint
76d0dee [Fix] set Symbol.toStringTag in the proper place
16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
41996f5 v4.0.4
316c82b [meta] actually ensure the readme backup isn’t published
2300ca1 [meta] fix readme capitalization
811f682 [meta] add auto-changelog
5e34080 [Tests] fix linting errors
1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
Additional commits viewable in compare view

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

Types are now exported as yaml.types.XXX.

Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

Check migration guide to see details for all breaking changes.

Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.

Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.

yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.

yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.

!!binary now always mapped to Uint8Array on load.

Reduced nesting of /lib folder.

Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).

dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.

Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.

Code snippet created in exceptions now contains multiple lines with line numbers.

dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.

dump() with skipInvalid=true now serializes invalid items in collections as null.

Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.

Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

Added .mjs (es modules) support.

Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.

Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

9963d36 3.14.2 released
10d3c8e dist rebuild
5278870 fix prototype pollution in merge (<<) (#731)
See full diff in compare view

Updates form-data from 4.0.3 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

[Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076

[Dev Deps] update @ljharb/eslint-config, eslint 5822467

[Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization Cursor Bugbot for commit e01e3b1. Configure here.

… updates Bumps the npm_and_yarn group with 6 updates in the /onecgiar-pr-client directory: | Package | From | To | | --- | --- | --- | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `19.2.14` | `19.2.16` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `19.2.14` | `19.2.18` | | [pdfjs-dist](https://github.com/mozilla/pdf.js) | `3.11.174` | `4.2.67` | | [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.14.1` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.5` | Bumps the npm_and_yarn group with 11 updates in the /onecgiar-pr-server directory: | Package | From | To | | --- | --- | --- | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` | | [glob](https://github.com/isaacs/node-glob) | `11.0.1` | `11.1.0` | | [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `removed` | | [form-data](https://github.com/form-data/form-data) | `4.0.1` | `4.0.5` | | [aws-sdk](https://github.com/aws/aws-sdk-js) | `2.1692.0` | `2.1693.0` | | [axios](https://github.com/axios/axios) | `1.10.0` | `1.13.4` | | [typeorm](https://github.com/typeorm/typeorm) | `0.3.20` | `0.3.28` | | [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) | `4.1.0` | `4.4.6` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [validator](https://github.com/validatorjs/validator.js) | `13.12.0` | `13.15.26` | Updates `@angular/common` from 19.2.14 to 19.2.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.2.16/packages/common) Updates `@angular/compiler` from 19.2.14 to 19.2.18 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v19.2.18/packages/compiler) Updates `pdfjs-dist` from 3.11.174 to 4.2.67 - [Release notes](https://github.com/mozilla/pdf.js/releases) - [Commits](mozilla/pdf.js@v3.11.174...v4.2.67) Updates `qs` from 6.14.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `tmp` from 0.2.3 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.3...v0.2.5) Updates `form-data` from 4.0.3 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.1...v4.0.5) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `form-data` from 4.0.3 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.1...v4.0.5) Updates `qs` from 6.14.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `tmp` from 0.0.33 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.3...v0.2.5) Updates `qs` from 6.13.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `glob` from 10.4.5 to 10.5.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.4.5...v10.5.0) Updates `glob` from 11.0.1 to 11.1.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.4.5...v10.5.0) Removes `tmp` Updates `form-data` from 4.0.1 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.1...v4.0.5) Updates `aws-sdk` from 2.1692.0 to 2.1693.0 - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Commits](aws/aws-sdk-js@v2.1692.0...v2.1693.0) Updates `axios` from 1.10.0 to 1.13.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.10.0...v1.13.4) Updates `typeorm` from 0.3.20 to 0.3.28 - [Release notes](https://github.com/typeorm/typeorm/releases) - [Changelog](https://github.com/typeorm/typeorm/blob/master/CHANGELOG.md) - [Commits](typeorm/typeorm@0.3.20...0.3.28) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `@smithy/config-resolver` from 4.1.0 to 4.4.6 - [Release notes](https://github.com/smithy-lang/smithy-typescript/releases) - [Changelog](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md) - [Commits](https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@4.4.6/packages/config-resolver) Updates `form-data` from 4.0.1 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.1...v4.0.5) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `multer` from 1.4.5-lts.1 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.1...v2.0.2) Updates `qs` from 6.13.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `validator` from 13.12.0 to 13.15.26 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.12.0...13.15.26) --- updated-dependencies: - dependency-name: "@angular/common" dependency-version: 19.2.16 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@angular/compiler" dependency-version: 19.2.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pdfjs-dist dependency-version: 4.2.67 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 10.5.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 11.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: aws-sdk dependency-version: 2.1693.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: typeorm dependency-version: 0.3.28 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@smithy/config-resolver" dependency-version: 4.4.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: validator dependency-version: 13.15.26 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-01-29T15:39:03Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 29, 2026

dependabot bot mentioned this pull request Jan 29, 2026

build(deps): bump the npm_and_yarn group across 2 directories with 16 updates #580

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 2 directories with 16 updates#593

build(deps): bump the npm_and_yarn group across 2 directories with 16 updates#593
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/onecgiar-pr-client/npm_and_yarn-6f0b52e877

dependabot bot commented on behalf of github Jan 29, 2026 •

edited by cursor bot

Loading

Uh oh!

sonarqubecloud bot commented Jan 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Commit	Type	Description
39c577bc36	fix	do not type check native controls with ControlValueAccessor
8d3a89a477	fix	escape angular control flow in jsdoc
bc34083d34	fix	ignore non-existent files

Commit	Type	Description
0ea1e07174	fix	apply bootstrap-options migration to `platformBrowserDynamic`
70507b8c1c	fix	debug data causing memory leak for root effects
a55482fca3	fix	notify profiler events in case of errors
49ad7c6508	fix	use injected `DOCUMENT` for `CSP_NONCE`
cc1ec09931	perf	avoid repeat searches for field directive

Commit	Type	Description
7d5c7cf99a	feat	add DI option for classes on `Field` directive
8acf5d2756	fix	allow dynamic `type` bindings on signal form controls

Commit	Type	Description
8e808740c9	fix	better types for a few expression AST nodes
63b1cdcf70	fix	produce accurate span for typeof and void expressions
3c3ae0cb64	fix	provide location information for literal map keys
523dbaf1c3	fix	stop ThisReceiver inheritance from ImplicitReceiver

Commit	Type	Description
4d9c4567ed	fix	ensure component import diagnostics are reported within the `imports` expression
cd405685af	fix	fix up spelling of diagnostic
778460fcca	fix	support qualified names in `typeof` type references

Commit	Type	Description
7c74674eb0	fix	avoid leaking view data in animations
0edbee4550	fix	explicitly cast signal node value to String
f9c29572d2	fix	sanitize sensitive attributes on SVG script elements

Commit	Type	Description
e3fba182f9	feat	add `[formField]` directive
561772b152	fix	allow custom controls to require `dirty` input
f0fb1d8581	fix	allow custom controls to require `hidden` input
ec110f170b	fix	allow custom controls to require `pending` input
ae1dc16bb0	fix	clean up abort listener after timeout
9748b0d5da	fix	support custom controls with non signal-based models
6bd22df987	fix	Support readonly arrays in signal forms

Commit	Type	Description
41cd4a6af8	fix	Fix RouterLink href not updating with `queryParamsHandling`
5e9e09aee0	fix	handle errors from view transition `updateCallbackDone` promise

Conversation

dependabot bot commented on behalf of github Jan 29, 2026 • edited by cursor bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

19.2.16

http

19.2.15

core

Breaking Changes

core

19.2.16 (2025-11-26)

http

20.3.14 (2025-11-25)

http

21.0.1 (2025-11-25)

compiler-cli

core

forms

19.2.18

core

19.2.17

compiler

19.2.16

http

19.2.15

core

Breaking Changes

core

19.2.18 (2026-01-07)

core

21.0.7 (2026-01-07)

compiler

compiler-cli

core

forms

router

21.0.6 (2025-12-17)

Breaking Changes (affecting only experimental features)

v4.2.67

Changes since v4.1.392

v4.1.392

6.14.1

[3.14.2] - 2025-11-15

Security

[4.1.1] - 2025-11-12

Security

[4.1.0] - 2021-04-15

Added

Changed

[4.0.0] - 2021-01-03

Changed

Added

v4.0.4

v4.0.4 - 2025-07-16

Commits

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

v4.0.5 - 2025-11-17

Commits

v4.0.4 - 2025-07-16

Commits

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2 - 2025-02-14

Merged

Fixed

[3.14.2] - 2025-11-15

Security

[4.1.1] - 2025-11-12

Security

[4.1.0] - 2021-04-15

Added

Changed

dependabot bot commented on behalf of github Jan 29, 2026 •

edited by cursor bot

Loading