chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: cookie.

Updates cookie from 0.6.0 to 1.1.1

Release notes

Sourced from cookie's releases.

v1.1.1

Fixed

• Overwrite value in passed in options (#253) c66147c
  • When value was provided in serialize(key, value, { value }) the value in options was used instead of the value passed as an argument

---

jshttp/cookie@v1.1.0...v1.1.1

v1.1.0

Added:

• Add stringifyCookie and parseSetCookie methods (#244, #214)
• Rename existing methods for clarity (old method names remain for backward compatibility)
  • parse → parseCookie
  • serialize → stringifySetCookie
• Add side effects field (#245) 00b0327

---

jshttp/cookie@v1.0.2...v1.1.0

v1.0.2

Fixed

• Loosen cookie name/value validation (#210)
• fix: options.priority used incorrect fallback (#207) by @​jonchurch

Added

• Add import example to README (#190) by @​isnifer

jshttp/cookie@v1.0.1...v1.0.2

v1.0.1

Added

• Allow case insensitive options (#194) 3bed080

jshttp/cookie@v1.0.0...v1.0.1

v1.0.0

Breaking changes

• Use modern JS features, ship TypeScript definition (#175) 1cc64ff
  • Adds __esModule marker, imports need to use import { parse, serialize } or import * as cookie
• Minimum node.js v18
• Uses null prototype object for parse return value
• Changes strict and priority to match the lower case strings (i.e. low, not LOW or Low)

... (truncated)

Commits

• 1b89eec 1.1.1
• c66147c Overwrite value in passed in options (#253)
• 09cec9f 1.1.0
• 05ebd34 Add tests for parsing top sites (#249)
• 6214eaf Add benchmark for parseSetCookie (#247)
• 71798d7 Fix skip over of boolean attributes (#248)
• 9e41cf1 build(deps): bump the npm_and_yarn group across 1 directory with 4 updates (#...
• 6fea506 Add parse method for set-cookie (#244)
• 00b0327 Add side effects field (#245)
• 94586de feat: remove dependabot from repo (#242)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates devalue from 5.7.1 to 5.8.1

Release notes

Sourced from devalue's releases.

v5.8.1

Patch Changes

• 206ca67: fix: force sparse arrays to allocate sparsely

v5.8.0

Minor Changes

• c5115b0: feat: add stringifyAsync for async serialization

Changelog

Sourced from devalue's changelog.

5.8.1

Patch Changes

• 206ca67: fix: force sparse arrays to allocate sparsely

5.8.0

Minor Changes

• c5115b0: feat: add stringifyAsync for async serialization

Commits

• 796ea83 Version Packages (#152)
• 206ca67 Merge commit from fork
• 14933f7 Version Packages (#151)
• c5115b0 feat: stringifyAsync (#150)
• 67dad45 docs: update README to reflect serialization stability non-goal (#147)
• See full diff in compare view

Updates undici from 5.29.0 to 8.3.0

Release notes

Sourced from undici's releases.

v8.3.0

What's Changed

• fix: preserve pool capacity after removing stale client by @​trivikr in nodejs/undici#5151
• build(deps): bump actions/github-script from 8.0.0 to 9.0.0 by @​dependabot[bot] in nodejs/undici#5157
• build(deps): bump actions/upload-artifact from 5.0.0 to 7.0.1 by @​dependabot[bot] in nodejs/undici#5162
• build(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @​dependabot[bot] in nodejs/undici#5156
• chore(http2): collapse duplicate request stream setup by @​trivikr in nodejs/undici#5140
• perf(client): cache HTTP/2 authority by @​trivikr in nodejs/undici#5141
• build(deps-dev): bump borp from 0.20.2 to 1.0.0 by @​dependabot[bot] in nodejs/undici#4819
• types: add TOpaque to client connect options by @​samuel871211 in nodejs/undici#4928
• build(deps): bump tinybench from 5.1.0 to 6.0.1 in /benchmarks by @​dependabot[bot] in nodejs/undici#4688
• build(deps): bump codecov/codecov-action from 5.5.1 to 6.0.0 by @​dependabot[bot] in nodejs/undici#4950
• build(deps): bump actions/dependency-review-action from 4.8.1 to 4.9.0 by @​dependabot[bot] in nodejs/undici#4951
• test(fetch): add userinfo coverage for issue-4897 URLs by @​mcollina in nodejs/undici#4901
• perf: avoid duplicate pool dispatcher selection on backpressure by @​trivikr in nodejs/undici#5149
• build(deps): bump actions/setup-node from 6.2.0 to 6.4.0 by @​dependabot[bot] in nodejs/undici#5163
• build(deps): bump step-security/harden-runner from 2.14.1 to 2.19.1 by @​dependabot[bot] in nodejs/undici#5160
• build(deps): bump cronometro from 5.3.0 to 6.0.3 in /benchmarks by @​dependabot[bot] in nodejs/undici#4687
• build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @​dependabot[bot] in nodejs/undici#5161
• build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @​dependabot[bot] in nodejs/undici#4853
• build(deps): bump hendrikmuhs/ccache-action from 1.2.22 to 1.2.23 by @​dependabot[bot] in nodejs/undici#5158
• build(deps): bump fastify/github-action-merge-dependabot from 3.11.2 to 3.12.0 by @​dependabot[bot] in nodejs/undici#5159
• build(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @​dependabot[bot] in nodejs/undici#4854
• build(deps): bump uWebSockets.js from v20.64.0 to v20.66.0 in /benchmarks by @​dependabot[bot] in nodejs/undici#5130
• docs: mention install() also installs WebSocket globals by @​mcollina in nodejs/undici#5174
• types: stop interfering with @​types/node by @​Renegade334 in nodejs/undici#5173
• fix: align h2 empty body content-length methods with h1 by @​trivikr in nodejs/undici#5172
• build(deps-dev): bump fast-check from 4.6.0 to 4.7.0 by @​dependabot[bot] in nodejs/undici#5192
• build(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @​dependabot[bot] in nodejs/undici#5191
• test: move cleanup from finally to after hooks by @​trivikr in nodejs/undici#5194
• test: resolve flaky timeout in issue-3356 by @​trivikr in nodejs/undici#5188
• SnapshotAgent: Add normalizeBody and normalizeQuery by @​GeoffreyBooth in nodejs/undici#5121
• fix(socks5): use configured connector in Socks5ProxyAgent by @​trivikr in nodejs/undici#5168
• perf(http2): avoid isArray checks for common headers by @​trivikr in nodejs/undici#5170
• fix(test): make deduplicate body-streaming test non-flaky by @​mcollina in nodejs/undici#5196
• test(retry): add regression test for RetryAgent + HTTP/2 stream timeout (#5137) by @​mcollina in nodejs/undici#5176
• fix(socks5): preserve dispatch backpressure return value by @​trivikr in nodejs/undici#5166
• perf(http2): end zero-length request bodies with headers by @​trivikr in nodejs/undici#5169
• fix(test): make issue-2898-comment.js assertion robust against flakiness by @​mcollina in nodejs/undici#5208
• test: disable timeouts in h2 high concurrency regression by @​trivikr in nodejs/undici#5205
• test: deflake stream compat coverage by @​mcollina in nodejs/undici#5209
• fix(dispatcher): remove unreachable assert in writeBlob by @​SAY-5 in nodejs/undici#5231
• fix: clean up benchmark resources before worker exit by @​trivikr in nodejs/undici#5225
• test: avoid per-chunk assertions in diagnostics get by @​trivikr in nodejs/undici#5224
• test: capture cache test worker stderr and preserve failures by @​trivikr in nodejs/undici#5206
• chore: gitignore benchmarks/package-lock.json by @​trivikr in nodejs/undici#5228
• perf(proxy-agent): avoid extra header allocations in auth guard by @​trivikr in nodejs/undici#5164
• test(wpt): retry WPT server startup on port conflicts or timeout by @​trivikr in nodejs/undici#5215
• test: make websocket diagnostics ping-pong ordering deterministic by @​trivikr in nodejs/undici#5222
• test(websocket): fix flaky send test by @​mcollina in nodejs/undici#5232

... (truncated)

Commits

• aa33b19 Bumped v8.3.0 (#5305)
• f33a6cb test: fix flaky http2-dispatcher WebSocket upgrade tests (#5304)
• ca0cb16 build(deps): bump uWebSockets.js in /benchmarks (#5299)
• e1f9035 build(deps-dev): bump jest from 30.3.0 to 30.4.2 (#5297)
• 314ba6a perf(client-h2): reuse request upgrade stream handlers (#5293)
• be9a544 Add Node 26 to the matrix (#5271)
• 45f7bd3 test: retry crashed cache-test workers once (#5294)
• 08cf765 build(deps-dev): bump fast-check from 4.7.0 to 4.8.0 (#5298)
• df5ded9 cache formdata boundary (#5292)
• e101dcb test: include after in parser-issues (#5284)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for undici since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
pnpm-lock.yaml	20% smaller

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vite@​5.4.21 ⏵ 8.0.9	+8	+2
	svelte@​5.55.7

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm svelte is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package.json → npm/svelte@5.55.7 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/svelte@5.55.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report