chore(deps): bump the npm_and_yarn group across 3 directories with 6 updates by dependabot[bot] · Pull Request #1150 · learningeconomy/LearnCard

dependabot · 2026-04-03T21:45:12Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
vite	`4.3.8`	`5.4.21`
axios	`0.27.2`	`0.30.3`
rollup	`2.79.2`	`2.80.0`
happy-dom	`14.12.3`	`20.8.9`
node-forge	`1.3.1`	`1.4.0`

Bumps the npm_and_yarn group with 1 update in the /packages/react-learn-card directory: happy-dom.
Bumps the npm_and_yarn group with 2 updates in the /scripts/siwa-migration directory: node-forge and fast-xml-parser.

Updates vite from 4.3.8 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970

chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736

fix: port sirv@3.0.2 changes to sirv@2.0.4 (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246

fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

adce3c2 release: v5.4.21
cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
ca88ed7 chore: update CHANGELOG
997700f release: v5.4.20
482000f fix: apply fs.strict check to HTML files (#20736)
80a333a release: v5.4.19
766947e fix: backport #19965, check static serve file inside sirv (#19966)
731b77d release: v5.4.18
823675b fix: backport #19830, reject requests with # in request-target (#19831)
0a2518a release: v5.4.17
Additional commits viewable in compare view

Updates axios from 0.27.2 to 0.30.3

Release notes

Sourced from axios's releases.

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

Backport: Fix DoS via proto key in merge config

Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

CI Infrastructure Update

Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @jasonsaayman in [PR #7407](axios/axios#7407)

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

Backport maxContentLength vulnerability fix to v0.x by @FeBe95 in axios/axios#7034

New Contributors

@FeBe95 made their first contribution in axios/axios#7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @wolandec in axios/axios#6978

Contributors to this release

@wolandec made their first contribution in axios/axios#6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

fix: modify log while request is aborted by @mori5321 in axios/axios#4917

fix: update CHANGELOG.md for v0.x by @TehZarathustra in axios/axios#6271

fix: modify upgrade guide for 0.28.1's breaking change by @nafeger in axios/axios#6787

... (truncated)

Commits

f53bcf6 chore: release 0.30.2
3ddccd3 chore: remove publish as this wont work
9ef39d0 chore: try with npm token
4775de6 chore: fix version scheme
f96f26b chore: fix issues with using replace
ead45c2 chore: update the publish workflow to run on tag
8119265 chore: tag version as legacy on v0.x
9954985 chore: dispatch for first time
3f8b70f chore: final rename
c665584 chore: revert naming
Additional commits viewable in compare view

Updates rollup from 2.79.2 to 2.80.0

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

#6277: Validate bundle stays within output dir (@lukastaegert)

Commits

d17ae15 2.80.0
d6dee5e Validate bundle stays within output dir (#6277)
See full diff in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates happy-dom from 14.12.3 to 20.8.9

Release notes

Sourced from happy-dom's releases.

v20.8.9

👷‍♂️ Patch fixes

Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @capricorn86 in task #2117

A security advisory (GHSA-w4gp-fjgq-3q4g) was reported for this security vulnerability. Big thanks to @r74tech for reporting this!

v20.8.8

👷‍♂️ Patch fixes

Fixes issue where export names can be interpolated as executable code in ESM - By @capricorn86 in task #2113

A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @tndud042713 for reporting this!

v20.8.7

👷‍♂️ Patch fixes

Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @YevheniiKotyrlo in task #1845

v20.8.6

👷‍♂️ Patch fixes

Request.formData() should honor "Content-Type" header - By @brianhelba in task #2106

v20.8.5

👷‍♂️ Patch fixes

Fixes error thrown when modifying DOM structure in connectedCallback() - By @capricorn86 in task #2110

v20.8.4

👷‍♂️ Patch fixes

Replace ConsoleConstructor import with indexed access type - By @YevheniiKotyrlo in task #1845

v20.8.3

👷‍♂️ Patch fixes

Throw error if event is not of type Event in EventTarget.dispatchEvent() - By @capricorn86 in task #2054

v20.8.2

👷‍♂️ Patch fixes

Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @capricorn86 in task #2090

v20.8.1

👷‍♂️ Patch fixes

Make "inert" attribute block focus interactions - By @coffeeandwork in task #1422

v20.8.0

🎨 Features

Adds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By @coffeeandwork in task #1733

v20.7.2

👷‍♂️ Patch fixes

Properly decode CSS escape sequences in attribute selector values - By @silverwind

v20.7.1

👷‍♂️ Patch fixes

Fixes issue related to parsing direct descendants (>) and universal (*) query selectors - By @Cherry in task #2078

... (truncated)

Commits

68324c2 fix: #2117 Fixes issue related to cookies from the current origin being for...
5437fdf fix: #2113 Fixes issue where export names can be interpolated as executable...
7e97acb fix: #1845 Replace implementing Node js Console with common IConsole interf...
3373929 fix: #2106 Request.formData() should honor Content-Type header (#2107)
55c17ba fix: #2110 Fixes error thrown when modifying DOM structure in connectedCall...
82a0888 fix: #1845 Replace ConsoleConstructor import with indexed access type (#2095)
5998eea fix: #2054 Throw error if event is not of type Event in dispatchEvent (#2092)
7a11238 fix: #2090 Resets cancelBubble and defaultPrevented when calling initEvent ...
7d27984 fix: #1422 Make inert attribute block focus interactions (#2083)
53e4ec9 feat: #1733 Adds support for setPointerCapture, hasPointerCapture, and rele...
Additional commits viewable in compare view

Updates node-forge from 1.3.1 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

HIGH: Denial of Service in BigInteger.modInverse()

A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.

Reported by Kr0emer.

CVE ID: CVE-2026-33891

GHSA ID: GHSA-5gfm-wpxj-wjgq

HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.

RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.

Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.

Reported as part of a U.C. Berkeley security research project by:

Austin Chu, Sohee Kim, and Corban Villa.

CVE ID: CVE-2026-33894

GHSA ID: GHSA-ppp5-5v6c-4jwp

HIGH: Signature forgery in Ed25519 due to missing S < L check.

Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.

Reported as part of a U.C. Berkeley security research project by:

Austin Chu, Sohee Kim, and Corban Villa.

CVE ID: CVE-2026-33895

GHSA ID: GHSA-q67f-28xg-22rw

HIGH: basicConstraints bypass in certificate chain verification.

pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.

Reported by Doruk Tan Ozturk (@peaktwilight) - doruk.ch

CVE ID: CVE-2026-33896

GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

fa385f9 Release 1.4.0.
07d4e16 Update changelog.
cb90fd9 Update changelog.
963e7c5 Add unit test for "pseudonym"
f0b6f5b Add pseudonym OID
3df48a3 Fix missing CVE ID.
2e49283 Add x509 basicConstraints check.
bdecf11 Add canonical signature scaler check for S < L.
af094e6 Add RSA padding and DigestInfo length checks.
796eeb1 Improve jsbn fix.
Additional commits viewable in compare view

Updates happy-dom from 14.12.3 to 20.8.9

Release notes

Sourced from happy-dom's releases.

v20.8.9

👷‍♂️ Patch fixes

Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @capricorn86 in task #2117

A security advisory (GHSA-w4gp-fjgq-3q4g) was reported for this security vulnerability. Big thanks to @r74tech for reporting this!

v20.8.8

👷‍♂️ Patch fixes

Fixes issue where export names can be interpolated as executable code in ESM - By @capricorn86 in task #2113

A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @tndud042713 for reporting this!

v20.8.7

👷‍♂️ Patch fixes

Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @YevheniiKotyrlo in task #1845

v20.8.6

👷‍♂️ Patch fixes

Request.formData() should honor "Content-Type" header - By @brianhelba in task #2106

v20.8.5

👷‍♂️ Patch fixes

Fixes error thrown when modifying DOM structure in connectedCallback() - By @capricorn86 in task #2110

v20.8.4

👷‍♂️ Patch fixes

Replace ConsoleConstructor import with indexed access type - By @YevheniiKotyrlo in task #1845

v20.8.3

👷‍♂️ Patch fixes

Throw error if event is not of type Event in EventTarget.dispatchEvent() - By @capricorn86 in task #2054

v20.8.2

👷‍♂️ Patch fixes

Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @capricorn86 in task #2090

v20.8.1

👷‍♂️ Patch fixes

Make "inert" attribute block focus interactions - By @coffeeandwork in task #1422

v20.8.0

🎨 Features

Adds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By @coffeeandwork in task #1733

v20.7.2

👷‍♂️ Patch fixes

Properly decode CSS escape sequences in attribute selector values - By @silverwind

v20.7.1

👷‍♂️ Patch fixes

Fixes issue related to parsing direct descendants (>) and universal (*) query selectors - By @Cherry in task #2078

... (truncated)

Commits

68324c2 fix: #2117 Fixes issue related to cookies from the current origin being for...
5437fdf fix: #2113 Fixes issue where export names can be interpolated as executable...
7e97acb fix: #1845 Replace implementing Node js Console with common IConsole interf...
3373929 fix: #2106 Request.formData() should honor Content-Type header (#2107)
55c17ba fix: #2110 Fixes error thrown when modifying DOM structure in connectedCall...
82a0888 fix: #1845 Replace ConsoleConstructor import with indexed access type (#2095)
5998eea fix: #2054 Throw error if event is not of type Event in dispatchEvent (#2092)
7a11238 fix: #2090 Resets cancelBubble and defaultPrevented when calling initEvent ...
7d27984 fix: #1422 Make inert attribute block focus interactions (#2083)
53e4ec9 feat: #1733 Adds support for setPointerCapture, hasPointerCapture, and rele...
Additional commits viewable in compare view

Updates rollup from 2.79.2 to 2.80.0

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

#6277: Validate bundle stays within output dir (@lukastaegert)

Commits

d17ae15 2.80.0
d6dee5e Validate bundle stays within output dir (#6277)
See full diff in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates axios from 0.27.2 to 0.30.3

Release notes

Sourced from axios's releases.

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

Backport: Fix DoS via proto key in merge config

Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

CI Infrastructure Update

Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @jasonsaayman in [PR #7407](axios/axios#7407)

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

Backport maxContentLength vulnerability fix to v0.x by @FeBe95 in axios/axios#7034

New Contributors

@FeBe95 made their first contribution in axios/axios#7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @wolandec in axios/axios#6978

Contributors to this release

@wolandec made their first contribution in axios/axios#6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

fix: modify log while request is aborted by @mori5321 in axios/axios#4917

fix: update CHANGELOG.md for v0.x by @TehZarathustra in axios/axios#6271

fix: modify upgrade guide for 0.28.1's breaking change by @nafeger in axios/axios#6787

... (truncated)

Commits

f53bcf6 chore: release 0.30.2
3ddccd3 chore: remove publish as this wont work
9ef39d0 chore: try with npm token
4775de6 chore: fix version scheme
f96f26b chore: fix issues with using replace
ead45c2 chore: update the publish workflow to run on tag
8119265 chore: tag version as legacy on v0.x
9954985 chore: dispatch for first time
3f8b70f chore: final rename
c665584 chore: revert naming
Additional commits viewable in compare view

Updates node-forge from 1.3.1 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

HIGH: Denial of Service in BigInteger.modInverse()

A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.

Reported by Kr0emer.

CVE ID: CVE-2026-33891

GHSA ID: GHSA-5gfm-wpxj-wjgq

HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.

RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.

Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.

Reported as part of a U.C. Berkeley security research project by:

Austin Chu, Sohee Kim, and Corban Villa.

CVE ID: CVE-2026-33894

GHSA ID: GHSA-ppp5-5v6c-4jwp

HIGH: Signature forgery in Ed25519 due to missing S < L check.

Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.

Reported as part of a U.C. Berkeley security research project by:

Austin Chu, Sohee Kim, and Corban Villa.

CVE ID: CVE-2026-33895

GHSA ID: GHSA-q67f-28xg-22rw

HIGH: basicConstraints bypass in certificate chain verification.

pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.

Reported by Doruk Tan Ozturk (@peaktwilight) - doruk.ch

CVE ID: CVE-2026-33896

GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

fa385f9 Release 1.4.0.
07d4e16 Update changelog.
cb90fd9 Update changelog.
963e7c5 Add unit test for "pseudonym"
f0b6f5b Add pseudonym OID
3df48a3 Fix missing CVE ID.
2e49283 Add x509 basicConstraints check.
bdecf11 Add canonical signature scaler check for S < L.
af094e6 Add RSA padding and DigestInfo length checks.
796eeb1 Improve jsbn fix.
Additional commits viewable in compare view

Updates vite from 4.3.8 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970

chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736

fix: port sirv@3.0.2 changes to sirv@2.0.4 (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246

fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

adce3c2 release: v5.4.21
cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
ca88ed7 chore: update CHANGELOG
997700f release: v5.4.20
482000f fix: apply fs.strict check to HTML files (#20736)
80a333a release: v5.4.19
766947e fix: backport #19965, check static serve file inside sirv (#19966)
731b77d release: v5.4.18
823675b fix: backport #19830, reject requests with # in request-target (#19831)
0a2518a release: v5.4.17
Additional commits viewable in compare view

Updates axios from 0.27.2 to 0.30.3

Release notes

Sourced from axios's releases.

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

Backport: Fix DoS via proto key in merge config

Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

CI Infrastructure Update

Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @jasonsaayman in [PR #7407](axios/axios#7407)

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

Backport maxContentLength vulnerability fix to v0.x by @FeBe95 in axios/axios#7034

New Contributors

@FeBe95 made their first contribution in axios/axios#7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @wolandec in axios/axios#6978

Contributors to this release

@wolandec made their first contribution in axios/axios#6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

fix: modify log while request is aborted by

atlassian · 2026-04-03T21:45:18Z

To enable Rovo Dev code reviews, link your GitHub account to your Atlassian account.

This is a one-time task that takes less than a minute. Once your account is linked, resubmit the pull request to trigger a code review.

netlify · 2026-04-03T21:45:19Z

✅ Deploy Preview for learncarddocs canceled.

Name	Link
🔨 Latest commit	`9017420`
🔍 Latest deploy log	https://app.netlify.com/projects/learncarddocs/deploys/69dd52d7028fec0008db0445

netlify · 2026-04-03T21:45:19Z

❌ Deploy Preview for staging-learncardapp failed. Why did it fail? →

Name	Link
🔨 Latest commit	`9017420`
🔍 Latest deploy log	https://app.netlify.com/projects/staging-learncardapp/deploys/69dd52d73885570008b0f9a2

changeset-bot · 2026-04-03T21:45:19Z

⚠️ No Changeset found

Latest commit: 9017420

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

netlify · 2026-04-03T21:45:19Z

✅ Deploy Preview for app-store-1-basic-launchpad-app canceled.

Name	Link
🔨 Latest commit	`9017420`
🔍 Latest deploy log	https://app.netlify.com/projects/app-store-1-basic-launchpad-app/deploys/69dd52d7632c260008dd7963

github-actions · 2026-04-03T21:45:30Z

👋 Hey there! It looks like you modified code, but didn't update the documentation in /docs.

If this PR introduces new features, changes APIs, or modifies behavior that users or developers need to know about, please consider updating the docs.

🏄 Windsurf Tip

You can ask Windsurf to help:

"Analyze the changes in this PR and update the gitbook docs in /docs accordingly."

Windsurf will review your changes and suggest appropriate documentation updates based on what was modified.

📚 Documentation Guide

Change Type	Doc Location
New feature/API	`docs/tutorials/` or `docs/how-to-guides/`
SDK/API changes	`docs/sdks/`
New concepts	`docs/core-concepts/`
App UI/UX flows	`docs/apps/` (LearnCard App, ScoutPass)
Internal patterns	`AGENTS.md`

This is an automated reminder. If no docs are needed, feel free to ignore this message.

gitstream-cm · 2026-04-03T21:46:35Z

This PR is missing a Jira ticket reference in the title or description.
Please add a Jira ticket reference to the title or description of this PR.

dependabot · 2026-04-08T19:25:57Z

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

dependabot · 2026-04-10T21:37:59Z

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

Custard7 · 2026-04-11T03:27:17Z

@claude review

claude · 2026-04-11T03:27:38Z

Claude finished @Custard7's task —— View job

PR Review Complete ✅

Todo List

Fetch PR diff and file details
Review dependency security updates
Check for hard-stop rules
Evaluate auto-approval lane criteria
Make final review decision

Review Summary

Decision: Cannot Auto-Approve - Multiple hard-stop rules triggered, requires manual review.

This dependabot PR contains critical security updates but cannot be auto-approved due to scope and scale:

✅ Security Benefits

axios: DoS vulnerability fix (prototype pollution)
node-forge: Multiple HIGH CVE fixes (signature forgery, certificate validation)
happy-dom: VM context escape patches
vite: File system security improvements
rollup: Bundle validation security

❌ Hard-Stop Rules Triggered

Root workspace lockfile: pnpm-lock.yaml modified (+3051/-1425 lines)
Major version bumps: Breaking change potential across multiple packages
Size limit exceeded: 4,554 total lines >> 750 line auto-approval limits
Infrastructure impact: Core build dependencies affected

Recommendation

Manual review required to validate compatibility across the monorepo's 30+ packages before merging these important security updates.

claude

⚠️ Cannot Auto-Approve: Multiple Hard-Stop Rules Triggered

This dependabot PR contains critical security updates but cannot be auto-approved due to several hard-stop rules:

Security Updates (Positive)

✅ Critical fixes included:

axios 0.27.2→1.15.0: DoS vulnerability fix (prototype pollution via proto key)
node-forge 1.3.1→1.4.0: Multiple HIGH CVEs - DoS, RSA signature forgery, Ed25519 signature malleability, certificate chain validation bypass
happy-dom 14.12.3→20.8.9: VM context escape fixes, cookie forwarding vulnerability patches
vite 4.3.8→6.4.2: File system security checks and other security improvements
rollup 2.79.2→2.80.0: Bundle validation security feature

Hard-Stop Rules Triggered (Blocking Auto-Approval)

❌ Root monorepo lockfile changes: (+3051/-1425 lines)
❌ Major version bumps: Multiple packages with breaking change potential
❌ Change size limit exceeded: 4,554 total lines >> 750 line lane limits
❌ Root workspace dependency impact: Affects core build infrastructure

Recommendation

Requires manual review due to:

Scale of changes across build toolchain
Major version bumps needing compatibility validation
Potential for build/runtime breaking changes despite security benefits

The security fixes are important, but the scope requires human oversight to ensure compatibility across the monorepo's 30+ packages.

claude

⚠️ Cannot Auto-Approve: Multiple Hard-Stop Rules Triggered

This dependabot PR contains critical security updates but cannot be auto-approved due to several hard-stop rules:

Security Updates (Positive)

✅ Critical fixes included:

axios 0.27.2→1.15.0: DoS vulnerability fix (prototype pollution via proto key)
node-forge 1.3.1→1.4.0: Multiple HIGH CVEs - DoS, RSA signature forgery, Ed25519 signature malleability, certificate chain validation bypass
happy-dom 14.12.3→20.8.9: VM context escape fixes, cookie forwarding vulnerability patches
vite 4.3.8→6.4.2: File system security checks and other security improvements
rollup 2.79.2→2.80.0: Bundle validation security feature

Hard-Stop Rules Triggered (Blocking Auto-Approval)

❌ Root monorepo lockfile changes: pnpm-lock.yaml (+3051/-1425 lines)
❌ Major version bumps: Multiple packages with breaking change potential
❌ Change size limit exceeded: 4,554 total lines >> 750 line lane limits
❌ Root workspace dependency impact: Affects core build infrastructure

Recommendation

Requires manual review due to:

Scale of changes across build toolchain
Major version bumps needing compatibility validation
Potential for build/runtime breaking changes despite security benefits

The security fixes are important, but the scope requires human oversight to ensure compatibility across the monorepo's 30+ packages.

gitstream-cm · 2026-04-13T20:10:35Z

🥷 Code experts: TaylorBeeston, Custard7

TaylorBeeston, Custard7 have most 👩‍💻 activity in the files.
TaylorBeeston, Custard7 have most 🧠 knowledge in the files.

See details

apps/learn-card-app/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR		13 additions & 3 deletions
MAR		1 additions & 0 deletions
FEB	1 additions & 0 deletions
JAN		3 additions & 0 deletions
DEC	10 additions & 3 deletions	11 additions & 10 deletions
NOV	165 additions & 2 deletions

Knowledge based on git-blame:
TaylorBeeston: 61%
Custard7: 13%

apps/scouts/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR		4 additions & 1 deletions
FEB	1 additions & 0 deletions
JAN
DEC	1 additions & 1 deletions
NOV	163 additions & 4 deletions

Knowledge based on git-blame:
TaylorBeeston: 81%
Custard7: 2%

examples/credential-viewer/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR		29 additions & 0 deletions
MAR
FEB
JAN
DEC
NOV

Knowledge based on git-blame:
Custard7: 100%

packages/learn-card-base/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR		1 additions & 0 deletions
MAR		6 additions & 3 deletions
FEB
JAN
DEC	10 additions & 0 deletions
NOV	69 additions & 4 deletions

Knowledge based on git-blame:
TaylorBeeston: 77%
Custard7: 9%

packages/learn-card-bridge-http/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB
JAN
DEC	8 additions & 0 deletions
NOV

Knowledge based on git-blame:
TaylorBeeston: 13%

packages/learn-card-cli/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB
JAN
DEC	8 additions & 0 deletions
NOV

Knowledge based on git-blame:
TaylorBeeston: 17%
Custard7: 2%

packages/learn-card-embed-sdk/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB
JAN
DEC	46 additions & 38 deletions
NOV

Knowledge based on git-blame:
TaylorBeeston: 92%

packages/learn-card-partner-connect-sdk/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB
JAN		52 additions & 0 deletions
DEC
NOV

Knowledge based on git-blame:
Custard7: 98%

packages/react-learn-card/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB
JAN
DEC	8 additions & 0 deletions	1 additions & 1 deletions
NOV	83 additions & 0 deletions

Knowledge based on git-blame:
TaylorBeeston: 98%
Custard7: 1%

scripts/siwa-migration/package-lock.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB		2447 additions & 0 deletions
JAN
DEC
NOV

Knowledge based on git-blame:
Custard7: 100%

services/learn-card-discord-bot/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB
JAN
DEC	9 additions & 0 deletions
NOV

Knowledge based on git-blame:
TaylorBeeston: 16%

services/learn-card-network/lca-api/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB
JAN	13 additions & 9 deletions
DEC	83 additions & 1 deletions	4 additions & 4 deletions
NOV

Knowledge based on git-blame:
TaylorBeeston: 95%
Custard7: 3%

services/meta-mask-snap/package.json

Activity based on git-commit:

	TaylorBeeston	Custard7
APR
MAR
FEB
JAN
DEC	5 additions & 1 deletions
NOV

Knowledge based on git-blame:
TaylorBeeston: 9%

✨ Comment /gs review for LinearB AI review. Learn how to automate it here.

…updates Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.3.8` | `5.4.21` | | [axios](https://github.com/axios/axios) | `0.27.2` | `0.30.3` | | [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` | | [happy-dom](https://github.com/capricorn86/happy-dom) | `14.12.3` | `20.8.9` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` | Bumps the npm_and_yarn group with 1 update in the /packages/react-learn-card directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 2 updates in the /scripts/siwa-migration directory: [node-forge](https://github.com/digitalbazaar/forge) and [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser). Updates `vite` from 4.3.8 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `axios` from 0.27.2 to 0.30.3 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.27.2...v0.30.3) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.2...v2.80.0) Updates `happy-dom` from 14.12.3 to 20.8.9 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v14.12.3...v20.8.9) Updates `node-forge` from 1.3.1 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) Updates `happy-dom` from 14.12.3 to 20.8.9 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v14.12.3...v20.8.9) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.2...v2.80.0) Updates `axios` from 0.27.2 to 0.30.3 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.27.2...v0.30.3) Updates `node-forge` from 1.3.1 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) Updates `vite` from 4.3.8 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `axios` from 0.27.2 to 0.30.3 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.27.2...v0.30.3) Updates `happy-dom` from 14.12.3 to 20.8.9 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v14.12.3...v20.8.9) Updates `node-forge` from 1.3.1 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.2...v2.80.0) Updates `vite` from 4.3.8 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `happy-dom` from 14.12.3 to 20.8.9 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v14.12.3...v20.8.9) Updates `node-forge` from 1.3.3 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) Updates `fast-xml-parser` from 5.3.6 to 5.5.10 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.6...v5.5.10) --- updated-dependencies: - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.30.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.8.9 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.8.9 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.30.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.30.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.8.9 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.8.9 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 5.5.10 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 3, 2026

dependabot Bot mentioned this pull request Apr 3, 2026

chore(deps): bump the npm_and_yarn group across 3 directories with 6 updates #1132

Closed

dependabot Bot temporarily deployed to ci-tests April 3, 2026 21:45 Inactive

gitstream-cm Bot added 0.5 min review missing-jira labels Apr 3, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from a095dd3 to 55e7610 Compare April 7, 2026 22:10

dependabot Bot temporarily deployed to ci-tests April 7, 2026 22:10 Inactive

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from 55e7610 to c3f079a Compare April 9, 2026 17:33

dependabot Bot temporarily deployed to ci-tests April 9, 2026 17:34 Inactive

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from c3f079a to f577cb1 Compare April 9, 2026 20:02

dependabot Bot temporarily deployed to ci-tests April 9, 2026 20:02 Inactive

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from f577cb1 to 62c26ee Compare April 9, 2026 20:24

dependabot Bot temporarily deployed to ci-tests April 9, 2026 20:24 Inactive

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from 62c26ee to 2f32a09 Compare April 9, 2026 20:47

dependabot Bot temporarily deployed to ci-tests April 9, 2026 20:48 Inactive

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from 2f32a09 to 1c3cecd Compare April 9, 2026 21:10

dependabot Bot temporarily deployed to ci-tests April 9, 2026 21:11 Inactive

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from 1c3cecd to 7fca1e2 Compare April 10, 2026 18:19

dependabot Bot temporarily deployed to ci-tests April 10, 2026 18:19 Inactive

claude Bot reviewed Apr 11, 2026

View reviewed changes

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from 7fca1e2 to faea55a Compare April 13, 2026 20:08

dependabot Bot temporarily deployed to ci-tests April 13, 2026 20:08 Inactive

dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-fb4a64bcd3 branch from faea55a to 9017420 Compare April 13, 2026 20:32

dependabot Bot temporarily deployed to ci-tests April 13, 2026 20:32 Inactive

Conversation

dependabot Bot commented on behalf of github Apr 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.4.21

v5.4.20

5.4.21 (2025-10-20)

5.4.20 (2025-09-08)

5.4.19 (2025-04-30)

5.4.18 (2025-04-10)

5.4.17 (2025-04-03)

5.4.16 (2025-03-31)

5.4.15 (2025-03-24)

5.4.14 (2025-01-21)

Release notes - v0.30.3

🛡️ Security Fixes

⚙️ Maintenance & CI

⚠️ Breaking Changes

v0.30.2

What's Changed

New Contributors

Release v0.30.1

Release notes:

Bug Fixes

Contributors to this release

Release v0.30.0

Release notes:

Bug Fixes

2.80.0

Features

Pull Requests

v20.8.9

👷‍♂️ Patch fixes

v20.8.8

👷‍♂️ Patch fixes

v20.8.7

👷‍♂️ Patch fixes

v20.8.6

👷‍♂️ Patch fixes

v20.8.5

👷‍♂️ Patch fixes

v20.8.4

👷‍♂️ Patch fixes

v20.8.3

👷‍♂️ Patch fixes

v20.8.2

👷‍♂️ Patch fixes

v20.8.1

👷‍♂️ Patch fixes

v20.8.0

🎨 Features

v20.7.2

👷‍♂️ Patch fixes

v20.7.1

👷‍♂️ Patch fixes

1.4.0 - 2026-03-24

Security

v20.8.9

👷‍♂️ Patch fixes

v20.8.8

👷‍♂️ Patch fixes

v20.8.7

👷‍♂️ Patch fixes

v20.8.6

👷‍♂️ Patch fixes

v20.8.5

👷‍♂️ Patch fixes

v20.8.4

👷‍♂️ Patch fixes

v20.8.3

👷‍♂️ Patch fixes

v20.8.2

👷‍♂️ Patch fixes

v20.8.1

👷‍♂️ Patch fixes

v20.8.0

🎨 Features

v20.7.2

👷‍♂️ Patch fixes

v20.7.1

👷‍♂️ Patch fixes

dependabot Bot commented on behalf of github Apr 3, 2026 •

edited

Loading

netlify Bot commented Apr 3, 2026 •

edited

Loading

netlify Bot commented Apr 3, 2026 •

edited

Loading

changeset-bot Bot commented Apr 3, 2026 •

edited

Loading

netlify Bot commented Apr 3, 2026 •

edited

Loading