chore(deps): bump the production-deps group with 32 updates

[dependabot]

Bumps the production-deps group with 32 updates:

Package	From	To
@fontsource/roboto	5.2.9	5.2.10
@tauri-apps/plugin-deep-link	2.4.7	2.4.8
@tauri-apps/plugin-updater	2.10.0	2.10.1
bits-ui	2.15.4	2.18.0
dexie	4.2.1	4.4.2
dompurify	3.3.3	3.4.0
emoji-picker-element	1.28.0	1.29.1
flexsearch	0.7.43	0.8.212
hotkeys-js	4.0.0-beta.7	4.0.3
libsodium-wrappers	0.7.16	0.8.4
msgpackr	1.11.8	1.11.10
openpgp	6.2.2	6.3.0
postal-mime	2.6.0	2.7.4
svelte	5.55.1	5.55.4
tailwind-merge	3.4.0	3.5.0
@commitlint/cli	20.4.1	20.5.0
@commitlint/config-conventional	20.4.1	20.5.0
@internationalized/date	3.10.1	3.12.1
@lhci/cli	0.13.0	0.15.1
@playwright/test	1.57.0	1.59.1
@tailwindcss/postcss	4.1.18	4.2.2
@typescript-eslint/eslint-plugin	8.53.1	8.59.0
@typescript-eslint/parser	8.53.1	8.59.0
autoprefixer	10.4.23	10.5.0
postcss	8.5.6	8.5.10
prettier	3.7.3	3.8.3
prettier-plugin-svelte	3.4.0	3.5.1
svelte-check	4.3.4	4.4.6
svelte-eslint-parser	1.4.0	1.6.0
svelte-sonner	1.0.7	1.1.0
tailwindcss	4.1.18	4.2.2
typescript-eslint	8.53.1	8.59.0

Updates @fontsource/roboto from 5.2.9 to 5.2.10

Commits

• See full diff in compare view

Updates @tauri-apps/plugin-deep-link from 2.4.7 to 2.4.8

Release notes

Sourced from @​tauri-apps/plugin-deep-link's releases.

deep-link-js v2.4.8

[2.4.8]

• 024ec0c2 (#3214 by @​joshIsCoding) Account for differing Android VIEW intent in ChromeOS, fixing deep-link behaviour on Chromium platforms.
• 015e817c (#3186 by @​lucasfernog) Validate Android new intent is actually a deep link before triggering the onOpenUrl event.

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-deep-link@2.4.8
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 6.2kB README.md
npm notice 3.5kB dist-js/index.cjs
npm notice 2.9kB dist-js/index.d.ts
npm notice 3.4kB dist-js/index.js
npm notice 801B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-deep-link
npm notice version: 2.4.8
npm notice filename: tauri-apps-plugin-deep-link-2.4.8.tgz
npm notice package size: 4.4 kB
npm notice unpacked size: 17.7 kB
npm notice shasum: b719b40051bb5485fe146542213fdfc5c84a00b9
npm notice integrity: sha512-Cd2Cs960MGuGO[...]EumHjr+64V4fw==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1235992793
+ @tauri-apps/plugin-deep-link@2.4.8

deep-link v2.4.8

[2.4.8]

• 024ec0c2 (#3214 by @​joshIsCoding) Account for differing Android VIEW intent in ChromeOS, fixing deep-link behaviour on Chromium platforms.
• 015e817c (#3186 by @​lucasfernog) Validate Android new intent is actually a deep link before triggering the onOpenUrl event.

... (truncated)

Commits

• d6a3898 Publish New Versions (v2) (#3268)
• 2e5bcdf chore(deps): fix audits (#3373)
• 4374b4f chore(notification): remove unused dev-deps (#3372)
• f75d21d chore(deps): remove used of tauri-utils build feature (#3360)
• 4b95f5e chore(deps): update dependency eslint to v10.1.0 (#3357)
• 99c3e37 chore(deps): bump tar in /plugins/updater/tests/updater-migration/v1-app (#3352)
• eaac19a chore(deps): update rust crate tar to v0.4.45 [security] (#3353)
• 5183e31 chore(deps): update dependency typescript-eslint to v8.57.1 (#3344)
• 2c0883e chore(deps): update dependency vite to v8 (#3346)
• 024ec0c fix(deep-link): ChromeOS deep link calls filtered and ignored by plugin (fix ...
• Additional commits viewable in compare view

Updates @tauri-apps/plugin-updater from 2.10.0 to 2.10.1

Release notes

Sourced from @​tauri-apps/plugin-updater's releases.

updater-js v2.10.1

[2.10.1]

• 31ab6f8d (#3285 by @​hrzlgnm) fix: preserve file extension of updater package, otherwise users may get confused when presented with a sudo dialog suggesting to install a file with the extension .rpm using dpkg -i

npm warn Unknown user config "always-auth". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm warn publish errors corrected:
npm warn publish "repository" was changed from a string to an object
npm warn publish "repository.url" was normalized to "git+https://github.com/tauri-apps/plugins-workspace.git"
npm notice
npm notice 📦  @tauri-apps/plugin-updater@2.10.1
npm notice Tarball Contents
npm notice 888B LICENSE.spdx
npm notice 3.1kB README.md
npm notice 2.6kB dist-js/index.cjs
npm notice 2.3kB dist-js/index.d.ts
npm notice 2.6kB dist-js/index.js
npm notice 659B package.json
npm notice Tarball Details
npm notice name: @tauri-apps/plugin-updater
npm notice version: 2.10.1
npm notice filename: tauri-apps-plugin-updater-2.10.1.tgz
npm notice package size: 3.7 kB
npm notice unpacked size: 12.1 kB
npm notice shasum: ea0efd766890394b6c719b9fc21de7da0029c69c
npm notice integrity: sha512-NFYMg+tWOZPJd[...]Y1WVCNHnh3eRA==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm notice publish Signed provenance statement with source and build information from GitHub Actions
npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=1235993797
+ @tauri-apps/plugin-updater@2.10.1

updater v2.10.1

[2.10.1]

• 31ab6f8d (#3285 by @​hrzlgnm) fix: preserve file extension of updater package, otherwise users may get confused when presented with a sudo dialog suggesting to install a file with the extension .rpm using dpkg -i

</tr></table> 

... (truncated)

Commits

• d6a3898 Publish New Versions (v2) (#3268)
• 2e5bcdf chore(deps): fix audits (#3373)
• 4374b4f chore(notification): remove unused dev-deps (#3372)
• f75d21d chore(deps): remove used of tauri-utils build feature (#3360)
• 4b95f5e chore(deps): update dependency eslint to v10.1.0 (#3357)
• 99c3e37 chore(deps): bump tar in /plugins/updater/tests/updater-migration/v1-app (#3352)
• eaac19a chore(deps): update rust crate tar to v0.4.45 [security] (#3353)
• 5183e31 chore(deps): update dependency typescript-eslint to v8.57.1 (#3344)
• 2c0883e chore(deps): update dependency vite to v8 (#3346)
• 024ec0c fix(deep-link): ChromeOS deep link calls filtered and ignored by plugin (fix ...
• Additional commits viewable in compare view

Updates bits-ui from 2.15.4 to 2.18.0

Release notes

Sourced from bits-ui's releases.

bits-ui@2.18.0

Minor Changes

• feat(Select): Add <Select.Value/> component (#2026)

• feat(PinInput): add bindable inputRef on PinInput.Root (#2028)

bits-ui@2.17.3

Patch Changes

• fix(ContextMenu): treat outside interactions correctly for nested floaters inside the trigger (#2020)

bits-ui@2.17.2

Patch Changes

• fix(ContextMenu): prevent left-click on nested context-menu triggers from dismissing parent layers (#2019)

• fix(Slider): use ResizeObserver to recompute thumb positioning (#2015)

• fix(TimeField): preserve current AM/PM when typing the hour in 12-hour mode so PM values no longer flip to AM (#2016)

• fix(HiddenInput): prevent page scroll in nested overflow layouts by anchoring the visually hidden input at top-left (#2018)

bits-ui@2.17.1

Patch Changes

• fix(MenuSubTriggerState): handle open delay correctly (#2013)

bits-ui@2.17.0

Minor Changes

• feat: support CSS transitions (#2010)

Patch Changes

• fix(ContextMenu): nested submenus not opening (#2010)

• fix(Menu): exit animations not firing on close (#2010)

• improve(Menu): safe area handling (#2010)

• perf(PresenceLayer): simplify and improve efficiency (#2010)

bits-ui@2.16.5

Patch Changes

• fix(DateField): onbeforeinput handling (#1990)

• fix(Select): scroll jumping (#2005)

... (truncated)

Commits

• 8435594 Version Packages (#2030)
• d0b1547 feat(Select): Add \<Select.Value/> component (#2026)
• 243a7b9 feat(PinInput): expose inputRef bindable prop (#2028)
• 793c0f0 docs: Fix closing tag for Tooltip component (Svelte Transitions) (#2025)
• a6ee9ae Version Packages (#2021)
• dd333c7 fix(ContextMenu): treat outside ints correctly for nested (#2020)
• 514ba23 Version Packages (#2017)
• fb23a91 fix(ContextMenu): prevent left-click on nested context-menu triggers from dis...
• 3857785 fix(HiddenInput): prevent page scroll in nested overflow layouts (#2018)
• 5ea1e8a fix(HiddenInput): prevent page scroll in nested overflow layouts
• Additional commits viewable in compare view

Updates dexie from 4.2.1 to 4.4.2

Release notes

Sourced from dexie's releases.

Dexie.js v4.4.2

This is a maintenance release containing several bug fixes accumulated since v4.4.1.

Related Package Releases

Package	Version
dexie	4.4.2
dexie-cloud-addon	4.4.11
dexie-react-hooks	4.4.0
dexie-export-import	4.4.0

Bug Fixes

dexie-cloud-addon@4.4.8

• fix: Allow anonymous blob download — previously anonymous users could not download offloaded blobs. Also fixes a crash in Service Worker context when Dexie.ignoreTransaction() was called (#2287)
• fix: HMR protection of awareness provider — prevents hot module replacement from breaking the Y.js awareness connection in dev environments (9debfc0)
• fix: Add configurable: true to awareness defineProperty — fixes compatibility issues with certain bundlers and proxies (#2280)
• fix: Strip primary key from changeSpecs in update mutations — incorrect inclusion of primary key could cause sync failures in certain edge cases (#2277)
• fix: Preserve syncState on logout to prevent spinner — logging out no longer resets sync state, avoiding an unwanted loading spinner on re-login (#2276)
• fix: Update wrappedCursor.value in non-blob and error paths in blob resolve middleware (f470167)

dexie-cloud-addon@4.4.10

• fix: Cursor-based queries (anyOf(), each(), ignore-case queries) on tables with blobs, large binary data or very long strings could fail. dexie/Dexie.js#2293

dexie-cloud-addon@4.4.11

• fix: Every other update from server over websocket was ignored (but always catched up on next update). This bug was introduced recently, in version 4.4.5.

Other Changes

• Upgraded dependencies and fixed npm audit warnings
• Formatted codebase with Prettier (#2282)

Dexie v4.4.1

This release introduces Blob Offloading and String Offloading for Dexie Cloud, enabling efficient handling of large binary and text data. It also includes IDB 3.0 optimizations and several bug fixes.

Related Package Releases

Package	Version
dexie	4.4.1
dexie-cloud-addon	4.4.6
dexie-cloud-common	1.0.59
dexie-react-hooks	4.4.0
dexie-export-import	4.4.0

New Features

... (truncated)

Commits

• ab489de dexie@4.4.2 + dexie-cloud-addon@4.4.8
• 0b7bbad fix(dexie-cloud): allow anonymous blob download + fix SW Dexie.ignoreTransact...
• 7d3535e ci: add dev publish workflow using npm Trusted Publisher (OIDC) (#2285)
• 39b99a3 fix(readme): add text label + dark mode logo support for TestMu AI
• 14431de fix(readme): restore working LambdaTest sponsor badge (#2284)
• cf70909 Remove unused import + prettified file
• 9debfc0 dexie-cloud-addon@4.4.7: HMR protection of awareness provider
• 7866764 fix(dexie-cloud-addon): add configurable:true to awareness defineProperty (#2...
• c6d3026 pnpm.lock
• aa85c6e chore: format entire codebase with prettier (#2282)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for dexie since your current version.

Updates dompurify from 3.3.3 to 3.4.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.0

Most relevant changes:

• Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @​kodareef5
• Fixed several minor problems and typos regarding MathML attributes, thanks @​DavidOliver
• Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @​1Jesper1
• Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @​bencalif
• Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @​trace37labs
• Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @​eddieran
• Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @​christos-eth
• Fixed an issue with USE_PROFILES prototype pollution, thanks @​christos-eth
• Fixed an issue leading to possible mXSS via Re-Contextualization, thanks @​researchatfluidattacks and others
• Fixed an issue with closing tags leading to possible mXSS, thanks @​frevadiscor
• Fixed a problem with the type dentition patcher after Node version bump
• Fixed freezing BS runs by reducing the tested browsers array
• Bumped several dependencies where possible
• Added needed files for OpenSSF scorecard checks

Published Advisories are here: https://github.com/cure53/DOMPurify/security/advisories?state=published

Commits

• 5b16e0b Getting 3.x branch ready for 3.4.0 release (#1250)
• See full diff in compare view

Updates emoji-picker-element from 1.28.0 to 1.29.1

Changelog

Sourced from emoji-picker-element's changelog.

1.29.1 (2026-03-01)

Bug Fixes

• calculate emoji width correctly when hidden (#526) (62d423a)

1.29.0 (2026-02-08)

Bug Fixes

• add warning for display:none (#521) (359fd5f)

Features

• add Hungarian translations (#513) (c23028f)

1.28.1 (2025-12-19)

Bug Fixes

• fix firefox iframe bug (#510) (14ea758)

Commits

• ded142e 1.29.1
• 62d423a fix: calculate emoji width correctly when hidden (#526)
• 6cdd26d chore(deps-dev): bump rollup from 4.45.0 to 4.59.0 (#525)
• 6db12e5 chore(deps): bump koa from 2.15.3 to 2.16.4 (#524)
• f6d2306 chore(deps): bump minimatch from 3.1.2 to 3.1.5 (#523)
• 27d4e39 chore(deps): bump qs from 6.14.0 to 6.14.2 (#522)
• 12493eb 1.29.0
• 359fd5f fix: add warning for display:none (#521)
• c23028f feat: add Hungarian translations (#513)
• 7c09eb6 chore: bump pnpm (#515)
• Additional commits viewable in compare view

Updates flexsearch from 0.7.43 to 0.8.212

Release notes

Sourced from flexsearch's releases.

v0.8.2

• Config-Serialized Query Caches, Improved caching strategy for Document indexes and Resolver
• Resolver Async Processing Workflow (including Queuing)
• Extended Resolver Support: Worker, Persistent, Cache
• Extended Result Highlighting: Boundaries, Ellipsis, Alignment
• Improved TypeScript Typings
• Improved Stemmer Handling
• Improved Result Highlighting
• Use multi-language charset normalization as the default Encoder
• Simplified charset support for multi-language content
• Charset renamed LatinExact => Exact, LatinDefault => Default and LatinSimple => Normalize, these are universal charset presets for any languages
• Charset ArabicDefault and CyrillicDefault was removed, they are fully covered by the default universal charset presets
• Charset Charset.CjkDefault was renamed to Charset.CJK

v0.8.1

• Resolver Support for Documents
• Asynchronous Runtime Balancer, new option priority
• Export/Import Worker Indexes + Document Worker, new extern config options export and import
• Improved interoperability of the different build packages, including source folder
• Support custom filter function for encoder (stop-word filter)

v0.8.0

• Persistent indexes support for: IndexedDB (Browser), Redis, SQLite, Postgres, MongoDB, Clickhouse
• Enhanced language customization via the new Encoder class
• Result Highlighting
• Query performance achieve results up to 4.5 times faster compared to the previous generation v0.7.x by also improving the quality of results
• Enhanced support for larger indexes or larger result sets
• Improved offset and limit processing achieve up to 100 times faster traversal performance through large datasets
• Support for larger In-Memory index with extended key size (the defaults maximum keystore limit is: 2^24)
• Greatly enhanced performance of the whole text encoding pipeline
• Improved indexing of numeric content (Triplets)
• Intermediate result sets and Resolver
• Basic Resolver: and, or, xor, not, limit, offset, boost, resolve
• Improved charset collection
• New charset preset soundex which further reduces memory consumption by also increasing "fuzziness"
• Performance gain when polling tasks to the index by using "Event-Loop-Caches"
• Up to 100 times faster deletion/replacement when not using the additional "fastupdate" register
• Regex Pre-Compilation (transforms hundreds of regex rules into just a few)
• Extended support for multiple tags (DocumentIndex)
• Custom Fields ("Virtual Fields")
• Custom Filter
• Custom Score Function
• Added French language preset (stop-word filter, stemmer)
• Enhanced Worker Support
• Export / Import index in chunks
• Improved Build System + Bundler (Supported: CommonJS, ESM, Global Namespace), also the import of language packs are now supported for Node.js
• Full covering index.d.ts type definitions
• Fast-Boot Serialization optimized for Server-Side-Rendering (PHP, Python, Ruby, Rust, Java, Go, Node.js, ...)

Changelog

Sourced from flexsearch's changelog.

Changelog

Current Version

• Calling index.clear() on a persistent Index does not stack to the task queue by default (which executes on commit), instead it will execute immediately and return a Promise
• Added new tokenizer tolerant, inherits from strict but also matches simple typos like missing letters and swapped letters
• Improved Redis Cleanup
• Resolver: Support Result Highlighting

v0.8.2

• Config-Serialized Query Caches, Improved caching strategy for Document indexes and Resolver
• Resolver Async Processing Workflow (including Queuing)
• Extended Resolver Support: Worker, Persistent, Cache
• Extended Result Highlighting: Boundaries, Ellipsis, Alignment
• Improved TypeScript Typings
• Improved Stemmer Handling
• Improved Result Highlighting
• Use multi-language charset normalization as the default Encoder
• Simplified charset support for multi-language content
• Charset renamed LatinExact => Exact, LatinDefault => Default and LatinSimple => Normalize, these are universal charset presets for any languages
• Charset ArabicDefault and CyrillicDefault was removed, they are fully covered by the default universal charset presets
• Charset Charset.CjkDefault was renamed to Charset.CJK

v0.8.1

• Resolver Support for Documents
• Asynchronous Runtime Balancer, new option priority
• Export/Import Worker Indexes + Document Worker, new extern config options export and import
• Improved interoperability of the different build packages, including source folder
• Support custom filter function for encoder (stop-word filter)

v0.8.0

• Persistent indexes support for: IndexedDB (Browser), Redis, SQLite, Postgres, MongoDB, Clickhouse
• Enhanced language customization via the new Encoder class
• Result Highlighting
• Query performance achieve results up to 4.5 times faster compared to the previous generation v0.7.x by also improving the quality of results
• Enhanced support for larger indexes or larger result sets
• Improved offset and limit processing achieve up to 100 times faster traversal performance through large datasets
• Support for larger In-Memory index with extended key size (the defaults maximum keystore limit is: 2^24)
• Greatly enhanced performance of the whole text encoding pipeline
• Improved indexing of numeric content (Triplets)
• Intermediate result sets and Resolver
• Basic Resolver: and, or, xor, not, limit, offset, boost, resolve
• Improved charset collection
• New charset preset soundex which further reduces memory consumption by also increasing "fuzziness"
• Performance gain when polling tasks to the index by using "Event-Loop-Caches"
• Up to 100 times faster deletion/replacement when not using the additional "fastupdate" register
• Regex Pre-Compilation (transforms hundreds of regex rules into just a few)

... (truncated)

Commits

• See full diff in compare view

Updates hotkeys-js from 4.0.0-beta.7 to 4.0.3

Release notes

Sourced from hotkeys-js's releases.

v4.0.3

Documentation v4.0.3: https://raw.githack.com/jaywcjlove/hotkeys/0f28d39/index.html
Comparing Changes: jaywcjlove/hotkeys-js@v4.0.3...v4.0.3

npm i hotkeys-js@4.0.3

• 📖 doc: Update READMEs ebadbdd

v4.0.2

Documentation v4.0.2: https://raw.githack.com/jaywcjlove/hotkeys/f00f182/index.html
Comparing Changes: jaywcjlove/hotkeys-js@v4.0.2...v4.0.2

npm i hotkeys-js@4.0.2

• 📖 doc: update document. 6b92f58
• 💄 chore(deps): update dependency @​wcj/dark-mode to ~1.1.0 #506 6fbe01e
• 💄 chore: Update FUNDING.yml 2cd2348
• 📖 doc: Update README.md ea655c4
• 📖 doc: Update README.md b274b62
• 🐞 fix: remove CommonJS mutation from ESM entry e947ee4

v4.0.1

Documentation v4.0.1: https://raw.githack.com/jaywcjlove/hotkeys/092ec65/index.html
Comparing Changes: jaywcjlove/hotkeys-js@v4.0.1...v4.0.1

npm i hotkeys-js@4.0.1

• 🐞 fix: clear pressed keys on fullscreen change to prevent stuck keys (#524) 218bbfd @​dimensi

v4.0.0

Documentation v4.0.0: https://raw.githack.com/jaywcjlove/hotkeys/44d7e5e/index.html
Comparing Changes: jaywcjlove/hotkeys-js@v4.0.0...v4.0.0

npm i hotkeys-js@4.0.0

... (truncated)

Commits

• 6a760ac released v4.0.3 fix #536
• e947ee4 fix: remove CommonJS mutation from ESM entry
• b274b62 doc: Update README.md
• ea655c4 doc: Update README.md
• 2cd2348 chore: Update FUNDING.yml
• 6fbe01e chore(deps): update dependency @​wcj/dark-mode to ~1.1.0 #506
• 6b92f58 doc: update document.
• 866282e released v4.0.2 #524
• d23718a website: enhance build configuration with chunking and minification options
• 218bbfd fix: clear pressed keys on fullscreen change to prevent stuck keys (#524)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for hotkeys-js since your current version.

Updates libsodium-wrappers from 0.7.16 to 0.8.4

Release notes

Sourced from libsodium-wrappers's releases.

0.8.4

No release notes provided.

0.8.3

Update to libsodium 1.0.22.

0.8.2

No release notes provided.

0.8.1

Quite a lot of changes in this version:

• The wrapper code was simplified a little bit and converted to TypeScript
• The promise chain in WASM fallback was fixed to prevent race conditions
• In addition to the browser benchmarks, there are now local benchmarks, that can be run with make benchmark
• Automatically generated Typescript definitions are now included
• Libsodium was updated to the latest 1.0.21-stable version
• LTO was disabled - At least in Emscripten 4, it caused a significant performance degradation on some platforms.
• The API documentation files are now way more useful, and automatically generated along with the TypeScript definitions.

0.8.0

This new release is based on libsodium 1.0.21.

Commits

• 2830fcf Update
• af7a75b Fix ESM wrapper interop with libsodium factory exports
• 7230467 Update to libsodium 1.0.22
• a88553f Update .gitignore
• bbb9f5a Update
• 905a369 Update README.md
• 20aac20 Regen API doc
• 8bb833f Fix return types
• f3afbf1 Use emscripten to directly build ESM modules
• 21af2db Merge branch 'master' of github.com:jedisct1/libsodium.js
• Additional commits viewable in compare view

Updates msgpackr from 1.11.8 to 1.11.10

Commits

• 6019f6e Update version
• 49a4e32 Update benchmarks, #178
• c6e831d Handle new Function failure at any point to accommodate CF workers, #179
• 700f5d5 Update version
• 95b1c84 Protect against overlong UTF-8, refs #177
• 8c4079a Merge pull request #176 from cb1kenobi/iter-types
• cb6db53 Export decodeIter and encodeIter types
• See full diff in compare view

Updates openpgp from 6.2.2 to 6.3.0

Release notes

Sourced from openpgp's releases.

v6.3.0

What's Changed

• Support Node.js v24 (openpgpjs/openpgpjs#1896)
• Add config option to limit decompressed message size (openpgpjs/openpgpjs#1933) Since decompression can increase the memory usage non-linearly, add a config.maxDecompressedMessageSize option to limit the decompressed message size. By default it's set to Infinity, i.e. no limit. Set the config option to a number of bytes to limit the size of data that gets decompressed.
• Switch from seek-bzip to unbzip2-stream (openpgpjs/openpgpjs#1887) To facilitate the above.
• Use native CompressionStream/DecompressionStream when not streaming (openpgpjs/openpgpjs#1935) For improved compression/decompression performance when not streaming.
• Use bufferless transforms (openpgpjs/openpgpjs#1893) For lower memory usage, especially when streaming.
• JSDoc: make sure only user-facing entities are included in the docs, and add TS support (openpgpjs/openpgpjs#1923)
• Various dependency version bumps
• Various improvements to CI

Full Changelog: openpgpjs/openpgpjs@v6.2.2...v6.3.0

Commits

• e1cab74 6.3.0
• fccbc3e Use native Compression Streams API when not streaming (#1935)
• a61cf1f Add config option to limit decompressed message size (#1933)
• 6ab6b9c Tests: use native web streams when TransformStream is available (#1934)
• 1b2c842 [npm audit fix] bump glob and js-yaml (#1939)
• 341354f Tests: Stub navigator.hardwareConcurrency in Node v21+
• db9531d Tests: Bump mocha timeout for browser tests (#1941)
• d00821b CI: add workflow permissions (#1937)
• d27ef92 Bump playwright from 1.56.0 to 1.57.0 (#1936)
• 1af590a Switch from seek-bzip to unbzip2-stream (#1887)
• Additional commits viewable in compare view

Updates postal-mime from 2.6.0 to 2.7.4

Release notes

Sourced from postal-mime's releases.

v2.7.4

2.7.4 (2026-03-17)

Bug Fixes

• add missing originalKey to Header type and Uint8Array to Attachment content (92cc91c)
• include originalKey in parsed headers output (83521c8)
• preserve __esModule and .default in CJS build for bundler interop (1466910)
• prevent RFC 2047 encoded-word address fabrication (844f920)

v2.7.3

2.7.3 (2026-01-09)

Bug Fixes

• correct TypeScript type definitions to match implementation (b225d7c)

v2.7.2

2.7.2 (2026-01-08)

Bug Fixes

• add null checks for contentType.parsed access (ad8f4c6)
• improve RFC compliance for MIME parsing (e004c3a)

v2.7.1

2.7.1 (2025-12-22)

Bug Fixes

• Add null checks for contentDisposition.parsed access (fd54c37)

v2.7.0

2.7.0 (2025-12-22)

Features

• add headerLines property exposing raw header lines (c79a02a)

v2.6.1

2.6.1 (2025-11-26)

Bug Fixes

... (truncated)

Changelog

Sourced from postal-mime's changelog.

2.7.4 (2026-03-17)

Bug Fixes

• add missing originalKey to Header type and Uint8Array to Attachment content (92cc91c)
• include originalKey in parsed headers output (83521c8)
• preserve __esModule and .default in CJS build for bundler interop (1466910)
• prevent RFC 2047 encoded-word address fabrication (844f920)

2.7.3 (2026-01-09)

Bug Fixes

• correct TypeScript type definitions to match implementation (b225d7c)

2.7.2 (2026-01-08)

Bug Fixes

• add null checks for contentType.parsed access (ad8f4c6)
• improve RFC compliance for MIME parsing (e004c3a)

2.7.1 (2025-12-22)

Bug Fixes

• Add null checks for contentDisposition.parsed access (

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.