chore(deps): bump devalue from 5.6.4 to 5.8.1 in /website#59
chore(deps): bump devalue from 5.6.4 to 5.8.1 in /website#59dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.6.4 to 5.8.1. - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.6.4...v5.8.1) --- updated-dependencies: - dependency-name: devalue dependency-version: 5.8.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — Dependabot patch/minor bump of devalue in website lockfile only.
Extended reasoning...
Overview
This PR updates the devalue package from 5.6.4 to 5.8.1 in website/package-lock.json. Only the lockfile is touched — no source code or other configuration changes. The bump spans patch and minor releases (5.7.0, 5.7.1, 5.8.0, 5.8.1) with new features (stringifyAsync, DataView/Float16Array support, native base64) and assorted bug fixes.
Security risks
None apparent. devalue is a serialization library used within the SvelteKit-based website, and the version range stays within the same major. The 5.8.1 patch is itself a fix ("force sparse arrays to allocate sparsely") landed via a security-style fork merge, so updating is favorable rather than risky.
Level of scrutiny
Minimal. This is a pure lockfile dependabot bump for the website (docs/marketing site), not the published aeo.js library itself, and contains no behavior changes from this repository's code.
Other factors
Vercel preview build is in progress and will catch any breakage at deploy time. No bugs were flagged by the bug hunting system, and there are no outstanding reviewer comments to address.
Bumps devalue from 5.6.4 to 5.8.1.
Release notes
Sourced from devalue's releases.
Changelog
Sourced from devalue's changelog.
Commits
796ea83Version Packages (#152)206ca67Merge commit from fork14933f7Version Packages (#151)c5115b0feat:stringifyAsync(#150)67dad45docs: update README to reflect serialization stability non-goal (#147)6eb920aVersion Packages (#146)8becc7cfix: handle regexes consistently in uneval's value and reference formats (#145)2eee2e4Version Packages (#144)498656eDataView support (#143)5590634Improve platform types support (#142)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.