@major-tanya/itty-compression v0.2.13

This release includes three security fixes:

• CVE-2025-64718 (affected js-yaml >= 4.0.0, < 4.1.1)
  • js-yaml is a transitive dependency of eslint
  • upgrades mean js-yaml is now set to 4.1.1
• CVE-2025-62522 (affected vite >= 7.1.0, <= 7.1.10)
  • vite is a dependency of vitest
  • upgrades mean vite is now set to 7.2.6
• CVE-2025-64756 (affected glob >= 11.0.0, < 11.1.0)
  • glob is a dependency of rimraf and vitest/coverage-v8
  • upgrades mean glob is now set to 13.0.0

Other changes:

• Bumped dependencies

Full Changelog: v0.2.12...v0.2.13

@major-tanya/itty-compression v0.2.12

This is an irregular release mainly to test trusted publishing from GHA to NPM with OIDC (no security fixes for once!).¹

• itty-compression is now tested on Node v24.x (7ed3fc2)
• Bumped dependencies

Full Changelog: v0.2.11...v0.2.12

1. not jinxing it, I hope ↩

@major-tanya/itty-compression v0.2.11

This release includes two security fixes:

• CVE-2025-58751 (affected vite >=7.1.0, <=7.1.4 and other ranges)
• CVE-2025-58752 (affected vite >=7.1.0, <=7.1.4 and other ranges)

These upgrades mean vite is now set to 7.1.8 (vite is a dependency of vitest).

• Bumped dependencies

Full Changelog: v0.2.10...v0.2.11

@major-tanya/itty-compression v0.2.10

This release includes two security fix:

• GHSA-xffm-g5w8-qvg7 (affected @eslint/plugin-kit <0.3.4)
• CVE-2025-5889 (affected brace-expansion<1.1.12)

These upgrades mean @eslint/plugin-kit is now set to 0.3.5 (@eslint/plugin-kit is a dependency of eslint) and brace-expansion is now set to 1.1.12 (brace-expansion is a transitive dependency of various libraries).

• Bumped dependencies

Full Changelog: v0.2.9...v0.2.10

@major-tanya/itty-compression v0.2.9

This release includes a security fix:

• GHSA-xffm-g5w8-qvg7 (affected @eslint/plugin-kit <0.3.3)

These upgrades mean @eslint/plugin-kit is now set to 0.3.3 (@eslint/plugin-kit is a dependency of eslint).

• Bumped dependencies

Full Changelog: v0.2.8...v0.2.9

@major-tanya/itty-compression v0.2.8

This release includes a security fix:

• CVE-2025-5889 (affected brace-expansion <= 1.1.11/2.0.1/3.0.0/4.0.0)

These upgrades mean brace-expansion is now set to 1.11.12 (brace-expansion is a transitive dependency of several dependencies).

• Bumped dependencies

Full Changelog: v0.2.7...v0.2.8

@major-tanya/itty-compression v0.2.7

This release includes a security fix:

• CVE-2025-46565 (affected vite >= 6.0.0, <= 6.1.5)

These upgrades mean vite is now set to 6.3.5 (vite is a dependency of
vitest).

• Bumped dependencies

Full Changelog: v0.2.6...v0.2.7

@major-tanya/itty-compression v0.2.6

This release includes several security fixes:

• GHSA-67mh-4wv8-2f99 (affected esbuild <= 0.24.2)
• CVE-2025-30208 (affected vite >= 6.1.0, < 6.1.2)
• CVE-2025-31125 (affected vite >= 6.1.0, < 6.1.3)
• CVE-2025-31486 (affected vite >= 6.1.0, < 6.1.4)
• CVE-2025-32395 (affected vite >= 6.1.0, < 6.1.5)

These upgrades mean esbuild is now set to 0.25.2 and vite to 6.2.6.
Both of these are dependencies of vitest.

• Bumped dependencies

Full Changelog: v0.2.5...v0.2.6

@major-tanya/itty-compression v0.2.5

This release covers a security fix for CVE-2025-24964, which affected vitest >= 1.0.0, <1.6.1. This was fixed by upgrading to vitest 3.0.5 which is not vulnerable to this CVE.

• Bumped dependencies

Full Changelog: v0.2.4...v0.2.5

@major-tanya/itty-compression v0.2.4

This release covers a security fix for CVE-2025-24010, which affected vite >= 5.0.0, <= 5.4.11, which vitest depends on (upgraded to vite 5.4.14)

• Bumped dependencies

Full Changelog: v0.2.3...v0.2.4