chore(deps): bump the npm_and_yarn group across 1 directory with 35 updates

[dependabot]

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package	From	To
video.js	7.6.0	7.21.7
karma	4.1.0	6.4.4
lodash	4.17.11	4.17.21
rollup	1.16.2	4.46.2
videojs-generate-rollup-config	3.2.1	7.0.2
shelljs	0.8.3	0.8.5
ajv	6.10.0	6.12.6
body-parser	1.19.0	1.20.3
braces	2.3.2	3.0.3
@videojs/generator-helpers	1.1.1	3.2.0
eslint-utils	1.3.1	1.4.3
https-proxy-agent	2.2.1	2.2.4
lodash.merge	4.6.1	4.6.2
underscore	1.9.1	1.13.7
send	0.17.1	0.19.0
serve-static	1.14.1	1.16.2
shell-quote	1.6.1	1.8.3

Updates video.js from 7.6.0 to 7.21.7

Release notes

Sourced from video.js's releases.

v7.21.7

7.21.7 (2025-03-20)

Bug Fixes

• Resolves captions sizing issue when minified (v7) (#9012) (71641aa)

netlify preview for this version

v7.21.6

What's Changed

• feat: Update VHS to 2.16.3 by @​MCab93 in videojs/video.js#8677

New Contributors

• @​MCab93 made their first contribution in videojs/video.js#8677

Full Changelog: videojs/video.js@v7.21.5...v7.21.6

v7.21.5

7.21.5 (2023-07-21)

Bug Fixes

• align and correct translation for mute and unmute (#8226) (f27df30)
• Check for VTTCue (#8370) (#8372) (9f2d81f)

netlify preview for this version

v7.21.4

7.21.4 (2023-03-15)

Bug Fixes

• lang: updated Japanese translations (#8194) (7eed745)
• replay button broken for native playback (#8142) (#8183) (bda2b06)

Chores

• documentation: Update release flow in collaborator guide md (#8166) (2e939e2)
• use next-7 tag instead of next tag for 7x version during npm publish (#8164) (852493d)

netlify preview for this version

v7.21.3

7.21.3 (2023-02-27)

... (truncated)

Changelog

Sourced from video.js's changelog.

7.21.7 (2025-03-20)

Bug Fixes

• Resolves captions sizing issue when minified (v7) (#9012) (71641aa)

7.21.6 (2024-05-28)

Features

• Update VHS to 2.16.3 (#8677) (3a128d1)

7.21.5 (2023-07-21)

Bug Fixes

• align and correct translation for mute and unmute (#8226) (f27df30)
• Check for VTTCue (#8370) (#8372) (9f2d81f)

7.21.4 (2023-03-15)

Bug Fixes

• lang: updated Japanese translations (#8194) (7eed745)
• replay button broken for native playback (#8142) (#8183) (bda2b06)

Chores

• documentation: Update release flow in collaborator guide md (#8166) (2e939e2)
• use next-7 tag instead of next tag for 7x version during npm publish (#8164) (852493d)

7.21.3 (2023-02-27)

Chores

• package: update to @​videojs/http-streaming 2.16.2 (#8161) (2b06194)

7.21.2 (2023-01-31)

Chores

• Add missing translations (#8099) (2fe3aba), closes #8083 #8091
• package: update to @​videojs/http-streaming 2.16.0 (#8098) (cb77739)

... (truncated)

Commits

• ac2e009 7.21.7
• 71641aa fix: Resolves captions sizing issue when minified (v7) (#9012)
• 1a8ab55 7.21.6
• 3a128d1 feat: Update VHS to 2.16.3 (#8677)
• 976d93b 7.21.5
• 9f2d81f fix: Check for VTTCue (#8370) (#8372)
• f27df30 fix: align and correct translation for mute and unmute (#8226)
• 214f0e7 7.21.4
• 7eed745 fix(lang): updated Japanese translations (#8194)
• bda2b06 fix: replay button broken for native playback (#8142) (#8183)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by videojs-user, a new releaser for video.js since your current version.

Updates karma from 4.1.0 to 6.4.4

Release notes

Sourced from karma's releases.

v6.4.4

6.4.4 (2024-07-29)

v6.4.3

6.4.3 (2024-02-24)

Bug Fixes

• add build commits for patch release (d7f2d69)

v6.4.2

6.4.2 (2023-04-21)

Bug Fixes

• few typos (c6a4271)

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.4 (2024-07-29)

6.4.3 (2024-02-24)

Bug Fixes

• add build commits for patch release (d7f2d69)

6.4.2 (2023-04-21)

Bug Fixes

• few typos (c6a4271)

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

... (truncated)

Commits

• 84f85e7 chore(release): 6.4.4 [skip ci]
• a4d1284 build(deps-dev): bump ws from 6.2.1 to 6.2.3
• d8cf806 chore(release): 6.4.3 [skip ci]
• d7f2d69 fix: add build commits for patch release
• 85a2eeb build(deps-dev): bump decode-uri-component from 0.2.0 to 0.2.2
• 0bffce2 build(deps): updated socket.io version to fix security issues with socket.io-...
• 86667ab build(deps): bump follow-redirects from 1.11.0 to 1.15.4
• 450fdfd docs: Add deprecation notice to Karma README
• 9de3c00 chore(release): 6.4.2 [skip ci]
• c6a4271 fix: few typos
• Additional commits viewable in compare view

Updates lodash from 4.17.11 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates rollup from 1.16.2 to 4.46.2

Release notes

Sourced from rollup's releases.

v4.46.2

4.46.2

2025-07-29

Bug Fixes

• Fix in-operator handling for external namespace and when the left side cannot be analyzed (#6041)

Pull Requests

• #6041: Correct the logic of include in BinaryExpression and don't optimize external references away (@​TrickyPi, @​cyyynthia, @​lukastaegert)

v4.46.1

4.46.1

2025-07-28

Bug Fixes

• Do not fail when using the in operator on external namespaces (#6036)

Pull Requests

• #6036: disables optimization for external namespace when using the in operator (@​TrickyPi)

v4.46.0

4.46.0

2025-07-27

Features

• Optimize in checks on namespaces to keep them treeshake-able (#6029)

Pull Requests

• #5991: feat: update linux-loongarch64-gnu (@​wojiushixiaobai, @​lukastaegert)
• #6029: feat: optimize in checks on namespaces to keep them treeshake-able (@​cyyynthia, @​lukastaegert)
• #6033: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)

v4.45.3

4.45.3

2025-07-26

Bug Fixes

• Do not fail build if a const is reassigned but warn instead (#6020)
• Fail with a helpful error message if an exported binding is not defined (#6023)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.46.2

2025-07-29

Bug Fixes

• Fix in-operator handling for external namespace and when the left side cannot be analyzed (#6041)

Pull Requests

• #6041: Correct the logic of include in BinaryExpression and don't optimize external references away (@​TrickyPi, @​cyyynthia, @​lukastaegert)

4.46.1

2025-07-28

Bug Fixes

• Do not fail when using the in operator on external namespaces (#6036)

Pull Requests

• #6036: disables optimization for external namespace when using the in operator (@​TrickyPi)

4.46.0

2025-07-27

Features

• Optimize in checks on namespaces to keep them treeshake-able (#6029)

Pull Requests

• #5991: feat: update linux-loongarch64-gnu (@​wojiushixiaobai, @​lukastaegert)
• #6029: feat: optimize in checks on namespaces to keep them treeshake-able (@​cyyynthia, @​lukastaegert)
• #6033: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)

4.45.3

2025-07-26

Bug Fixes

• Do not fail build if a const is reassigned but warn instead (#6020)
• Fail with a helpful error message if an exported binding is not defined (#6023)

Pull Requests

• #6014: chore(deps): update dependency @​vue/language-server to v3 (@​renovate[bot])

... (truncated)

Commits

• 4e19bad 4.46.2
• 603e046 Correct the logic of include in BinaryExpression and don't optimize external ...
• 244dc20 4.46.1
• 6031a33 disables optimization for external namespace when using the in operator (#6036)
• 09794f1 4.46.0
• 9a8614f feat: optimize in checks on namespaces to keep them treeshake-able (#6029)
• fdd48a9 feat: update linux-loongarch64-gnu (#5991)
• 461b1ac fix(deps): update swc monorepo (major) (#6033)
• d6908c9 4.45.3
• ccdde29 Fix option name
• Additional commits viewable in compare view

Updates videojs-generate-rollup-config from 3.2.1 to 7.0.2

Changelog

Sourced from videojs-generate-rollup-config's changelog.

7.0.2 (2023-08-18)

Chores

• bump babel-config version from 1.0.1 to 1.0.2 (#48) (b42859e)
• package: update dependencies (#47) (0986869)

7.0.1 (2023-04-11)

Chores

• update Babel Config (#45) (91b475e)

7.0.0 (2021-12-01)

Features

• Update @​videojs/babel-config and allow for fallback to default browserlist (#43) (38f1538)

Bug Fixes

• update dependencies (#44) (5ce9c4e)

6.2.2 (2021-09-21)

Bug Fixes

• mark global as global via externalGlobals (#40) (d7fda4b)

6.2.1 (2021-06-22)

Chores

• return builds in order of browser, tests, module (#39) (df07384)

6.2.0 (2021-01-21)

Features

• exclude data-files! from rollup-plugin-data-files from coverage (66ec53e)

6.1.0 (2020-12-09)

Bug Fixes

... (truncated)

Commits

• b9f3943 7.0.2
• b42859e chore: bump babel-config version from 1.0.1 to 1.0.2 (#48)
• 0986869 chore(package): update dependencies (#47)
• ff80ac7 7.0.1
• 91b475e chore: update Babel Config (#45)
• d8e3774 7.0.0
• 5ce9c4e fix: update dependencies (#44)
• 38f1538 feat: Update @​videojs/babel-config and allow for fallback to default browserl...
• 09edd89 6.2.2
• d7fda4b fix: mark global as global via externalGlobals (#40)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ddashkevich, a new releaser for videojs-generate-rollup-config since your current version.

Updates shelljs from 0.8.3 to 0.8.5

Release notes

Sourced from shelljs's releases.

v0.8.5

This was a small security fix for #1058.

v0.8.4

Small patch release to fix a circular dependency warning in node v14. See #973.

Changelog

Sourced from shelljs's changelog.

v0.8.5 (2022-01-13)

Full Changelog

This was a small security fix for #1058.

v0.8.4 (2020-04-24)

Full Changelog

Small patch release to fix a circular dependency warning in node v14. See #973.

Commits

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (#973)
• See full diff in compare view

Updates @babel/traverse from 7.4.5 to 7.28.0

Release notes

Sourced from @​babel/traverse's releases.

v7.28.0 (2025-07-02)

🚀 New Feature

• babel-node
  • #17147 Support top level await in node repl (@​liuxingbaoyu)
• babel-types
  • #17258 feat(matchesPattern): support super/private/meta (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17355 Add explicit resource management to preset-env (@​JLHwung)
• babel-core, babel-parser
  • #17390 Support sourceType: "commonjs" (@​JLHwung)
• babel-generator, babel-parser
  • #17346 Materialize explicitResourceManagement parser plugin (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #17391 LVal coverage updates (Part 2) (@​JLHwung)
• babel-parser, babel-traverse, babel-types
  • #17378 Accept bigints in t.bigIntLiteral factory (@​JLHwung)
• babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
  • #17277 Transform discard binding (@​JLHwung)
• babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17163 Parse discard binding (@​JLHwung)

🐛 Bug Fix

• babel-helper-globals, babel-plugin-transform-classes, babel-traverse
  • #17297 Create babel-helper-globals (@​JLHwung)
• babel-types
  • #17009 feature: TSTypeOperator: keyof (#16799) (@​coderaiser)

🏠 Internal

• babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17403 Update babel-polyfill packages (@​nicolo-ribaudo)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• coderaiser (@​coderaiser)

v7.27.7 (2025-06-26)

Thanks @​arthur-mountain and @​evankanderson for your first PRs!

👓 Spec Compliance

• babel-parser, babel-plugin-transform-classes
  • #17203 Interepret parser allow* options as top level only (@​JLHwung)
• babel-parser
  • #17371 fix: disable using in ambient context (@​JLHwung)

🐛 Bug Fix

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.28.0 (2025-07-02)

🚀 New Feature

• babel-node
  • #17147 Support top level await in node repl (@​liuxingbaoyu)
• babel-types
  • #17258 feat(matchesPattern): support super/private/meta (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17355 Add explicit resource management to preset-env (@​JLHwung)
• babel-core, babel-parser
  • #17390 Support sourceType: "commonjs" (@​JLHwung)
• babel-generator, babel-parser
  • #17346 Materialize explicitResourceManagement parser plugin (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #17391 LVal coverage updates (Part 2) (@​JLHwung)
• babel-parser, babel-traverse, babel-types
  • #17378 Accept bigints in t.bigIntLiteral factory (@​JLHwung)
• babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
  • #17277 Transform discard binding (@​JLHwung)
• babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17163 Parse discard binding (@​JLHwung)

🐛 Bug Fix

• babel-helper-globals, babel-plugin-transform-classes, babel-traverse
  • #17297 Create babel-helper-globals (@​JLHwung)
• babel-types
  • #17009 feature: TSTypeOperator: keyof (#16799) (@​coderaiser)

🏠 Internal

• babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17403 Update babel-polyfill packages (@​nicolo-ribaudo)

v7.27.7 (2025-06-26)

👓 Spec Compliance

• babel-parser, babel-plugin-transform-classes
  • #17203 Interepret parser allow* options as top level only (@​JLHwung)
• babel-parser
  • #17371 fix: disable using in ambient context (@​JLHwung)

🐛 Bug Fix

• babel-core
  • #17392 Improve TS babel config loading (@​JLHwung)
• babel-types
  • #17376 fix: support negative bigint in valueToNode (@​JLHwung)
• babel-plugin-transform-parameters
  • #17352 fix: Params of async function* should throw synchronously (@​liuxingbaoyu)

🏠 Internal

• babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread
  • #17389 Use NodePath#splitExportDeclaration in destructuring transforms (@​JLHwung)

... (truncated)

Commits

• ccc5fae v7.28.0
• 4b4e7e2 Create babel-helper-globals (#17297)
• cf5ae03 LVal coverage updates (Part 2) (#17391)
• 6ca9df4 Accept bigints in t.bigIntLiteral factory (#17378)
• 75f0140 Parse discard binding (#17163)
• 4ce7dfd v7.27.7
• 6c8faf1 add generateUidBasedOnNode test cases (#17381)
• f68ac51 chore: Avoid CITGM errors (#17382)
• 7d06930 v7.27.4
• 05f28c8 [Babel 8] Change scope.{references,uids} to Set (#16624)
• Additional commits viewable in compare view

Updates ajv from 6.10.0 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)