Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: netlify/primitives
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: blobs-v10.4.1
Choose a base ref
...
head repository: netlify/primitives
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: blobs-v10.4.2
Choose a head ref
  • 8 commits
  • 33 files changed
  • 4 contributors

Commits on Nov 18, 2025

  1. fix(deps): update dependency @netlify/config to v24 (#415) 

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Philippe Serhal <philippe.serhal@netlify.com>
    @renovate @serhalp
    renovate[bot] and serhalp authored Nov 18, 2025
    Configuration menu
    Copy the full SHA
    5225265 View commit details
    Browse the repository at this point in the history

Commits on Nov 28, 2025

  1. chore(deps): resolve 6 security warnings (#548) 

    Before:
```
@nuxt/devtools  <2.6.4
Severity: moderate
Nuxt DevTools vulnerable to cross-site scripting (XSS) - GHSA-xmq3-q5pm-rp26
fix available via `npm audit fix`
node_modules/@nuxt/devtools

glob  10.2.0 - 10.4.5
Severity: high
glob CLI: Command injection via -c/--cmd executes matches with shell:true - GHSA-5j98-mcp5-4vw2
fix available via `npm audit fix`
node_modules/glob

js-yaml  4.0.0 - 4.1.0
Severity: moderate
js-yaml has prototype pollution in merge (<<) - GHSA-mh29-5h37-fv8m
fix available via `npm audit fix`
node_modules/js-yaml

node-forge  <=1.3.1
Severity: high
node-forge has ASN.1 Unbounded Recursion - GHSA-554w-wpv2-vw27
node-forge is vulnerable to ASN.1 OID Integer Truncation - GHSA-65ch-62r8-g69g
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization - GHSA-5gfm-wpxj-wjgq
fix available via `npm audit fix`
node_modules/node-forge

playwright  <1.55.1
Severity: high
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate - GHSA-7mvr-c777-76hp
fix available via `npm audit fix`
node_modules/playwright

vite  6.0.0 - 6.4.0 || 7.1.0 - 7.1.10
Severity: moderate
vite allows server.fs.deny bypass via backslash on Windows - GHSA-93m4-6634-74q7
vite allows server.fs.deny bypass via backslash on Windows - GHSA-93m4-6634-74q7
fix available via `npm audit fix`
node_modules/vite
packages/vite-plugin/node_modules/vite

6 vulnerabilities (3 moderate, 3 high)
```

After `npm audit fix`:

```
$ npm audit

audited 1309 packages in 10s

found 0 vulnerabilities
```
    @serhalp
    serhalp authored Nov 28, 2025
    Configuration menu
    Copy the full SHA
    a138b5a View commit details
    Browse the repository at this point in the history

Commits on Dec 3, 2025

  1. chore(deps): update dependency deno to v2.5.6 (#516) 

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    @renovate
    renovate[bot] authored Dec 3, 2025
    Configuration menu
    Copy the full SHA
    83fd536 View commit details
    Browse the repository at this point in the history

  2. fix(deps): update netlify packages (#549) 

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    @renovate
    renovate[bot] authored Dec 3, 2025
    Configuration menu
    Copy the full SHA
    ec4fb29 View commit details
    Browse the repository at this point in the history

  3. chore(deps): update actions/setup-node action to v6 (#517) 

    Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Philippe Serhal <philippe.serhal@netlify.com>
    @renovate @serhalp
    renovate[bot] and serhalp authored Dec 3, 2025
    Configuration menu
    Copy the full SHA
    f0321bf View commit details
    Browse the repository at this point in the history

  4. fix: prevent multiple instances of the tracer provider (#545) 

    * fix: prevent multiple instances of the tracer provider

* fix: fetch property directly

* fix: typo in import
    @mrstork
    mrstork authored Dec 3, 2025
    Configuration menu
    Copy the full SHA
    0225010 View commit details
    Browse the repository at this point in the history

  5. fix: allow active spans to be passed in as an option (#544) 

    * fix: allow active spans to be passed in as an option

* fix: use original span name, do not override
    @mrstork
    mrstork authored Dec 3, 2025
    Configuration menu
    Copy the full SHA
    ba74c4a View commit details
    Browse the repository at this point in the history

  6. chore: release main (#543) 

    Co-authored-by: token-generator-app[bot] <82042599+token-generator-app[bot]@users.noreply.github.com>
    @token-generator-app
    token-generator-app[bot] authored Dec 3, 2025
    Configuration menu
    Copy the full SHA
    b37810d View commit details
    Browse the repository at this point in the history
Loading