Skip to content

web: bump immutable from 5.1.4 to 5.1.5 in /web#20720

Merged
BeryJu merged 1 commit intomainfrom
dependabot/npm_and_yarn/web/immutable-5.1.5
Mar 7, 2026
Merged

web: bump immutable from 5.1.4 to 5.1.5 in /web#20720
BeryJu merged 1 commit intomainfrom
dependabot/npm_and_yarn/web/immutable-5.1.5

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 4, 2026

Bumps immutable from 5.1.4 to 5.1.5.

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Full Changelog: immutable-js/immutable-js@v5.1.4...v5.1.5

Changelog

Sourced from immutable's changelog.

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable
Commits
  • b37b855 5.1.5
  • 16b3313 Merge commit from fork
  • fd2ef49 fix new proto key injection
  • 6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
  • 6f772de Merge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0
  • 5f3dc61 Bump rollup from 4.34.8 to 4.59.0
  • 049a594 Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...
  • 2481a77 Merge pull request #2172 from mrazauskas/update-tstyche
  • eb04779 Bump lodash from 4.17.21 to 4.17.23
  • b973bf3 format
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
web: bump immutable from 5.1.4 to 5.1.5 in /web
b690d0b 
Bumps [immutable](https://github.com/immutable-js/immutable-js) from 5.1.4 to 5.1.5.
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v5.1.4...v5.1.5)

---
updated-dependencies:
- dependency-name: immutable
  dependency-version: 5.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 4, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 4, 2026 22:35
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 4, 2026
@netlify
Copy link

netlify bot commented Mar 4, 2026

Deploy Preview for authentik-storybook ready!

Name Link
🔨 Latest commit b690d0b
🔍 Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/69a8b3a772a6ba000877c9f4
😎 Deploy Preview https://deploy-preview-20720--authentik-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Mar 4, 2026

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit b690d0b
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/69a8b3a7e87a0e00083cd6ee
😎 Deploy Preview https://deploy-preview-20720--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link

codecov bot commented Mar 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.36%. Comparing base (ce1237e) to head (b690d0b).
⚠️ Report is 26 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #20720      +/-   ##
==========================================
- Coverage   93.39%   93.36%   -0.04%     
==========================================
  Files         983      983              
  Lines       55477    55477              
==========================================
- Hits        51813    51794      -19     
- Misses       3664     3683      +19
Flag Coverage Δ
conformance 37.69% <ø> (+<0.01%) ⬆️
e2e 43.27% <ø> (+<0.01%) ⬆️
integration 22.39% <ø> (-0.05%) ⬇️
unit 91.54% <ø> (+<0.01%) ⬆️
unit-migrate 91.63% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@BeryJu BeryJu merged commit d8a20af into main Mar 7, 2026
103 checks passed
@BeryJu BeryJu deleted the dependabot/npm_and_yarn/web/immutable-5.1.5 branch March 7, 2026 14:49
kensternberg-authentik added a commit that referenced this pull request Mar 10, 2026
@kensternberg-authentik
Merge branch 'main' into web/style/allow-alternative-stylesheets
cc4ce19 
* main: (23 commits)
  web: CodeSpell -> CSpell migration (#20188)
  core: bump goauthentik.io/api/v3 to 3.2026.5.0-rc1-1773052201 (#20801)
  core: bump github.com/go-openapi/runtime from 0.29.2 to 0.29.3 (#20787)
  core: bump golang.org/x/sync from 0.19.0 to 0.20.0 (#20788)
  web: bump the storybook group across 1 directory with 5 updates (#20794)
  core: bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 (#20789)
  core: bump goauthentik/selenium from 145.0-ak-0.40.3 to 145.0-ak-0.40.5 in /tests/e2e (#20790)
  core: bump black from 26.1.0 to 26.3.0 (#20791)
  core: bump cachetools from 7.0.3 to 7.0.4 (#20792)
  core: bump goauthentik/fips-python from `38c4dd2` to `b481db2` in /lifecycle/container (#20796)
  web: bump @rollup/plugin-commonjs from 29.0.1 to 29.0.2 in /web in the rollup group across 1 directory (#20795)
  core: bump astral-sh/uv from 0.10.8 to 0.10.9 in /lifecycle/container (#20797)
  core: bump goauthentik/fips-debian from `4966b90` to `6c9197b` in /lifecycle/container (#20798)
  web: bump @types/node from 25.3.3 to 25.3.5 in /web (#20799)
  web: bump knip from 5.85.0 to 5.86.0 in /web (#20800)
  enterprise/endpoints/connectors: add google_chrome (#19129)
  providers/oauth2: decode percent-encoded basic auth (#20779)
  web: bump immutable from 5.1.4 to 5.1.5 in /web (#20720)
  web: bump the storybook group across 1 directory with 5 updates (#20731)
  web: bump @rollup/plugin-commonjs from 29.0.0 to 29.0.1 in /web in the rollup group across 1 directory (#20732)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BeryJu BeryJu BeryJu approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BeryJu