Skip to content

chore(deps): bump h3 from 1.15.5 to 1.15.9 in /site#4737

Merged
brandtkeller merged 1 commit intomainfrom
dependabot/npm_and_yarn/site/h3-1.15.9
Mar 22, 2026
Merged

chore(deps): bump h3 from 1.15.5 to 1.15.9 in /site#4737
brandtkeller merged 1 commit intomainfrom
dependabot/npm_and_yarn/site/h3-1.15.9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 20, 2026

Bumps h3 from 1.15.5 to 1.15.9.

Release notes

Sourced from h3's releases.

v1.15.9

compare changes

🩹 Fixes

  • Preserve %25 in pathname (1103df6)
  • static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
  • sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

v1.15.8

compare changes

🩹 Fixes

  • Preserve %25 in pathname (1103df6)

v1.15.7

compare changes

🩹 Fixes

  • static: Narrow path traversal check to match .. as a path segment only (c049dc0)
  • app: Decode percent-encoded path segments to prevent auth bypass (313ea52)

💅 Refactors

  • Remove implicit event handler conversion warning (#1340)

❤️ Contributors

v1.15.6

compare changes

🩹 Fixes

  • sse: Sanitize newlines in event stream fields to prevent SSE injection (840ac5c)
  • static: Prevent path traversal via percent-encoded dot segments (6465e1b)
Changelog

Sourced from h3's changelog.

v1.15.9

compare changes

🩹 Fixes

  • Preserve %25 in pathname (1103df6)
  • static: Prevent path traversal via double-encoded dot segments (%252e%252e) (c56683d)
  • sse: Sanitize carriage returns in event stream data and comments (ba3c3fe)

🏡 Chore

❤️ Contributors

v1.15.8

compare changes

🩹 Fixes

  • Preserve %25 in pathname (1103df6)

❤️ Contributors

v1.15.7

compare changes

🩹 Fixes

  • static: Narrow path traversal check to match .. as a path segment only (c049dc0)
  • app: Decode percent-encoded path segments to prevent auth bypass (313ea52)

💅 Refactors

  • Remove implicit event handler conversion warning (#1340)

❤️ Contributors

v1.15.6

... (truncated)

Commits
  • 4e8d43a chore(release): v1.15.9
  • 23045df chore: update deps
  • ba3c3fe fix(sse): sanitize carriage returns in event stream data and comments
  • c56683d fix(static): prevent path traversal via double-encoded dot segments (`%252e%2...
  • e3b9c9e chore(release): v1.15.8
  • 1103df6 fix: preserve %25 in pathname
  • 47684a3 chore(release): v1.15.7
  • 313ea52 fix(app): decode percent-encoded path segments to prevent auth bypass
  • c049dc0 fix(static): narrow path traversal check to match .. as a path segment only
  • 3faaea0 refactor: remove implicit event handler conversion warning (#1340)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump h3 from 1.15.5 to 1.15.9 in /site
53c8ed7 
Bumps [h3](https://github.com/h3js/h3) from 1.15.5 to 1.15.9.
- [Release notes](https://github.com/h3js/h3/releases)
- [Changelog](https://github.com/h3js/h3/blob/v1.15.9/CHANGELOG.md)
- [Commits](h3js/h3@v1.15.5...v1.15.9)

---
updated-dependencies:
- dependency-name: h3
  dependency-version: 1.15.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies javascript Pull requests that update Javascript code labels Mar 20, 2026
@dependabot dependabot Bot requested review from a team as code owners March 20, 2026 21:19
@dependabot dependabot Bot added dependencies javascript Pull requests that update Javascript code labels Mar 20, 2026
@dependabot dependabot Bot mentioned this pull request Mar 20, 2026
Closed
@netlify
Copy link
Copy Markdown

netlify Bot commented Mar 20, 2026
edited
Loading

Deploy Preview for zarf-docs ready!

Name Link
🔨 Latest commit 53c8ed7
🔍 Latest deploy log https://app.netlify.com/projects/zarf-docs/deploys/69bdb9ece3c5950008dd816d
😎 Deploy Preview https://deploy-preview-4737--zarf-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@brandtkeller brandtkeller added this pull request to the merge queue Mar 22, 2026
Merged via the queue into main with commit 17f395e Mar 22, 2026
31 checks passed
@brandtkeller brandtkeller deleted the dependabot/npm_and_yarn/site/h3-1.15.9 branch March 22, 2026 15:29
@github-project-automation github-project-automation Bot moved this to Done in Zarf Mar 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brandtkeller brandtkeller brandtkeller approved these changes

Assignees

No one assigned

Labels

dependencies javascript Pull requests that update Javascript code

Projects

Zarf
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brandtkeller