Skip to content

fix(deps): bump locutus from 2.0.32 to 3.0.2#1089

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/locutus-3.0.2
Open

fix(deps): bump locutus from 2.0.32 to 3.0.2#1089
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/locutus-3.0.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 4, 2026
edited
Loading

Bumps locutus from 2.0.32 to 3.0.2.

Release notes

Sourced from locutus's releases.

v3.0.2

Released: 2026-03-03. Diff.

Expansion

  • Added Go stdlib-inspired expansions with parity coverage:
    • golang/time/Format
    • golang/time/Parse
    • golang/time/ParseDuration
    • golang/time/Unix
    • golang/time/UnixMilli
    • golang/time/UnixMicro
    • golang/strings/Cut
    • golang/strings/CutPrefix
    • golang/strings/CutSuffix
    • golang/strings/ReplaceAll
    • golang/strings/SplitN
    • golang/strconv/FormatFloat
    • golang/strconv/ParseFloat
    • golang/time/AddDate
    • golang/time/Sub
    • golang/time/Before
    • golang/time/After

Infrastructure

  • Extended Go parity translation helpers for new time exports (AddDate, Sub, Before, After) so CI parity checks stay green.
  • Refreshed selected generated test fixtures to match current snapshot output.

Full changelog: https://github.com/locutusjs/locutus/blob/main/CHANGELOG.md

v3.0.1

Released: 2026-03-03. Diff.

Security

  • Hardened php/funchand/call_user_func_array callback resolution to avoid eval / new Function fallback paths for dynamic callback lookup.
  • Added a custom regression test to block code-injection payloads in array callback method names (test/custom/call_user_func_array-eval-injection.vitest.ts).

Infrastructure

  • Modernized browser playground/tests:
    • Replaced legacy browserify/budo flow with Vitest browser mode + Playwright.
    • Added yarn browser:install, yarn browser:test, and a new yarn browser:watch flow.
    • CI now installs Chromium and runs browser smoke tests.

Expansion

... (truncated)

Changelog

Sourced from locutus's changelog.

v3.0.2

Released: 2026-03-03. Diff.

Expansion

  • Added Go stdlib-inspired expansions with parity coverage:
    • golang/time/Format
    • golang/time/Parse
    • golang/time/ParseDuration
    • golang/time/Unix
    • golang/time/UnixMilli
    • golang/time/UnixMicro
    • golang/strings/Cut
    • golang/strings/CutPrefix
    • golang/strings/CutSuffix
    • golang/strings/ReplaceAll
    • golang/strings/SplitN
    • golang/strconv/FormatFloat
    • golang/strconv/ParseFloat
    • golang/time/AddDate
    • golang/time/Sub
    • golang/time/Before
    • golang/time/After

Infrastructure

  • Extended Go parity translation helpers for new time exports (AddDate, Sub, Before, After) so CI parity checks stay green.
  • Refreshed selected generated test fixtures to match current snapshot output.

v3.0.1

Released: 2026-03-03. Diff.

Security

  • Hardened php/funchand/call_user_func_array callback resolution to avoid eval / new Function fallback paths for dynamic callback lookup.
  • Added a custom regression test to block code-injection payloads in array callback method names (test/custom/call_user_func_array-eval-injection.vitest.ts).

Infrastructure

  • Modernized browser playground/tests:
    • Replaced legacy browserify/budo flow with Vitest browser mode + Playwright.
    • Added yarn browser:install, yarn browser:test, and a new yarn browser:watch flow.
    • CI now installs Chromium and runs browser smoke tests.

Expansion

  • Added initial Tcl support with 10 string commands:
    • tcl/string/first

... (truncated)

Commits
  • e724a65 Release v3.0.2
  • 2aceec6 docs(changelog): cut v3.0.2 notes
  • 93bd96e Add Go time AddDate/Sub/Before/After (#543)
  • 69a1227 test(generated): refresh selected parity fixtures
  • 25f5aea Add Go time/string/strconv expansion with parity coverage (#542)
  • c89297d Release v3.0.1
  • 5b06d35 docs(changelog): cut v3.0.1 notes
  • 1292c0d chore: update stale callback-resolution comment
  • 35c870a fix(security): harden call_user_func_array callback resolution
  • d6a12d8 document js-native api boundary and php objectsAsArrays exception
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for locutus since your current version.


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 4, 2026
@dependabot
fix(deps): bump locutus from 2.0.32 to 3.0.2
36ab99e 
Bumps [locutus](https://github.com/locutusjs/locutus) from 2.0.32 to 3.0.2.
- [Release notes](https://github.com/locutusjs/locutus/releases)
- [Changelog](https://github.com/locutusjs/locutus/blob/main/CHANGELOG.md)
- [Commits](locutusjs/locutus@v2.0.32...v3.0.2)

---
updated-dependencies:
- dependency-name: locutus
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/locutus-3.0.2 branch from 2480a89 to 36ab99e Compare March 19, 2026 04:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants