Skip to content

chore(deps): bump immutable from 4.3.6 to 4.3.8 in /client#2097

Open
dependabot[bot] wants to merge 1 commit intodevelopmentfrom
dependabot/npm_and_yarn/client/immutable-4.3.8
Open

chore(deps): bump immutable from 4.3.6 to 4.3.8 in /client#2097
dependabot[bot] wants to merge 1 commit intodevelopmentfrom
dependabot/npm_and_yarn/client/immutable-4.3.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 5, 2026
edited
Loading

Bumps immutable from 4.3.6 to 4.3.8.

Release notes

Sourced from immutable's releases.

v4.3.8

Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

v4.3.7

What's Changed

Full Changelog: immutable-js/immutable-js@v4.3.6...v4.3.7

Changelog

Sourced from immutable's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning. Dates are formatted as YYYY-MM-DD.

Unreleased

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Documentation

Internal

5.1.3

TypeScript

Documentation

There has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown. The playground has been included on nearly all method examples. We added a page about browser extensions too: https://immutable-js.com/browser-extension/

Internal

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for immutable since your current version.


Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 5, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/client/immutable-4.3.8 branch from 9e356b5 to 2d5098d Compare March 17, 2026 02:29
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/client/immutable-4.3.8 branch from 2d5098d to 4ba64d3 Compare March 31, 2026 01:34
trillium
trillium approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@trillium trillium left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency patch/minor bump — safe to merge per security review.

@trillium
Copy link
Copy Markdown
Member

trillium commented Apr 28, 2026

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/client/immutable-4.3.8 branch from 4ba64d3 to 5ab5653 Compare April 28, 2026 08:33
@trillium
Copy link
Copy Markdown
Member

trillium commented Apr 28, 2026

@dependabot rebase

@dependabot
chore(deps): bump immutable from 4.3.6 to 4.3.8 in /client
5c7d4f2 
Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.3.6 to 4.3.8.
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v4.3.6...v4.3.8)

---
updated-dependencies:
- dependency-name: immutable
  dependency-version: 4.3.8
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/client/immutable-4.3.8 branch from 5ab5653 to 5c7d4f2 Compare April 28, 2026 08:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trillium trillium trillium approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@trillium