Skip to content

fix(deps): update dependency content-disposition to v2#880

Merged
nicotsx merged 2 commits into
mainfrom
renovate/content-disposition-2.x
May 19, 2026
Merged

fix(deps): update dependency content-disposition to v2#880
nicotsx merged 2 commits into
mainfrom
renovate/content-disposition-2.x

Conversation

@renovate

@renovate renovate Bot commented May 12, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
content-disposition ^1.1.0^2.0.0 age confidence

Release Notes

jshttp/content-disposition (content-disposition)

v2.0.0

Compare Source

Large refactor to make the parser 3x faster and lenient on input. Removes the default export and renames it to create.

import { create, parse, format } from 'content-disposition';

create('filename');

parse(
  'attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt',
);

format({
  type: 'attachment',
  parameters: {
    filename: '€ rates.txt',
  },
});

Adds a multipart option that can be used to parse the header within multipart/form-data appropriately.

Note: The filename in create is no longer normalized with basename, ensure you are using appropriate filenames and not exposing your directory structure by using absolute paths.

Changed

  • Rename exports (#​123) ec3a844
    • No default export, use create export instead
  • Removed basename from create, pass a filename instead of a full path
  • Refactor parser to be faster and lenient (e.g. now parses unicode)
  • Change filename in create to ASCII only (#​132) 3190b76
  • Null object performance bump (#​124) 7c7c9c0
  • Remove fallback behavior from decoder (#​127) 7086236
    • Invalid UTF-8 is no longer supported
  • Refactor project to TypeScript (#​118) 4fbf7ff

Added



Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/content-disposition-2.x branch 16 times, most recently from a39b318 to 8f756eb Compare May 19, 2026 18:52
@renovate renovate Bot force-pushed the renovate/content-disposition-2.x branch from 8f756eb to 815cb31 Compare May 19, 2026 18:54
@nicotsx nicotsx force-pushed the renovate/content-disposition-2.x branch from bcabffa to 2975651 Compare May 19, 2026 19:28
@renovate

renovate Bot commented May 19, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedcontent-disposition@​1.1.0 ⏵ 2.0.0100100100 +187 -3100

View full report

@nicotsx nicotsx merged commit 970a7fa into main May 19, 2026
11 checks passed
@nicotsx nicotsx deleted the renovate/content-disposition-2.x branch May 19, 2026 19:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant