Skip to content

chore: (deps): bump @exodus/bytes from 1.12.0 to 1.14.0 #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore: (deps): bump @exodus/bytes from 1.12.0 to 1.14.0 #80

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 12, 2026

Bumps @exodus/bytes from 1.12.0 to 1.14.0.

Release notes

Sourced from @​exodus/bytes's releases.

v1.14.0

  • Fix makeBase58check() Typescript types

  • Add sideEffects configuration

    Only @exodus/bytes/encoding.js export has side-effects, and those side-effects are internal:

    It is documented to load multi-byte codecs for both this import and future (and previous) /encoding-lite.js imports, even if the current import does not use the provided TextDecoder.

    Both /encoding.js and /encoding-lite.js are designed to return the exact same TextDecoder class and methods, and loading full implementation provides multi-byte encodings support everywhere.

    As /encoding-lite.js can be used as a global polyfill, the setup has to avoid polyfill conflicts if something loads /encoding.js and then something else replaces it with /encoding-lite.js (or vice versa)

    The same mechanism is reused to keep /whatwg.js minimal by default, and only support multi-byte encodings if /encoding.js was imported and loaded them at any point.

    This is not a new change, just documenting the existing behavior and exposing sideEffects configuration so that bundlers can optmize out other imports.

  • Further bundle size optimizations

Full Changelog: ExodusOSS/bytes@v1.13.0...v1.14.0

v1.13.0

What's Changed

  • Bundle size reductions, especially for browsers

    Under browser module resolution target, we rely on browsers to have a working UTF-8 / UTF-16 / windows-1252 (latin1 subset) TextDecoder implementation that doesn't have bugs when used without streaming and with ignoreBOM: true, and a TextEncoder

    While browsers have bugs even in UTF-8, those bugs are related to streams and/or BOM processing, and that specific combination we use seems to be always robust.

    In previous versions we already used native codepaths for those where possible and operated under the same assumption.

  • Disable hex/base64 performance optimization for Firefox >=133 <146

    We used a guarded useragent check for those versions to prefer js fallback instead of native base64 / hex implementations, as native was slow before FF 146 (ref: https://bugzilla.mozilla.org/show_bug.cgi?id=1994067 and linked issues)

    As the usage of FF <146 diminished according to caniuse stats, this check is not worth it anymore.

    This version removes that useragent check.

    Those Firefox versions are still supported by the library, but now the native base64 / hex implementation is always used when available.

    See ExodusOSS/bytes@8cab29a for implementation details.

Full Changelog: ExodusOSS/bytes@v1.12.0...v1.13.0

Commits
  • 9cc2f20 v1.14.0
  • 6acaba7 doc: encoding-lite is even smaller now
  • 7c6e436 size: drop useless destructuring to make import pure
  • 18f4738 types: fix makeBase58check types
  • 170c628 size: label more exports as PURE for further bundle size reduction
  • 7aa5adc size: don't destructure globalThis for Buffer in /array.js
  • 8360705 size: smaller utf16 by moving encodeCharcodes to /platform
  • cb9effa size: label Buffer global as pure
  • d76e939 feat: add sideEffects configuration
  • 7767772 test: increase Firefox timeout to 60s
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore: (deps): bump @exodus/bytes from 1.12.0 to 1.14.0
0031bd2 
Bumps [@exodus/bytes](https://github.com/ExodusOSS/bytes) from 1.12.0 to 1.14.0.
- [Release notes](https://github.com/ExodusOSS/bytes/releases)
- [Commits](ExodusOSS/bytes@v1.12.0...v1.14.0)

---
updated-dependencies:
- dependency-name: "@exodus/bytes"
  dependency-version: 1.14.0
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Feb 12, 2026

✅ Merged into securite branch for batch processing.

@github-actions github-actions bot closed this Feb 12, 2026
@github-actions github-actions bot deleted the dependabot/npm_and_yarn/exodus/bytes-1.14.0 branch February 12, 2026 06:16
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 12, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

auto-merge configuration dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants