Skip to content

Bump pako from 2.1.0 to 3.0.1#218

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/pako-3.0.1
Open

Bump pako from 2.1.0 to 3.0.1#218
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/pako-3.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps pako from 2.1.0 to 3.0.1.

Changelog

Sourced from pako's changelog.

3.0.1 - 2026-07-06

Changed

  • Narrow Uint8Array type to ArrayBuffer only
  • Added Z_STREAM_ERROR check (reachable only via wrong options call)

[3.0.0] - 2026-06-26

Added

  • Generated type definitions.
  • Low-level zlib API exports.
  • .onStart() hooks for advanced stream setup.

Changed

  • Switched sources to TypeScript, and tests, examples and benchmarks to ESM.
  • Changed exports to named-only. Use import * as pako from 'pako' instead of default import if you need the whole API as an object.
  • Changed package files layout. See package.json for supported entry points.
  • legacyHash default is now false. Binary output is now compatible with nodejs by default.
  • dictionary option now accepts only Uint8Array / ArrayBuffer (no String anymore).
  • .onEnd() now only assembles output chunks into result, and no longer sets the err / msg fields.
  • Use native TextEncoder / TextDecoder for string conversion. Removed shims.
  • Replaced { to: 'string' }) with { toText: true }) for UTF-8 text output in high-level helpers (inflate, inflateRaw, ungzip).
  • Build dist/ on publish instead of keeping generated bundles in git.
  • Inflate.push() after stream end returns the decode result, not always false.

Removed

  • Default export. import pako from 'pako' is no longer supported.
  • { to: 'string' }) option from the streaming Inflate class. It now always emits byte chunks.
  • Automatic gzip header collection in Inflate. Use .onStart() with zlibInflateGetHeader() to read gzip metadata.
  • Prebuilt dist/ bundles from repository.

[2.2.0] - 2026-06-22

Added

  • Alternate deflate hash (ANZAC++) - for nodejs zlib compatibility. A nice bonus ~ 40% speed boost.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pako](https://github.com/nodeca/pako) from 2.1.0 to 3.0.1.
- [Changelog](https://github.com/nodeca/pako/blob/master/CHANGELOG.md)
- [Commits](nodeca/pako@2.1.0...3.0.1)

---
updated-dependencies:
- dependency-name: pako
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants