chore(deps): bump @dicebear/initials and @dicebear/collection

[dependabot]

Bumps @dicebear/initials to 9.4.1 and updates ancestor dependency @dicebear/collection. These dependencies need to be updated together.

Updates @dicebear/initials from 9.2.4 to 9.4.1

Release notes

Sourced from @​dicebear/initials's releases.

DiceBear 9.4 - Release Notes

Security

• @dicebear/converter: ensureSize() no longer reads the SVG's width / height attributes to determine the output canvas size. Previously, a crafted SVG with extremely large dimensions could cause excessive memory allocation (DoS). Thanks to @​maru1009 for reporting this issue.

New features

• @dicebear/converter: New size option for toPng, toJpeg, toWebp, and toAvif (default: 512, max: 2048). Invalid values (NaN, <= 0, Infinity) fall back to 512.
• dicebear CLI: The --size flag is now forwarded to the converter, so rasterized output matches the requested avatar size.

Breaking changes

• @dicebear/converter: The output image size is no longer derived from the input SVG dimensions. It is always set by the size option.

DiceBear 9.3 - Release Notes

I would like to introduce you to a new avatar style. 🎉

A huge thank you to @​Johan-Melin for contributing this style in #474!

Say hello to ToonHead!

This avatar style is a remix of: ToonHead by Johan Melin, licensed under CC BY 4.0.

Documentation | Playground | Editor

Commits

• 8df173a v9.4.1
• cbfe86c Update dependencies
• af18af9 Fix: Escape XML attribute values in SVG output
• 1cc202d Add: Query string env variables to API docs
• 32ab520 Remove: bsky links
• a311078 Add: Favicon via RealFaviconGenerator
• f7f1abb Fix logo-readme.svg
• a50483e Fix: Brand assets in docs
• 2fcc870 Add: Stats page
• b728692 fix: update Umami analytics script URLs in documentation and HTML files
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​dicebear/initials since your current version.

Updates @dicebear/collection from 9.2.2 to 9.4.1

Release notes

Sourced from @​dicebear/collection's releases.

DiceBear 9.4 - Release Notes

Security

• @dicebear/converter: ensureSize() no longer reads the SVG's width / height attributes to determine the output canvas size. Previously, a crafted SVG with extremely large dimensions could cause excessive memory allocation (DoS). Thanks to @​maru1009 for reporting this issue.

New features

• @dicebear/converter: New size option for toPng, toJpeg, toWebp, and toAvif (default: 512, max: 2048). Invalid values (NaN, <= 0, Infinity) fall back to 512.
• dicebear CLI: The --size flag is now forwarded to the converter, so rasterized output matches the requested avatar size.

Breaking changes

• @dicebear/converter: The output image size is no longer derived from the input SVG dimensions. It is always set by the size option.

DiceBear 9.3 - Release Notes

I would like to introduce you to a new avatar style. 🎉

A huge thank you to @​Johan-Melin for contributing this style in #474!

Say hello to ToonHead!

This avatar style is a remix of: ToonHead by Johan Melin, licensed under CC BY 4.0.

Documentation | Playground | Editor

Commits

• 8df173a v9.4.1
• cbfe86c Update dependencies
• af18af9 Fix: Escape XML attribute values in SVG output
• 1cc202d Add: Query string env variables to API docs
• 32ab520 Remove: bsky links
• a311078 Add: Favicon via RealFaviconGenerator
• f7f1abb Fix logo-readme.svg
• a50483e Fix: Brand assets in docs
• 2fcc870 Add: Stats page
• b728692 fix: update Umami analytics script URLs in documentation and HTML files
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​dicebear/collection since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.