chore(deps): bump the dependencies group across 1 directory with 9 updates by dependabot[bot] · Pull Request #357 · NodeSecure/scanner

dependabot · 2025-03-31T09:45:40Z

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
@nodesecure/js-x-ray	`7.3.0`	`8.1.0`
pacote	`18.0.6`	`21.0.0`
semver	`7.6.3`	`7.7.1`
@types/semver	`7.5.8`	`7.7.0`
@npmcli/arborist	`7.5.4`	`9.0.1`
itertools	`2.3.2`	`2.4.1`
npm-pick-manifest	`9.1.0`	`10.0.0`
cacache	`18.0.4`	`19.0.1`
type-fest	`4.24.0`	`4.38.0`

Updates @nodesecure/js-x-ray from 7.3.0 to 8.1.0

Release notes

Sourced from @nodesecure/js-x-ray's releases.

v8.1.0

Full Changelog: NodeSecure/js-x-ray@v8.1.0...v8.1.0

What's Changed

chore(deps): bump meriyah from 5.0.0 to 6.0.0 in the dependencies group by @dependabot in NodeSecure/js-x-ray#301

Update Node.js versions to v20 and v22 by @fabnguess in NodeSecure/js-x-ray#305

fix: implement isESMExport probe to consider export stmts as dependencies by @fraxken in NodeSecure/js-x-ray#307

Update copyright by @fabnguess in NodeSecure/js-x-ray#308

fix(SourceFile): ignore try/finally statements for inTryStatement by @fraxken in NodeSecure/js-x-ray#313

Full Changelog: NodeSecure/js-x-ray@v8.0.0...v8.1.0

v8.0.0

What's Changed

chore(deps): bump meriyah from 4.5.0 to 5.0.0 in the dependencies group by @dependabot in NodeSecure/js-x-ray#285

chore(deps-dev): bump @types/node from 20.14.13 to 22.0.0 in the development-dependencies group by @dependabot in NodeSecure/js-x-ray#286

fix: type issues in api.d.ts by @fraxken in NodeSecure/js-x-ray#287

chore(deps): bump the github-actions group with 5 updates by @dependabot in NodeSecure/js-x-ray#288

chore(deps): bump @typescript-eslint/typescript-estree from 7.18.0 to 8.0.0 in the dependencies group by @dependabot in NodeSecure/js-x-ray#289

fix(EntryFilesAnalyser): add missing options and patch some minors issues by @fraxken in NodeSecure/js-x-ray#291

refactor: fix deprecation in tests & update eslint by @fraxken in NodeSecure/js-x-ray#292

feat(EntryFilesAnalyser): implement digraph-js by @fraxken in NodeSecure/js-x-ray#293

feat: trace process.getBuiltinModule by @fraxken in NodeSecure/js-x-ray#294

fix(Deobfuscator): return if Node is null in extractCounterIdentifiers by @fraxken in NodeSecure/js-x-ray#296

Prepare major 8 by @fraxken in NodeSecure/js-x-ray#297

Full Changelog: NodeSecure/js-x-ray@v7.3.0...v8.0.0

Commits

546033a 8.1.0
dcb991b fix(SourceFile): ignore try/finally statements for inTryStatement (#313)
e208aba chore(deps): bump the github-actions group with 5 updates (#311)
9479f0b chore(deps-dev): bump @openally/config.eslint (#310)
4dbb67b chore(deps): bump the github-actions group with 5 updates (#309)
fae3db1 chore: update copyright (#308)
6097324 fix: implement isESMExport probe to consider export stmts as dependencies (#307)
d3052b4 chore: update Node.js versions to v20 and v22 (#305)
40249c5 chore(deps): bump the github-actions group with 3 updates (#306)
d2f1ffb chore(deps): bump the github-actions group with 3 updates (#304)
Additional commits viewable in compare view

Updates pacote from 18.0.6 to 21.0.0

Release notes

Sourced from pacote's releases.

v21.0.0

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

bun.lockb files are now included in the strict ignore list during packing

this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@wraithgar)

Dependencies

2cb6fa7 #415 npm-packlist@10.0.0 (#415)

47b928c #412 replace node builtin rmSync with rimraf (#412) (@mbtools)

Chores

b6f35a2 #402 bump @npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@dependabot[bot])

1ef54ba #408 support tests on win32 (#408) (@mbtools)

555b000 #401 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@dependabot[bot], @npm-cli-bot)

v20.0.0

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

honors ignoreScripts property within options

Bug Fixes

f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@reggi)

v19.0.1

19.0.1 (2024-10-15)

Bug Fixes

cbf94e8 #389 prepare script respects scriptshell config (#389) (@milaninfy)

2b2948f #403 log tarball retrieval from cache (#403) (@mbtools, @wraithgar)

Dependencies

a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@bdehamer)

v19.0.0

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

03b31ca #392 align to npm 10 node engine range (@reggi)

Dependencies

f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@dependabot[bot])

932b9ab #396 bump @npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@dependabot[bot])

a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@dependabot[bot])

c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@dependabot[bot])

6d59022 #399 bump @npmcli/git from 5.0.8 to 6.0.0 (#399)

21ea2d4 #400 bump @npmcli/run-script from 8.1.0 to 9.0.0 (#400)

eddbc01 #392 ssri@12.0.0

6c672e9 #392 proc-log@5.0.0

03ba2a2 #392 npm-packlist@9.0.0

2710286 #392 npm-package-arg@12.0.0

aa0bd4a #392 @npmcli/promise-spawn@8.0.0

df23343 #392 @npmcli/installed-package-contents@3.0.0

Chores

... (truncated)

Changelog

Sourced from pacote's changelog.

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

bun.lockb files are now included in the strict ignore list during packing

this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@wraithgar)

Dependencies

2cb6fa7 #415 npm-packlist@10.0.0 (#415)

47b928c #412 replace node builtin rmSync with rimraf (#412) (@mbtools)

Chores

b6f35a2 #402 bump @npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@dependabot[bot])

1ef54ba #408 support tests on win32 (#408) (@mbtools)

555b000 #401 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@dependabot[bot], @npm-cli-bot)

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

honors ignoreScripts property within options

Bug Fixes

f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@reggi)

19.0.1 (2024-10-15)

Bug Fixes

cbf94e8 #389 prepare script respects scriptshell config (#389) (@milaninfy)

2b2948f #403 log tarball retrieval from cache (#403) (@mbtools, @wraithgar)

Dependencies

a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@bdehamer)

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

03b31ca #392 align to npm 10 node engine range (@reggi)

Dependencies

f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@dependabot[bot])

932b9ab #396 bump @npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@dependabot[bot])

a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@dependabot[bot])

c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@dependabot[bot])

6d59022 #399 bump @npmcli/git from 5.0.8 to 6.0.0 (#399)

21ea2d4 #400 bump @npmcli/run-script from 8.1.0 to 9.0.0 (#400)

eddbc01 #392 ssri@12.0.0

6c672e9 #392 proc-log@5.0.0

03ba2a2 #392 npm-packlist@9.0.0

2710286 #392 npm-package-arg@12.0.0

aa0bd4a #392 @npmcli/promise-spawn@8.0.0

df23343 #392 @npmcli/installed-package-contents@3.0.0

Chores

e4ed5cd #392 bump hosted-git-info ^7.0.0 to ^8.0.0 (@reggi)

2871f56 #392 run template-oss-apply (@reggi)

39643f1 #382 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

7e33c82 #383 postinstall for dependabot template-oss PR (@hashtagchris)

... (truncated)

Commits

bf1f60f chore: release 21.0.0 (#413)
2cb6fa7 deps!: npm-packlist@10.0.0 (#415)
b6f35a2 chore: bump @npmcli/arborist from 7.5.4 to 8.0.0 (#402)
844dc08 fix!: update node engines to ^20.17.0 || >=22.9.0 (#414)
555b000 chore: bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#401)
47b928c deps: replace node builtin rmSync with rimraf (#412)
1ef54ba chore: support tests on win32 (#408)
d606b58 chore: release 20.0.0 (#410)
f27af63 fix!: honors ignoreScripts option to prevent prepare lifecycle script
a854c79 chore: release 19.0.1 (#406)
Additional commits viewable in compare view

Updates semver from 7.6.3 to 7.7.1

Release notes

Sourced from semver's releases.

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

af761c0 #764 inc: fully capture prerelease identifier (#764) (@wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

0864b3c #753 add "release" inc type (#753) (@mbtools)

Bug Fixes

d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@eminberkayd, berkay.daglar)

8a34bde #754 add identifier validation to inc() (#754) (@mbtools)

Documentation

67e5478 #756 readme: added missing period for consistency (#756) (@shaymolcho)

868d4bb #749 clarify comment about obsolete prefixes (#749) (@mbtools, @ljharb)

Chores

145c554 #741 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

753e02b #747 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@dependabot[bot], @npm-cli-bot)

0b812d5 #744 postinstall for dependabot template-oss PR (@hashtagchris)

Changelog

Sourced from semver's changelog.

7.7.1 (2025-02-03)

Bug Fixes

af761c0 #764 inc: fully capture prerelease identifier (#764) (@wraithgar)

7.7.0 (2025-01-29)

Features

0864b3c #753 add "release" inc type (#753) (@mbtools)

Bug Fixes

d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@eminberkayd, berkay.daglar)

8a34bde #754 add identifier validation to inc() (#754) (@mbtools)

Documentation

67e5478 #756 readme: added missing period for consistency (#756) (@shaymolcho)

868d4bb #749 clarify comment about obsolete prefixes (#749) (@mbtools, @ljharb)

Chores

145c554 #741 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

753e02b #747 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@dependabot[bot], @npm-cli-bot)

0b812d5 #744 postinstall for dependabot template-oss PR (@hashtagchris)

Commits

30c438b chore: release 7.7.1 (#765)
af761c0 fix(inc): fully capture prerelease identifier (#764)
2cfcbb5 chore: release 7.7.0 (#750)
d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
753e02b chore: bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747)
8a34bde fix: add identifier validation to inc() (#754)
0864b3c feat: add "release" inc type (#753)
67e5478 docs(readme): added missing period for consistency (#756)
868d4bb docs: clarify comment about obsolete prefixes (#749)
145c554 chore: bump @npmcli/eslint-config from 4.0.5 to 5.0.0
Additional commits viewable in compare view

Updates @types/semver from 7.5.8 to 7.7.0

Commits

See full diff in compare view

Updates @npmcli/arborist from 7.5.4 to 9.0.1

Release notes

Sourced from @npmcli/arborist's releases.

arborist: v9.0.1

9.0.1 (2025-03-05)

Bug Fixes

b9225e5 #8089 resolve override conflicts and apply correct versions (#8089) (@owlstronaut)

d586f3b #8117 remove duplicate var (#8117) (@TrevorBurnham)

811ca29 #8115 stop working around bug fixed in npm-package-arg@12.0.2 (@TrevorBurnham)

libnpmpack: v9.0.1

Dependencies

workspace: @npmcli/arborist@9.0.1

config: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

@npmcli/config now supports node ^18.17.0 || >=20.5.0

Bug Fixes

f846ad3 #7803 align @npmcli/config to npm 10 node engine range (@reggi)

Dependencies

f6909a0 #7803 update proc-log@5.0.0

105fa2b #7803 update nopt@8.0.0

f54b155 #7803 update ini@5.0.0

2076368 #7803 update @npmcli/package-json@6.0.1

feac87c #7803 update @npmcli/map-workspaces@4.0.1

Chores

2072705 #7803 update @npmcli/eslint-config@5.0.1 (@reggi)

8035725 #7756 @npmcli/template-oss@4.23.3 (@wraithgar)

libnpmaccess: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

libnpmaccess now supports node ^18.17.0 || >=20.5.0

Bug Fixes

73068d6 #7803 align libnpmaccess to npm 10 node engine range (@reggi)

Dependencies

d13a20b #7803 update npm-registry-fetch@18.0.1

50a7bc8 #7803 update npm-package-arg@12.0.0

Chores

2072705 #7803 update @npmcli/eslint-config@5.0.1 (@reggi)

8035725 #7756 @npmcli/template-oss@4.23.3 (@wraithgar)

libnpmexec: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

libnpmexec now supports node ^18.17.0 || >=20.5.0

Bug Fixes

a2c8016 #7803 align libnpmexec to npm 10 node engine range (@reggi)

Dependencies

99ccae3 #7803 update bin-links@5.0.0

9cd6603 #7803 update read-package-json-fast@4.0.0

... (truncated)

Changelog

Sourced from @npmcli/arborist's changelog.

9.0.1 (2025-03-05)

Bug Fixes

b9225e5 #8089 resolve override conflicts and apply correct versions (#8089) (@owlstronaut)

d586f3b #8117 remove duplicate var (#8117) (@TrevorBurnham)

811ca29 #8115 stop working around bug fixed in npm-package-arg@12.0.2 (@TrevorBurnham)

9.0.0 (2024-12-16)

Features

a7bfc6d #7972 trigger release process (#7972) (@wraithgar)

Chores

a07f4e0 #7976 @npmcli/template-oss@4.23.6 (@wraithgar)

9.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.

bun.lockb files are now included in the strict ignore list during packing

Features

f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@reggi, @ljharb)

Dependencies

c0bcc2a #7955 walk-up-path@4.0.0

4bf1901 #7945 @npmcli/metavuln-calculator@9.0.0

ca84b22 #7945 pacote@21.0.0

9.0.0-pre.0 (2024-11-26)

⚠️ BREAKING CHANGES

--ignore-scripts now applies to all lifecycle scripts, include prepare

npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.

@npmcli/arborist now supports node ^20.17.0 || >=22.9.0

Features

6995303 #7850 adds --ignore-scripts flag to pack (@reggi)

Bug Fixes

080a0f2 #7911 remove old audit fallback request (@wraithgar)

3ffc08b #7831 for @npmcli/arborist sets node engine range to ^20.17.0 || >=22.9.0 (@reggi)

Dependencies

7dbef6f #7850 pacote@20.0.0

75a3f12 #7859 remove unused deps (#7859)

Chores

6edfe2f #7937 @npmcli/template-oss@4.23.5 (@wraithgar)

8.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

@npmcli/arborist now supports node ^18.17.0 || >=20.5.0

Features

4d57928 #7766 devEngines (#7766) (@reggi)

Bug Fixes

365580a #7803 align @npmcli/arborist to npm 10 node engine range (@reggi)

Dependencies

5795987 #7803 update proggy@3.0.0

99ccae3 #7803 update bin-links@5.0.0

75786ad #7803 update @npmcli/query@4.0.0

... (truncated)

Commits

ca93f3e chore: release 9.0.1
de6618e deps: @npmcli/promise-spawn@5.0.0 (#5757)
3dd8d68 feat: sort and quote yarn lock keys according to yarn rules (#5751)
bc5ec05 chore: release 9.0.0
2929899 chore: release 9.0.0-pre.6
88137a3 deps: npmlog@7.0.1
e2e7622 chore: update arborist snapshot from hosted-git-info changes
5aa0c2d chore: @npmcli/template-oss@4.6.2
2008ea6 deps: npm-package-arg@10.0.0, pacote@15.0.2
1afe5ba fix: account for new npm-package-arg behavior
Additional commits viewable in compare view

Updates itertools from 2.3.2 to 2.4.1

Release notes

Sourced from itertools's releases.

v2.4.1

Use bundler module resolution setting (recommended setting for libraries that use a bundler)

Upgrade dev dependencies

v2.4.0
Add second param index to all predicates. This will make operations like partitioning a list based on the element position as easy as partitioning based on the element value, for example:
const items = [1, 2, 3, 4, 5, 6, 7, 8, 9];
const [thirds, rest] = partition(items, (item, index) => index % 3 === 0);
console.log(thirds); // [1, 4, 7]
console.log(rest); // [2, 3, 5, 6, 8, 9]
Officially drop Node 16 support (it may still work)

Changelog

Sourced from itertools's changelog.

[2.4.1] - 2025-02-25

Use bundler module resolution setting (recommended setting for libraries that use a bundler)

Upgrade dev dependencies

[2.4.0] - 2025-02-19
Add second param index to all predicates. This will make operations like partitioning a list based on the element position as easy as partitioning based on the element value, for example:
const items = [1, 2, 3, 4, 5, 6, 7, 8, 9];
const [thirds, rest] = partition(items, (item, index) => index % 3 === 0);
console.log(thirds); // [1, 4, 7]
console.log(rest); // [2, 3, 5, 6, 8, 9]
Officially drop Node 16 support (it may still work)

Commits

c4229e3 Release 2.4.1
f1dec5c Upgrade dependencies
444a7a3 More tsconfig tweaks
8f83cab Use bundler module resolution
a280c0d Update publint
cb1c0f9 Use recommended TS settings for libraries (#1136)
9b596d0 Release 2.4.0
1afd944 Upgrade more dependencies
1f6756c Upgrade attw and publint
6fcb3e4 Upgrade Vitest to v3 (#1135)
Additional commits viewable in compare view

Updates npm-pick-manifest from 9.1.0 to 10.0.0

Release notes

Sourced from npm-pick-manifest's releases.

v10.0.0

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

dd83a53 #145 align to npm 10 node engine range (@reggi)

Dependencies

6b4df8d #145 npm-package-arg@12.0.0

c2ae5b7 #145 npm-normalize-package-bin@4.0.0

e948cef #145 npm-install-checks@7.1.0

Chores

2e1fdb4 #145 run template-oss-apply (@reggi)

7891f6b #140 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

ae2ffc5 #138 postinstall for dependabot template-oss PR (@hashtagchris)

7744312 #138 bump @npmcli/template-oss from 4.22.0 to 4.23.3 (@dependabot[bot])

Changelog

Sourced from npm-pick-manifest's changelog.

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

dd83a53 #145 align to npm 10 node engine range (@reggi)

Dependencies

…dates Bumps the dependencies group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@nodesecure/js-x-ray](https://github.com/NodeSecure/js-x-ray) | `7.3.0` | `8.1.0` | | [pacote](https://github.com/npm/pacote) | `18.0.6` | `21.0.0` | | [semver](https://github.com/npm/node-semver) | `7.6.3` | `7.7.1` | | [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) | `7.5.8` | `7.7.0` | | [@npmcli/arborist](https://github.com/npm/cli/tree/HEAD/workspaces/arborist) | `7.5.4` | `9.0.1` | | [itertools](https://github.com/nvie/itertools) | `2.3.2` | `2.4.1` | | [npm-pick-manifest](https://github.com/npm/npm-pick-manifest) | `9.1.0` | `10.0.0` | | [cacache](https://github.com/npm/cacache) | `18.0.4` | `19.0.1` | | [type-fest](https://github.com/sindresorhus/type-fest) | `4.24.0` | `4.38.0` | Updates `@nodesecure/js-x-ray` from 7.3.0 to 8.1.0 - [Release notes](https://github.com/NodeSecure/js-x-ray/releases) - [Commits](NodeSecure/js-x-ray@v7.3.0...v8.1.0) Updates `pacote` from 18.0.6 to 21.0.0 - [Release notes](https://github.com/npm/pacote/releases) - [Changelog](https://github.com/npm/pacote/blob/main/CHANGELOG.md) - [Commits](npm/pacote@v18.0.6...v21.0.0) Updates `semver` from 7.6.3 to 7.7.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.3...v7.7.1) Updates `@types/semver` from 7.5.8 to 7.7.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver) Updates `@npmcli/arborist` from 7.5.4 to 9.0.1 - [Release notes](https://github.com/npm/cli/releases) - [Changelog](https://github.com/npm/cli/blob/latest/workspaces/arborist/CHANGELOG.md) - [Commits](https://github.com/npm/cli/commits/v9.0.1/workspaces/arborist) Updates `itertools` from 2.3.2 to 2.4.1 - [Release notes](https://github.com/nvie/itertools/releases) - [Changelog](https://github.com/nvie/itertools/blob/main/CHANGELOG.md) - [Commits](nvie/itertools@v2.3.2...v2.4.1) Updates `npm-pick-manifest` from 9.1.0 to 10.0.0 - [Release notes](https://github.com/npm/npm-pick-manifest/releases) - [Changelog](https://github.com/npm/npm-pick-manifest/blob/main/CHANGELOG.md) - [Commits](npm/npm-pick-manifest@v9.1.0...v10.0.0) Updates `cacache` from 18.0.4 to 19.0.1 - [Release notes](https://github.com/npm/cacache/releases) - [Changelog](https://github.com/npm/cacache/blob/main/CHANGELOG.md) - [Commits](npm/cacache@v18.0.4...v19.0.1) Updates `type-fest` from 4.24.0 to 4.38.0 - [Release notes](https://github.com/sindresorhus/type-fest/releases) - [Commits](sindresorhus/type-fest@v4.24.0...v4.38.0) --- updated-dependencies: - dependency-name: "@nodesecure/js-x-ray" dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: pacote dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@types/semver" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@npmcli/arborist" dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: itertools dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: npm-pick-manifest dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: cacache dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: type-fest dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-04-20T11:38:32Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 31, 2025

dependabot bot closed this Apr 20, 2025

dependabot bot deleted the dependabot/npm_and_yarn/dependencies-2cc1c6e94a branch April 20, 2025 11:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the dependencies group across 1 directory with 9 updates#357

chore(deps): bump the dependencies group across 1 directory with 9 updates#357
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/dependencies-2cc1c6e94a

dependabot bot commented on behalf of github Mar 31, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Apr 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 31, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.1.0

What's Changed

v8.0.0

What's Changed

v21.0.0

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

Bug Fixes

Dependencies

Chores

v20.0.0

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

Bug Fixes

v19.0.1

19.0.1 (2024-10-15)

Bug Fixes

Dependencies

v19.0.0

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

Bug Fixes

Dependencies

Chores

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

Bug Fixes

Dependencies

Chores

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

Bug Fixes

19.0.1 (2024-10-15)

Bug Fixes

Dependencies

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

Bug Fixes

Dependencies

Chores

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

v7.7.0

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

7.7.1 (2025-02-03)

Bug Fixes

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

arborist: v9.0.1

9.0.1 (2025-03-05)

Bug Fixes

libnpmpack: v9.0.1

Dependencies

config: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

Bug Fixes

Dependencies

Chores

libnpmaccess: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

Bug Fixes

Dependencies

Chores

libnpmexec: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

Bug Fixes

dependabot bot commented on behalf of github Mar 31, 2025 •

edited

Loading