Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Aug 29, 2025

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package From To
semver 5.7.1 5.7.2
@babel/traverse 7.22.17 7.28.3
@octokit/request 5.3.1 8.4.1
@actions/github 4.0.0 6.0.1
@octokit/rest 16.43.2 22.0.0
actions-toolkit 2.2.0 6.0.1
brace-expansion 1.1.11 1.1.12
braces 3.0.2 3.0.3

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates @babel/traverse from 7.22.17 to 7.28.3

Release notes

Sourced from @​babel/traverse's releases.

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

v7.28.2 (2025-07-24)

Thanks @​souhailaS for your first PR!

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

Committers: 4

v7.28.1 (2025-07-12)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

🐛 Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

📝 Documentation

↩️ Revert

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types

v7.28.0 (2025-07-02)

🚀 New Feature

... (truncated)

Commits

Updates @octokit/request from 5.3.1 to 8.4.1

Release notes

Sourced from @​octokit/request's releases.

v8.4.1

8.4.1 (2025-02-15)

Bug Fixes

v8.4.0

8.4.0 (2024-04-09)

Features

v8.3.1

8.3.1 (2024-04-05)

Bug Fixes

  • upgrade @octokit/endpoint (4e7127c)

v8.3.0

8.3.0 (2024-04-05)

Bug Fixes

Features

v8.2.0

8.2.0 (2024-02-09)

Features

  • add documentation link in error message (#667) (dbfeab2)

v8.1.6

8.1.6 (2023-11-22)

Bug Fixes

... (truncated)

Commits
  • 356411e fix: ReDos regex vulnerability, reported by @​DayShift (#741)
  • abc4955 feat: re-add redirect request option (#636)
  • 4e7127c fix: upgrade @octokit/endpoint
  • 2e67925 feat(security): Add provenance (#685)
  • 6822e8b fix: upgrade @octokit/types
  • dbfeab2 feat: add documentation link in error message (#667)
  • c013de4 docs: fix spelling errors (#671)
  • 3d22c38 chore(deps): update dependency prettier to v3.2.5
  • 984ec17 chore(deps): update dependency esbuild to ^0.20.0
  • 2a9cf78 ci(action): update peter-evans/create-or-update-comment action to v4
  • Additional commits viewable in compare view

Updates @actions/github from 4.0.0 to 6.0.1

Changelog

Sourced from @​actions/github's changelog.

6.0.1

  • Dependency updates #2043
  • Add context.runAttempt #1588

6.0.0

  • Support the latest Octokit in @​actions/github #1553
    • Drop support of NodeJS v14, v16

5.1.1

  • Export default octokit options #1188

5.1.0

  • Add additionalPlugins parameter to getOctokit method #1181
  • Dependency updates #1180

5.0.3

    • Update to v2.0.1 of @actions/http-client #1087

5.0.2

  • Update to v2.0.0 of @actions/http-client

5.0.1

5.0.0

Commits

Updates @octokit/rest from 16.43.2 to 22.0.0

Release notes

Sourced from @​octokit/rest's releases.

v22.0.0

22.0.0 (2025-05-25)

Bug Fixes

  • deps: update octokit monorepo (major) (#504) (77530ab)

BREAKING CHANGES

  • deps: Drop support for NodeJS v18
  • deps: Remove deprecated Projects endpoints
  • deps: Remove deprecated Copilot usage metrics endpoints

v21.1.1

21.1.1 (2025-02-14)

Bug Fixes

  • deps: update Octokit dependencies to mitigate ReDos [security] (#484) (ca256c3)

v21.1.0

21.1.0 (2025-01-08)

Features

  • new endpoints, bump Octokit deps to fix Deno (#477) (908b1c8)

v21.0.2

21.0.2 (2024-08-16)

Bug Fixes

v21.0.1

21.0.1 (2024-07-17)

Bug Fixes

... (truncated)

Commits
  • 77530ab fix(deps): update octokit monorepo (major) (#504)
  • d07b719 build(deps): Bump vite from 6.2.5 to 6.3.4 (#509)
  • 61b76da build(deps-dev): Bump http-proxy-middleware from 2.0.7 to 2.0.9 (#505)
  • 1710669 chore(deps): update dependency undici to v6.21.2 [security] (#513)
  • 8ef1473 build(deps): Bump vite from 6.0.11 to 6.2.5 (#503)
  • 1e8306b build(deps): Bump webpack-dev-middleware and gatsby in /docs (#497)
  • 3db0595 build(deps): Bump send and express in /docs (#490)
  • 27f09dd build(deps-dev): Bump webpack from 5.93.0 to 5.98.0 in /docs (#494)
  • 005b147 chore(deps): update dependency prismjs to v1.30.0 [security] (#493)
  • 3517730 chore(deps): update dependency semantic-release-plugin-update-version-in-file...
  • Additional commits viewable in compare view

Updates actions-toolkit from 2.2.0 to 6.0.1

Release notes

Sourced from actions-toolkit's releases.

v6.0.1

Just a couple of dependency updates for security!

What’s Changed

v6.0.0

This release includes two TypeScript changes - in an abundance of caution I've marked it as a new major version, but there aren't any changes other than the two PRs below. Have fun!

What’s Changed

v5.0.0

Breaking Changes

There are a couple of major improvements that are unfortunately breaking changes:

tools.context.issue returns a different object

Thanks to @​mheap, tools.context.issue now returns { owner, repo, issue_number } instead of { owner, repo, number }. This is due to a change in the Octokit SDK. To have parity with pull requests, there is now also tools.context.pullRequest, which returns { owner, repo, pull_number }.

See #118 for more information!

Toolkit#getFile is now Toolkit#readFile

The getFile method has been renamed to readFile, and the behavior has changed. It now uses fs.promises.readFile under the hood, so it returns a promise:

const tools = new Toolkit({ ... })
const contents = await tools.readFile('README.md')

See #121 for more information!

tools.store has been removed

This feature was added before the Actions runtime had a way to share data between actions. That now exists in the platform, as "outputs"! See #125 for the removal of Store, and #120 for it's "replacement", tools.outputs (thanks to @​abouroubi ✨):

tools.outputs.example = 'foo'

Toolkit#runInWorkspace is now Toolkit#exec

This method was useful, but @actions/exec is built more with the Actions runner in mind. So, now Toolkit#exec calls @actions/exec! This will be more stable for the finicky, ephemeral environments of Actions.

... (truncated)

Commits
  • 0215e87 6.0.1
  • 7fd5db1 Merge pull request #132 from JasonEtco/dependabot/npm_and_yarn/node-fetch-2.6.1
  • 9de578c Merge branch 'main' into dependabot/npm_and_yarn/node-fetch-2.6.1
  • 212fb31 Merge pull request #133 from JasonEtco/dependabot/npm_and_yarn/actions/core-1...
  • 81f91e8 Bump @​actions/core from 1.2.4 to 1.2.6
  • cd93e43 Bump node-fetch from 2.6.0 to 2.6.1
  • 7e261ae 6.0.0
  • 433cb37 Merge pull request #131 from JasonEtco/fix-context-types
  • 6d5ecd0 Improve types for context.issue/pull_request
  • 08ffc05 Merge pull request #129 from breeffy/branch-exit-return-never
  • Additional commits viewable in compare view

Updates @octokit/request-error from 1.2.0 to 2.1.0

Release notes

Sourced from @​octokit/request-error's releases.

v2.1.0

2.1.0 (2021-06-11)

Features

  • error.response. Deprecates error.headers (#194) (487082b)

v2.0.6

2.0.6 (2021-06-11)

Bug Fixes

  • deps: remove accidental dependencies i and npm (4d15158)

v2.0.5

2.0.5 (2021-01-25)

Bug Fixes

  • deps: lock file maintenance (da6adfc)

v2.0.4

2.0.4 (2020-12-01)

Bug Fixes

  • deps: bump @​octokit/types from 5.5.0 to 6.0.0 (656d9ba)

v2.0.3

2.0.3 (2020-11-01)

Bug Fixes

  • README: replace "cdn.pika.dev" with "cdn.skypack.dev" (235b6e6), closes #126 #127

v2.0.2

2.0.2 (2020-06-15)

Bug Fixes

  • deps: bump @​octokit/types from 4.1.9 to 5.0.1 (f8ba55f)

v2.0.1

2.0.1 (2020-05-21)

... (truncated)

Commits
  • 487082b feat: error.response. Deprecates error.headers (#194)
  • 4c6f85f build(package): lock file
  • 4d15158 fix(deps): remove accidental dependencies i and npm
  • 866885d build(deps): lock file maintenance
  • d924684 chore(deps): update dependency prettier to v2.3.1
  • f44850b ci(action): update actions/setup-node action to v2 (#191)
  • fc22949 ci: fix "Update Prettier" workflow (#189)
  • 1e626c8 build(deps): lock file maintenance
  • 9fdc4ac build(deps): bump ws from 7.4.5 to 7.4.6
  • 70fde30 chore(deps): update dependency jest to v27
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by octokitbot, a new releaser for @​octokit/request-error since your current version.


Updates @octokit/plugin-paginate-rest from 1.1.2 to 2.21.3

Release notes

Sourced from @​octokit/plugin-paginate-rest's releases.

v2.21.3

2.21.3 (2022-07-21)

Bug Fixes

  • revert change to @octokit/core peer dependency (#420) (b638bab), closes #418

v2.21.2

2.21.2 (2022-07-08)

Bug Fixes

  • deps: update dependency @​octokit/core to v4 (7b25d72)

v2.21.1

2.21.1 (2022-07-02)

Bug Fixes

  • rename org_id path parameter for GET /orgs/{org_id}/codespaces to org (1ae2a09)

v2.21.0

2.21.0 (2022-06-30)

Features

  • add pagination support for 2 new APIs and 10 omitted existing ones (4c6b596)

v2.20.0

2.20.0 (2022-06-28)

Features

  • add support for pagination in GET /orgs/{org_id}/codespaces (#397) (3e38fbf)

v2.19.0

2.19.0 (2022-06-20)

Features

  • POST /repos/{owner}/{repo}/dependency-graph/snapshots (2537cce)

v2.18.0

New endpoint types

... (truncated)

Commits
  • b638bab fix: revert change to @octokit/core peer dependency (#420)
  • a2eceb1 chore: auto-generate scripts/update-endpoints/generated/endpoints.json (#417)
  • d970a80 build(deps): lock file maintenance (#416)
  • 198258b chore(deps): bump @octokit/types to latest (v6.40.0) (#415)
  • 2a7eac7 chore: update scripts/update-endpoints/generated/endpoints.json with latest...
  • 107989e ci(action): update actions/setup-node digest to 2fddd88 (#413)
  • c0c2edf ci(action): update github/codeql-action digest to 3e7e3b3 (#412)
  • c856f60 build(deps): updates pika/pack to a non vulnerable version (#411)
  • 09af476 ci(action): update actions/setup-node digest to 5b949b5 (#410)
  • 0f31aac ci(codeql): remove git checkout HEAD^2 (#409)
  • Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates braces from 3.0.2 to 3.0.3

Commits

Updates cross-spawn from 6.0.5 to 6.0.6

Changelog

Sourced from cross-spawn's changelog.

6.0.6 (2024-11-18)

Bug Fixes

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 11 u…
02a7a8c 
…pdates

Bumps the npm_and_yarn group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.22.17` | `7.28.3` |
| [@octokit/request](https://github.com/octokit/request.js) | `5.3.1` | `8.4.1` |
| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `4.0.0` | `6.0.1` |
| [@octokit/rest](https://github.com/octokit/rest.js) | `16.43.2` | `22.0.0` |
| [actions-toolkit](https://github.com/JasonEtco/actions-toolkit) | `2.2.0` | `6.0.1` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |



Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `@babel/traverse` from 7.22.17 to 7.28.3
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.3/packages/babel-traverse)

Updates `@octokit/request` from 5.3.1 to 8.4.1
- [Release notes](https://github.com/octokit/request.js/releases)
- [Commits](octokit/request.js@v5.3.1...v8.4.1)

Updates `@actions/github` from 4.0.0 to 6.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

Updates `@octokit/rest` from 16.43.2 to 22.0.0
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](octokit/rest.js@v16.43.2...v22.0.0)

Updates `actions-toolkit` from 2.2.0 to 6.0.1
- [Release notes](https://github.com/JasonEtco/actions-toolkit/releases)
- [Commits](JasonEtco/actions-toolkit@v2.2.0...v6.0.1)

Updates `@octokit/request-error` from 1.2.0 to 2.1.0
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](octokit/request-error.js@v1.2.0...v2.1.0)

Updates `@octokit/plugin-paginate-rest` from 1.1.2 to 2.21.3
- [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases)
- [Commits](octokit/plugin-paginate-rest.js@v1.1.2...v2.21.3)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `cross-spawn` from 6.0.5 to 6.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 5.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.28.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request"
  dependency-version: 8.4.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@actions/github"
  dependency-version: 6.0.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/rest"
  dependency-version: 22.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: actions-toolkit
  dependency-version: 6.0.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request-error"
  dependency-version: 2.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/plugin-paginate-rest"
  dependency-version: 2.21.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 3.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-version: 6.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Aug 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants