chore(deps): bump the dependencies group across 1 directory with 9 updates

Open dependabot[bot] opened this issue 10 months ago • 0 comments

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
@nodesecure/js-x-ray	`7.3.0`	`8.1.0`
pacote	`18.0.6`	`21.0.0`
semver	`7.6.3`	`7.7.1`
@types/semver	`7.5.8`	`7.7.0`
@npmcli/arborist	`7.5.4`	`9.0.1`
itertools	`2.3.2`	`2.4.1`
npm-pick-manifest	`9.1.0`	`10.0.0`
cacache	`18.0.4`	`19.0.1`
type-fest	`4.24.0`	`4.38.0`

Updates @nodesecure/js-x-ray from 7.3.0 to 8.1.0

Release notes

Sourced from @nodesecure/js-x-ray's releases.

v8.1.0

Full Changelog: https://github.com/NodeSecure/js-x-ray/compare/v8.1.0...v8.1.0

What's Changed

chore(deps): bump meriyah from 5.0.0 to 6.0.0 in the dependencies group by @dependabot in NodeSecure/js-x-ray#301

Update Node.js versions to v20 and v22 by @fabnguess in NodeSecure/js-x-ray#305

fix: implement isESMExport probe to consider export stmts as dependencies by @fraxken in NodeSecure/js-x-ray#307

Update copyright by @fabnguess in NodeSecure/js-x-ray#308

fix(SourceFile): ignore try/finally statements for inTryStatement by @fraxken in NodeSecure/js-x-ray#313

Full Changelog: https://github.com/NodeSecure/js-x-ray/compare/v8.0.0...v8.1.0

v8.0.0

What's Changed

chore(deps): bump meriyah from 4.5.0 to 5.0.0 in the dependencies group by @dependabot in NodeSecure/js-x-ray#285

chore(deps-dev): bump @types/node from 20.14.13 to 22.0.0 in the development-dependencies group by @dependabot in NodeSecure/js-x-ray#286

fix: type issues in api.d.ts by @fraxken in NodeSecure/js-x-ray#287

chore(deps): bump the github-actions group with 5 updates by @dependabot in NodeSecure/js-x-ray#288

chore(deps): bump @typescript-eslint/typescript-estree from 7.18.0 to 8.0.0 in the dependencies group by @dependabot in NodeSecure/js-x-ray#289

fix(EntryFilesAnalyser): add missing options and patch some minors issues by @fraxken in NodeSecure/js-x-ray#291

refactor: fix deprecation in tests & update eslint by @fraxken in NodeSecure/js-x-ray#292

feat(EntryFilesAnalyser): implement digraph-js by @fraxken in NodeSecure/js-x-ray#293

feat: trace process.getBuiltinModule by @fraxken in NodeSecure/js-x-ray#294

fix(Deobfuscator): return if Node is null in extractCounterIdentifiers by @fraxken in NodeSecure/js-x-ray#296

Prepare major 8 by @fraxken in NodeSecure/js-x-ray#297

Full Changelog: https://github.com/NodeSecure/js-x-ray/compare/v7.3.0...v8.0.0

Commits

546033a 8.1.0
dcb991b fix(SourceFile): ignore try/finally statements for inTryStatement (#313)
e208aba chore(deps): bump the github-actions group with 5 updates (#311)
9479f0b chore(deps-dev): bump @openally/config.eslint (#310)
4dbb67b chore(deps): bump the github-actions group with 5 updates (#309)
fae3db1 chore: update copyright (#308)
6097324 fix: implement isESMExport probe to consider export stmts as dependencies (#307)
d3052b4 chore: update Node.js versions to v20 and v22 (#305)
40249c5 chore(deps): bump the github-actions group with 3 updates (#306)
d2f1ffb chore(deps): bump the github-actions group with 3 updates (#304)
Additional commits viewable in compare view

Updates pacote from 18.0.6 to 21.0.0

Release notes

Sourced from pacote's releases.

v21.0.0

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

bun.lockb files are now included in the strict ignore list during packing

this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@wraithgar)

Dependencies

2cb6fa7 #415 [email protected] (#415)

47b928c #412 replace node builtin rmSync with rimraf (#412) (@mbtools)

Chores

b6f35a2 #402 bump @npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@dependabot[bot])

1ef54ba #408 support tests on win32 (#408) (@mbtools)

555b000 #401 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@dependabot[bot], @npm-cli-bot)

v20.0.0

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

honors ignoreScripts property within options

Bug Fixes

f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@reggi)

v19.0.1

19.0.1 (2024-10-15)

Bug Fixes

cbf94e8 #389 prepare script respects scriptshell config (#389) (@milaninfy)

2b2948f #403 log tarball retrieval from cache (#403) (@mbtools, @wraithgar)

Dependencies

a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@bdehamer)

v19.0.0

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

03b31ca #392 align to npm 10 node engine range (@reggi)

Dependencies

f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@dependabot[bot])

932b9ab #396 bump @npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@dependabot[bot])

a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@dependabot[bot])

c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@dependabot[bot])

6d59022 #399 bump @npmcli/git from 5.0.8 to 6.0.0 (#399)

21ea2d4 #400 bump @npmcli/run-script from 8.1.0 to 9.0.0 (#400)

eddbc01 #392 [email protected]

6c672e9 #392 [email protected]

03ba2a2 #392 [email protected]

2710286 #392 [email protected]

aa0bd4a #392 @npmcli/[email protected]

df23343 #392 @npmcli/[email protected]

Chores

... (truncated)

Changelog

Sourced from pacote's changelog.

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

bun.lockb files are now included in the strict ignore list during packing

this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@wraithgar)

Dependencies

2cb6fa7 #415 [email protected] (#415)

47b928c #412 replace node builtin rmSync with rimraf (#412) (@mbtools)

Chores

b6f35a2 #402 bump @npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@dependabot[bot])

1ef54ba #408 support tests on win32 (#408) (@mbtools)

555b000 #401 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@dependabot[bot], @npm-cli-bot)

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

honors ignoreScripts property within options

Bug Fixes

f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@reggi)

19.0.1 (2024-10-15)

Bug Fixes

cbf94e8 #389 prepare script respects scriptshell config (#389) (@milaninfy)

2b2948f #403 log tarball retrieval from cache (#403) (@mbtools, @wraithgar)

Dependencies

a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@bdehamer)

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

03b31ca #392 align to npm 10 node engine range (@reggi)

Dependencies

f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@dependabot[bot])

932b9ab #396 bump @npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@dependabot[bot])

a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@dependabot[bot])

c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@dependabot[bot])

6d59022 #399 bump @npmcli/git from 5.0.8 to 6.0.0 (#399)

21ea2d4 #400 bump @npmcli/run-script from 8.1.0 to 9.0.0 (#400)

eddbc01 #392 [email protected]

6c672e9 #392 [email protected]

03ba2a2 #392 [email protected]

2710286 #392 [email protected]

aa0bd4a #392 @npmcli/[email protected]

df23343 #392 @npmcli/[email protected]

Chores

e4ed5cd #392 bump hosted-git-info ^7.0.0 to ^8.0.0 (@reggi)

2871f56 #392 run template-oss-apply (@reggi)

39643f1 #382 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

7e33c82 #383 postinstall for dependabot template-oss PR (@hashtagchris)

... (truncated)

Commits

bf1f60f chore: release 21.0.0 (#413)
2cb6fa7 deps!: [email protected] (#415)
b6f35a2 chore: bump @npmcli/arborist from 7.5.4 to 8.0.0 (#402)
844dc08 fix!: update node engines to ^20.17.0 || >=22.9.0 (#414)
555b000 chore: bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#401)
47b928c deps: replace node builtin rmSync with rimraf (#412)
1ef54ba chore: support tests on win32 (#408)
d606b58 chore: release 20.0.0 (#410)
f27af63 fix!: honors ignoreScripts option to prevent prepare lifecycle script
a854c79 chore: release 19.0.1 (#406)
Additional commits viewable in compare view

Updates semver from 7.6.3 to 7.7.1

Release notes

Sourced from semver's releases.

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

af761c0 #764 inc: fully capture prerelease identifier (#764) (@wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

0864b3c #753 add "release" inc type (#753) (@mbtools)

Bug Fixes

d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@eminberkayd, berkay.daglar)

8a34bde #754 add identifier validation to inc() (#754) (@mbtools)

Documentation

67e5478 #756 readme: added missing period for consistency (#756) (@shaymolcho)

868d4bb #749 clarify comment about obsolete prefixes (#749) (@mbtools, @ljharb)

Chores

145c554 #741 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

753e02b #747 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@dependabot[bot], @npm-cli-bot)

0b812d5 #744 postinstall for dependabot template-oss PR (@hashtagchris)

Changelog

Sourced from semver's changelog.

7.7.1 (2025-02-03)

Bug Fixes

af761c0 #764 inc: fully capture prerelease identifier (#764) (@wraithgar)

7.7.0 (2025-01-29)

Features

0864b3c #753 add "release" inc type (#753) (@mbtools)

Bug Fixes

d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@eminberkayd, berkay.daglar)

8a34bde #754 add identifier validation to inc() (#754) (@mbtools)

Documentation

67e5478 #756 readme: added missing period for consistency (#756) (@shaymolcho)

868d4bb #749 clarify comment about obsolete prefixes (#749) (@mbtools, @ljharb)

Chores

145c554 #741 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

753e02b #747 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@dependabot[bot], @npm-cli-bot)

0b812d5 #744 postinstall for dependabot template-oss PR (@hashtagchris)

Commits

30c438b chore: release 7.7.1 (#765)
af761c0 fix(inc): fully capture prerelease identifier (#764)
2cfcbb5 chore: release 7.7.0 (#750)
d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
753e02b chore: bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747)
8a34bde fix: add identifier validation to inc() (#754)
0864b3c feat: add "release" inc type (#753)
67e5478 docs(readme): added missing period for consistency (#756)
868d4bb docs: clarify comment about obsolete prefixes (#749)
145c554 chore: bump @npmcli/eslint-config from 4.0.5 to 5.0.0
Additional commits viewable in compare view

Updates @types/semver from 7.5.8 to 7.7.0

Commits

See full diff in compare view

Updates @npmcli/arborist from 7.5.4 to 9.0.1

Release notes

Sourced from @npmcli/arborist's releases.

arborist: v9.0.1

9.0.1 (2025-03-05)

Bug Fixes

b9225e5 #8089 resolve override conflicts and apply correct versions (#8089) (@owlstronaut)

d586f3b #8117 remove duplicate var (#8117) (@TrevorBurnham)

811ca29 #8115 stop working around bug fixed in [email protected] (@TrevorBurnham)

libnpmpack: v9.0.1

Dependencies

workspace: @npmcli/[email protected]

config: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

@npmcli/config now supports node ^18.17.0 || >=20.5.0

Bug Fixes

f846ad3 #7803 align @npmcli/config to npm 10 node engine range (@reggi)

Dependencies

f6909a0 #7803 update [email protected]

105fa2b #7803 update [email protected]

f54b155 #7803 update [email protected]

2076368 #7803 update @npmcli/[email protected]

feac87c #7803 update @npmcli/[email protected]

Chores

2072705 #7803 update @npmcli/[email protected] (@reggi)

8035725 #7756 @npmcli/[email protected] (@wraithgar)

libnpmaccess: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

libnpmaccess now supports node ^18.17.0 || >=20.5.0

Bug Fixes

73068d6 #7803 align libnpmaccess to npm 10 node engine range (@reggi)

Dependencies

d13a20b #7803 update [email protected]

50a7bc8 #7803 update [email protected]

Chores

2072705 #7803 update @npmcli/[email protected] (@reggi)

8035725 #7756 @npmcli/[email protected] (@wraithgar)

libnpmexec: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

libnpmexec now supports node ^18.17.0 || >=20.5.0

Bug Fixes

a2c8016 #7803 align libnpmexec to npm 10 node engine range (@reggi)

Dependencies

99ccae3 #7803 update [email protected]

9cd6603 #7803 update [email protected]

... (truncated)

Changelog

Sourced from @npmcli/arborist's changelog.

9.0.1 (2025-03-05)

Bug Fixes

b9225e5 #8089 resolve override conflicts and apply correct versions (#8089) (@owlstronaut)

d586f3b #8117 remove duplicate var (#8117) (@TrevorBurnham)

811ca29 #8115 stop working around bug fixed in [email protected] (@TrevorBurnham)

9.0.0 (2024-12-16)

Features

a7bfc6d #7972 trigger release process (#7972) (@wraithgar)

Chores

a07f4e0 #7976 @npmcli/[email protected] (@wraithgar)

9.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.

bun.lockb files are now included in the strict ignore list during packing

Features

f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@reggi, @ljharb)

Dependencies

c0bcc2a #7955 [email protected]

4bf1901 #7945 @npmcli/[email protected]

ca84b22 #7945 [email protected]

9.0.0-pre.0 (2024-11-26)

⚠️ BREAKING CHANGES

--ignore-scripts now applies to all lifecycle scripts, include prepare

npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.

@npmcli/arborist now supports node ^20.17.0 || >=22.9.0

Features

6995303 #7850 adds --ignore-scripts flag to pack (@reggi)

Bug Fixes

080a0f2 #7911 remove old audit fallback request (@wraithgar)

3ffc08b #7831 for @npmcli/arborist sets node engine range to ^20.17.0 || >=22.9.0 (@reggi)

Dependencies

7dbef6f #7850 [email protected]

75a3f12 #7859 remove unused deps (#7859)

Chores

6edfe2f #7937 @npmcli/[email protected] (@wraithgar)

8.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

@npmcli/arborist now supports node ^18.17.0 || >=20.5.0

Features

4d57928 #7766 devEngines (#7766) (@reggi)

Bug Fixes

365580a #7803 align @npmcli/arborist to npm 10 node engine range (@reggi)

Dependencies

5795987 #7803 update [email protected]

99ccae3 #7803 update [email protected]

75786ad #7803 update @npmcli/[email protected]

... (truncated)

Commits

ca93f3e chore: release 9.0.1
de6618e deps: @npmcli/promise-spawn@5.0.0 (#5757)
3dd8d68 feat: sort and quote yarn lock keys according to yarn rules (#5751)
bc5ec05 chore: release 9.0.0
2929899 chore: release 9.0.0-pre.6
88137a3 deps: [email protected]
e2e7622 chore: update arborist snapshot from hosted-git-info changes
5aa0c2d chore: @npmcli/template-oss@4.6.2
2008ea6 deps: [email protected], [email protected]
1afe5ba fix: account for new npm-package-arg behavior
Additional commits viewable in compare view

Updates itertools from 2.3.2 to 2.4.1

Release notes

Sourced from itertools's releases.

v2.4.1

Use bundler module resolution setting (recommended setting for libraries that use a bundler)

Upgrade dev dependencies

v2.4.0
Add second param index to all predicates. This will make operations like partitioning a list based on the element position as easy as partitioning based on the element value, for example:
const items = [1, 2, 3, 4, 5, 6, 7, 8, 9];
const [thirds, rest] = partition(items, (item, index) => index % 3 === 0);
console.log(thirds); // [1, 4, 7]
console.log(rest); // [2, 3, 5, 6, 8, 9]
Officially drop Node 16 support (it may still work)

Changelog

Sourced from itertools's changelog.

[2.4.1] - 2025-02-25

Use bundler module resolution setting (recommended setting for libraries that use a bundler)

Upgrade dev dependencies

[2.4.0] - 2025-02-19
Add second param index to all predicates. This will make operations like partitioning a list based on the element position as easy as partitioning based on the element value, for example:
const items = [1, 2, 3, 4, 5, 6, 7, 8, 9];
const [thirds, rest] = partition(items, (item, index) => index % 3 === 0);
console.log(thirds); // [1, 4, 7]
console.log(rest); // [2, 3, 5, 6, 8, 9]
Officially drop Node 16 support (it may still work)

Commits

c4229e3 Release 2.4.1
f1dec5c Upgrade dependencies
444a7a3 More tsconfig tweaks
8f83cab Use bundler module resolution
a280c0d Update publint
cb1c0f9 Use recommended TS settings for libraries (#1136)
9b596d0 Release 2.4.0
1afd944 Upgrade more dependencies
1f6756c Upgrade attw and publint
6fcb3e4 Upgrade Vitest to v3 (#1135)
Additional commits viewable in compare view

Updates npm-pick-manifest from 9.1.0 to 10.0.0

Release notes

Sourced from npm-pick-manifest's releases.

v10.0.0

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

dd83a53 #145 align to npm 10 node engine range (@reggi)

Dependencies

6b4df8d #145 [email protected]

c2ae5b7 #145 [email protected]

e948cef #145 [email protected]

Chores

2e1fdb4 #145 run template-oss-apply (@reggi)

7891f6b #140 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

ae2ffc5 #138 postinstall for dependabot template-oss PR (@hashtagchris)

7744312 #138 bump @npmcli/template-oss from 4.22.0 to 4.23.3 (@dependabot[bot])

Changelog

Sourced from npm-pick-manifest's changelog.

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

dd83a53 #145 align to npm 10 node engine range (@reggi)

Dependencies

Description%20has%20been%20truncated
%0A" rel="nofollow" target="_blank" >

Mar 31 '25 09:03 dependabot[bot]