Skip to content

Bump the npm_and_yarn group across 1 directory with 16 updates#3

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-f76b7c77f5
Open

Bump the npm_and_yarn group across 1 directory with 16 updates#3
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-f76b7c77f5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package From To
debug 2.6.3 2.6.9
diff 3.2.0 3.5.1
extend 3.0.0 3.0.2
handlebars 4.0.6 4.7.9
hosted-git-info 2.4.1 2.8.9
lodash 4.17.4 4.18.1
minimatch 3.0.3 3.1.5
nwmatcher 1.3.9 1.4.4
path-parse 1.0.5 1.0.7
sshpk 1.11.0 1.18.0
stringstream 0.0.5 0.0.6
tmpl 1.0.4 1.0.5
ua-parser-js 0.7.12 0.7.41
y18n 3.2.1 3.2.2
yargs-parser 5.0.0 5.0.1

Updates debug from 2.6.3 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

  • Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

  • remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

2.6.7 / 2017-05-16

2.6.5 / 2017-04-27

2.6.4 / 2017-04-20

Commits

Updates diff from 3.2.0 to 3.5.1

Changelog

Sourced from diff's changelog.

v3.5.1 - January 2026

Only change from 3.5.0 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v3.5.0 - March 4th, 2018

  • Omit redundant slice in join method of diffArrays - 1023590
  • Support patches with empty lines - fb0f208
  • Accept a custom JSON replacer function for JSON diffing - 69c7f0a
  • Optimize parch header parser - 2aec429
  • Fix typos - e89c832

Commits

v3.4.0 - October 7th, 2017

  • #183 - Feature request: ability to specify a custom equality checker for diffArrays
  • #173 - Bug: diffArrays gives wrong result on array of booleans
  • #158 - diffArrays will not compare the empty string in array?
  • comparator for custom equality checks - 30e141e
  • count oldLines and newLines when there are conflicts - 53bf384
  • Fix: diffArrays can compare falsey items - 9e24284
  • Docs: Replace grunt with npm test - 00e2f94

Commits

v3.3.1 - September 3rd, 2017

  • #141 - Cannot apply patch because my file delimiter is "/r/n" instead of "/n"
  • #192 - Fix: Bad merge when adding new files (#189)
  • correct spelling mistake - 21fa478

Commits

v3.3.0 - July 5th, 2017

  • #114 - /patch/merge not exported
  • Gracefully accept invalid newStart in hunks, same as patch(1) does. - d8a3635
  • Use regex rather than starts/ends with for parsePatch - 6cab62c
  • Add browser flag - e64f674
  • refactor: simplified code a bit more - 8f8e0f2
  • refactor: simplified code a bit - b094a6f
  • fix: some corrections re ignoreCase option - 3c78fd0
  • ignoreCase option - 3cbfbb5
  • Sanitize filename while parsing patches - 2fe8129
  • Added better installation methods - aced50b
  • Simple export of functionality - 8690f31

Commits

Commits
Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.


Updates extend from 3.0.0 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

  • [Fix] Prevent merging __proto__ property (#48)
  • [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

3.0.1 / 2017-04-27

  • [Fix] deep extending should work with a non-object (#46)
  • [Dev Deps] update tape, eslint, @ljharb/eslint-config
  • [Tests] up to node v7.9, v6.10, v4.8; improve matrix
  • [Docs] Switch from vb.teelaun.ch to versionbadg.es for the npm version badge SVG.
  • [Docs] Add example to readme (#34)
Commits
  • 8d106d2 v3.0.2
  • e97091f [Dev Deps] update tape
  • e841aac [Tests] up to node v10.7
  • 0e68e71 [Fix] Prevent merging proto property
  • a689700 Only apps should have lockfiles
  • f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
  • 138b515 v3.0.1
  • 7e19a6f [Tests] up to node v7.9, v6.10, v4.8; improve matrix
  • 0191e27 [Dev Deps] update tape, eslint, @ljharb/eslint-config
  • Additional commits viewable in compare view

Updates handlebars from 4.0.6 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

Commits

v4.7.8

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

  • fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
  • fix type "RuntimeOptions" also accepting string partials - eab1d14
  • feat(types): set hash to be a Record<string, any> - de4414d
  • fix non-contiguous program indices - 4512766
  • refactor: rename i to startPartIndex - e497a35
  • security: fix security issues - 68d8df5

Commits

v4.7.8 - July 27th, 2023

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#1736) - b6d3de7
  • fix: escape property names in compat mode (#1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

... (truncated)

Commits
  • dce542c v4.7.9
  • 8a41389 Update release notes
  • 68d8df5 Fix security issues
  • b2a0831 Fix browser tests
  • 9f98c16 Fix release script
  • 45443b4 Revert "Improve partial indenting performance"
  • 8841a5f Fix CI errors with linting
  • e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
  • e914d60 Improve rendering performance
  • 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.


Updates hosted-git-info from 2.4.1 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

2.8.8 (2020-02-29)

Bug Fixes

  • #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

  • Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
  • Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

  • updated pathmatch for gitlab (e8325b5), closes #51
  • updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits
  • 8d4b369 chore(release): 2.8.9
  • 29adfe5 fix: backport regex fix from #76
  • afeaefd chore(release): 2.8.8
  • 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
  • 7440afa chore(release): 2.8.7
  • 2d0bb66 fix: Do not attempt to use url.URL when unavailable
  • f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
  • e1b83df chore(release): 2.8.6
  • ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
  • 624fd6f chore(release): 2.8.5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


Updates lodash from 4.17.4 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

  • Add security notice for _.template in threat model and API docs (#6099)
  • Document lower > upper behavior in _.random (#6115)
  • Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

Commits
  • cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
  • 75535f5 chore: prune stale advisory refs (#6170)
  • 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
  • 59be2de release(minor): bump to 4.18.0 (#6161)
  • af63457 fix: broken tests for _.template 879aaa9
  • 1073a76 fix: linting issues
  • 879aaa9 fix: validate imports keys in _.template
  • fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
  • 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
  • b819080 ci: add dist sync validation workflow (#6137)
  • Additional commits viewable in compare view

Updates minimatch from 3.0.3 to 3.1.5

Commits

Updates ms from 0.7.2 to 2.0.0

Release notes

Sourced from ms's releases.

2.0.0

Major Changes

  • Limit str to 100 to avoid ReDoS of 0.3s: #89

Patches

  • Ignored logs coming from npm: b1eaab752203e978492a4d540a7ae1d26e6306b1
  • Bumped dependencies to the latest version: bcf57157678fd5afc691383145a35e116f9704d0
  • Invalidated cache for slack badge: 94b995c1d6d5d13ec976a0c6849a3cca9b277e6b

Credits

Huge thanks to @​karenyavine for their help!

1.0.0

Major Changes

  • Removed component specification: 1fbbe974cdcad96e592dcb65a7b2a8649f690420

Patches

  • Test on LTS version of Node: c9b1fd319f0f9198d85ecf4ba83e46cc1216be04
  • Removed XO: 94068ea6d518387670df277f740b1abada80ed48
  • Use prettier and eslint: 57b3ef8e3423cae6254f94c5564a11b4492cff43
  • Badge for XO removed: 389840b329436117741b2ef13a172725082695b9
  • Removed browser testing: e818c3581aca3119c00d81901bfe8fe653bcfda4
  • More suitable name for file containing tests: ee91f307a8dc3581ebdad614ec0533ddb3d8bf56

0.7.3

Patches

  • Mark "options" param as optional in jsdoc: #77
  • Lowercased text files: 5f0653ab192a30301aed8668b4588a87975b41ab
  • Pinned dependencies: 126d7f094a1836b991c8d0abfeb4d0ce09ac280f
  • Chore(package): update serve to version 5.0.1: #81

Credits

Huge thanks to @​Jokero for their help!

Commits
  • 9b88d15 2.0.0
  • 94b995c Invalidated cache for slack badge
  • bcf5715 Bumped dependencies to the latest version
  • b1eaab7 Ignored logs coming from npm
  • caae298 Limit str to 100 to avoid ReDoS of 0.3s (#89)
  • b83b36d chore(package): update eslint to version 3.19.0 (#88)
  • 3f2a4d7 chore(package): update husky to version 0.13.3 (#86)
  • 7daf984 1.0.0
  • ee91f30 More suitable name for file containing tests
  • e818c35 Removed browser testing
  • Additional commits viewable in compare view

Updates nwmatcher from 1.3.9 to 1.4.4

Release notes

Sourced from nwmatcher's releases.

A fast CSS selector engine and matcher

This release has correction/fixes for the following behaviours:

  • fixed DOM walking to avoid using unsupported DOM methods on non 'Elements' nodes
  • improved DOM walking performances in JS only versions using the native traversal API

A fast CSS selector engine and matcher

This release has correction/fixes for the following behaviours:

  • always use case sensitive match for class attributes selectors to mimic browsers behaviour
  • removed attribute mapping (XHTML_TABLE) used for case sensitive match in XML documents
  • always use case sensitive match for class attributes selectors in XML documents

specifications amended due to bug submitted by @​zirro whatwg/html@97ca4ed

A fast CSS selector engine and matcher

This release has correction/fixes for the following behaviours:

  • several performance improvements and code clean up
  • accepts and correctly resolves single character attribute names
  • allow syntax parsing of :after, :before and other pseudo-elements
  • added a shunt flag to also mute logging of errors/warnings to the console
  • added support for escaped numbers & characters in CSS identifiers (v1.3.9)
  • fix :not() negation pseudo-class containing nested pseudo-classes (v1.3.8)
  • fix long invalid selectors can cause match() to hang forever (v1.3.7)
  • fix incorrect regular expression pattern for combinators issue (v1.3.7)
Commits

Updates path-parse from 1.0.5 to 1.0.7

Commits

Updates sshpk from 1.11.0 to 1.18.0

Release notes

Sourced from sshpk's releases.

v1.18.0

What's Changed

New Contributors

Full Changelog: TritonDataCenter/node-sshpk@v1.17.0...v1.18.0

v1.17.0

What's Changed

Full Changelog: TritonDataCenter/node-sshpk@v1.16.1...v1.17.0

v1.16.1

  • Fixes for #60 (correctly encoding certificates with expiry dates >=2050), #62 (accepting PKCS#8 EC private keys with missing public key parts)

v1.16.0

  • Add support for SPKI fingerprints, PuTTY PPK format (public-key only for now), PKCS#8 PBKDF2 encrypted private keys
  • Fix for #48

v1.15.2

  • New API for accessing x509 extensions in certificates
  • Fixes for #52, #50

v1.14.1

  • Remove all remaining usage of jodid25519 (abandoned dep)
  • Add support for DNSSEC key format
  • Add support for Ed25519 keys in PEM format (according to draft-curdle-pkix)
  • Fixes for X.509 encoding issues (asn.1 NULLs in RSA certs, cert string type mangling)
  • Performance issues parsing long SSH public keys

v1.13.0

  • Support SSH-format rsa-sha2-256 signatures (e.g. so the SSH agent can sign using RSA-SHA256)

v1.12.0

  • Support for generating ECDSA keys using generatePrivateKey()
  • Minimum for sshpk-agent to be able to sign new certificates using an agent key
Commits
Maintainer changes

This version was pushed to npm by bahamat, a new releaser for sshpk since your current version.


Updates stringstream from 0.0.5 to 0.0.6

Commits

Updates tmpl from 1.0.4 to 1.0.5

Commits

Updates ua-parser-js from 0.7.12 to 0.7.41

Release notes

Sourced from ua-parser-js's releases.

v0.7.41

Version 0.7.41 / 1.0.41

  • Add new browser: Daum, Ladybird
  • Add new device vendor: HMD
  • Add new engine: LibWeb
  • Add new os: Windows IoT, Ubuntu Touch
  • Improve cpu detection: ARM, x86
  • Improve device vendor detection: Apple, Archos, Generic, Google, Honor, Huawei, Infinix, Nvidia, Lenovo, Nokia, OnePlus, Xiaomi
  • Improve device type detection: smarttv, wearables
  • Improve os detection: Linux, Symbian

Full Changelog: faisalman/ua-parser-js@0.7.40...0.7.41

v0.7.38

Version 0.7.38

  • Fix error on getOS() when userAgentData.platform is undefined
  • Add new browser: Opera GX, Twitter
  • Improve browser detection: DuckDuckGo
  • Improve device detection: OPPO Pad, Oculus Quest

v0.7.37

Version 0.7.37

  • Fix misidentified WebView token as device model
  • Increase UA_MAX_LENGTH to 500
  • Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
  • Add new device: Ulefone
  • Improve device detection: Realme, Xiaomi Redmi
  • Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat
Changelog

Sourced from ua-parser-js's changelog.

Version 0.7.41 / 1.0.41

  • Add new browser: Daum, Ladybird
  • Add new device vendor: HMD
  • Add new engine: LibWeb
  • Add new os: Windows IoT, Ubuntu Touch
  • Improve cpu detection: ARM, x86
  • Improve device vendor detection: Apple, Archos, Generic, Google, Honor, Huawei, Infinix, Nvidia, Lenovo, Nokia, OnePlus, Xiaomi
  • Improve device type detection: smarttv, wearables
  • Improve os detection: Linux, Symbian

Version 0.7.40 / 1.0.40

  • Add new browser: 115, LibreWolf, Slimboat, Slimjet
  • Add new device: Advan, Cat, Energizer, IMO, Micromax, Smartfren
  • Add new engine: ArkWeb, Servo
  • Add new os: OpenHarmony
  • Improve browser detection: 2345, 360, Dragon, Iron, Maxthon
  • Recognize Honor as a separate device vendor from Huawei
  • Fix Python Request mistakenly identified as Meta Quest

Version 0.7.39 / 1.0.39

  • Add new feature: executable command using npx ua-parser-js "[INSERT-UA-HERE]"
  • Add new browser: Helio, Pico Browser, Wolvic
  • Add new device vendor: itel, Nothing, TCL
  • Improve browser detection: ICEBrowser, Klar, QQBrowser, Quark, Rekonq, Sleipnir
  • Improve device detection: Xiaomi Pro, Amazon Echo Show, Samsung Galaxy Watch
  • Removed from browser: Viera

Version 0.7.38 / 1.0.38

  • Fix error on getOS() when userAgentData.platform is undefined
  • Add new browser: Opera GX, Twitter
  • Improve browser detection: DuckDuckGo
  • Improve device detection: OPPO Pad, Oculus Quest

Version 0.7.37 / 1.0.37

  • Fix misidentified WebView token as device model
  • Increase UA_MAX_LENGTH to 500
  • Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
  • Add new device: Ulefone
  • Improve device detection: Realme, Xiaomi Redmi
  • Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat

Version 0.7.36 / 1.0.36

  • Add new browser: Snapchat
  • Add new devices: Infinix, Tecno

... (truncated)

Commits
  • af825ff Bump version 0.7.41
  • 5925954 Backport - Improve detection for Nokia device & Symbian OS
  • fc668ef Backport - Improve device detection for Generic device: capture its device mo...
  • 0543fb2 Backport - Improve CPU detection: ARM
  • 98f1c00 Backport - Improve device detection for unidentified SmartTV vendors
  • d66c971 Backport - Improve detection for Nvidia devices
  • cbe6038 Backport - Add Daum app user agent (#773)
  • e665bd5 Backport - Add new OS: Ubuntu Touch
  • 20c3040 Backport - Add new device: Apple HomePod
  • 9057a1d Backport - Add new browser: Ladybird
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by faisalman, a new releaser for ua-parser-js since your current version.


Updates y18n from 3.2.1 to 3.2.2

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

  • release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

  • security: ensure entry exists for backport (#120) (b22c0df)
Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.


Updates yargs-parser from 5.0.0 to 5.0.1

Changelog

Sourced from yargs-parser's changelog.

5.0.0 (2017-02-18)

Bug Fixes

  • environment variables should take precedence over config file (#81) (76cee1f)

BREAKING CHANGES

  • environment variables will now override config files (args, env, config-file, config-object)

5.0.1 (2021-03-10)

Bug Fixes

4.2.1 (2017-01-02)

Bug Fixes

4.2.0 (2016-12-01)

Bug Fixes

  • inner objects in configs had their keys appended to top-level key when dot-notation was disabled (#72) (0b1b5f9)

Features

  • allow multiple arrays to be provided, rather than always combining (#71) (0f0fb2d)

4.1.0 (2016-11-07)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by...

Description has been truncated

Bumps the npm_and_yarn group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [debug](https://github.com/debug-js/debug) | `2.6.3` | `2.6.9` |
| [diff](https://github.com/kpdecker/jsdiff) | `3.2.0` | `3.5.1` |
| [extend](https://github.com/justmoon/node-extend) | `3.0.0` | `3.0.2` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.0.6` | `4.7.9` |
| [hosted-git-info](https://github.com/npm/hosted-git-info) | `2.4.1` | `2.8.9` |
| [lodash](https://github.com/lodash/lodash) | `4.17.4` | `4.18.1` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.3` | `3.1.5` |
| [nwmatcher](https://github.com/dperini/nwmatcher) | `1.3.9` | `1.4.4` |
| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.5` | `1.0.7` |
| [sshpk](https://github.com/joyent/node-sshpk) | `1.11.0` | `1.18.0` |
| [stringstream](https://github.com/mhart/StringStream) | `0.0.5` | `0.0.6` |
| [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` |
| [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `0.7.12` | `0.7.41` |
| [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` |
| [yargs-parser](https://github.com/yargs/yargs-parser) | `5.0.0` | `5.0.1` |



Updates `debug` from 2.6.3 to 2.6.9
- [Release notes](https://github.com/debug-js/debug/releases)
- [Changelog](https://github.com/debug-js/debug/blob/2.6.9/CHANGELOG.md)
- [Commits](debug-js/debug@2.6.3...2.6.9)

Updates `diff` from 3.2.0 to 3.5.1
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v3.2.0...v3.5.1)

Updates `extend` from 3.0.0 to 3.0.2
- [Changelog](https://github.com/justmoon/node-extend/blob/main/CHANGELOG.md)
- [Commits](justmoon/node-extend@v3.0.0...v3.0.2)

Updates `handlebars` from 4.0.6 to 4.7.9
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.0.6...v4.7.9)

Updates `hosted-git-info` from 2.4.1 to 2.8.9
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](npm/hosted-git-info@v2.4.1...v2.8.9)

Updates `lodash` from 4.17.4 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.4...4.18.1)

Updates `minimatch` from 3.0.3 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.3...v3.1.5)

Updates `ms` from 0.7.2 to 2.0.0
- [Release notes](https://github.com/vercel/ms/releases)
- [Commits](vercel/ms@0.7.2...2.0.0)

Updates `nwmatcher` from 1.3.9 to 1.4.4
- [Release notes](https://github.com/dperini/nwmatcher/releases)
- [Commits](https://github.com/dperini/nwmatcher/commits)

Updates `path-parse` from 1.0.5 to 1.0.7
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

Updates `sshpk` from 1.11.0 to 1.18.0
- [Release notes](https://github.com/joyent/node-sshpk/releases)
- [Commits](TritonDataCenter/node-sshpk@v1.11.0...v1.18.0)

Updates `stringstream` from 0.0.5 to 0.0.6
- [Commits](mhart/StringStream@v0.0.5...v0.0.6)

Updates `tmpl` from 1.0.4 to 1.0.5
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5)

Updates `ua-parser-js` from 0.7.12 to 0.7.41
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@0.7.12...0.7.41)

Updates `y18n` from 3.2.1 to 3.2.2
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Updates `yargs-parser` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/v5.0.1/CHANGELOG.md)
- [Commits](yargs/yargs-parser@v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: debug
  dependency-version: 2.6.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 3.5.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: extend
  dependency-version: 3.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hosted-git-info
  dependency-version: 2.8.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ms
  dependency-version: 2.0.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nwmatcher
  dependency-version: 1.4.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-parse
  dependency-version: 1.0.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sshpk
  dependency-version: 1.18.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: stringstream
  dependency-version: 0.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmpl
  dependency-version: 1.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ua-parser-js
  dependency-version: 0.7.41
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: y18n
  dependency-version: 3.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yargs-parser
  dependency-version: 5.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants