chore(deps): (deps): bump the production group across 1 directory with 14 updates by dependabot[bot] · Pull Request #944 · tidev/titanium-cli

dependabot · 2026-05-13T03:01:40Z

Bumps the production group with 13 updates in the / directory:

Package	From	To
fs-extra	`11.3.4`	`11.3.5`
semver	`7.7.4`	`7.8.0`
undici	`8.0.2`	`8.2.0`
which	`6.0.1`	`7.0.0`
@babel/compat-data	`7.29.0`	`7.29.3`
@babel/parser	`7.29.2`	`7.29.3`
@istanbuljs/schema	`0.1.3`	`0.1.6`
baseline-browser-mapping	`2.10.20`	`2.10.29`
brace-expansion	`5.0.5`	`5.0.6`
caniuse-lite	`1.0.30001788`	`1.0.30001792`
electron-to-chromium	`1.5.343`	`1.5.354`
get-east-asian-width	`1.5.0`	`1.6.0`
node-releases	`2.0.37`	`2.0.44`

Updates fs-extra from 11.3.4 to 11.3.5

Changelog

Sourced from fs-extra's changelog.

11.3.5 / 2026-05-06

Fix ensureLink*/ensureSymlink* identical file detection on Windows (#1068)

Fix error handling in timestamp preservation code (#1065, #1069)

Fix potential file descriptor leak on error in synchronous timestamp preservation code (#1066)

Commits

8a88f58 11.3.5
81a1311 Mirror all utimesMillis() tests for utimesMillisSync() (#1070)
b7ab7f8 Properly handle close errors in utimesMillis*() (#1069)
1c248ed Fix file descriptor leak in utimesMillisSync (#1066)
a4000d6 Ensure all usages of areIdentical receive bigint stats (#1068)
1e9c57d Fix error handling in utimesMillis (#1065)
See full diff in compare view

Updates semver from 7.7.4 to 7.8.0

Release notes

Sourced from semver's releases.

v7.8.0

7.8.0 (2026-05-08)

Features

0d0a0a2 #855 Add truncate function (#855) (@pjohnmeyer, @owlstronaut)

Bug Fixes

3905343 #859 Warn when defaulting to --inc=patch in CLI (@pjohnmeyer)

Documentation

c368af6 #853 fix typos in documentation (#853) (@ankitkumar572005)

37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@abhu85, @claude)

Chores

9542e09 #860 template-oss-apply (@owlstronaut)

937bc2c #860 template-oss-apply@5.0.0 (@owlstronaut)

6946fef #852 bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@dependabot[bot], @npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.8.0 (2026-05-08)

Features

0d0a0a2 #855 Add truncate function (#855) (@pjohnmeyer, @owlstronaut)

Bug Fixes

3905343 #859 Warn when defaulting to --inc=patch in CLI (@pjohnmeyer)

Documentation

c368af6 #853 fix typos in documentation (#853) (@ankitkumar572005)

37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@abhu85, @claude)

Chores

9542e09 #860 template-oss-apply (@owlstronaut)

937bc2c #860 template-oss-apply@5.0.0 (@owlstronaut)

6946fef #852 bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@dependabot[bot], @npm-cli-bot)

Commits

efa4be6 chore: release 7.8.0 (#847)
9542e09 chore: template-oss-apply
937bc2c chore: template-oss-apply@5.0.0
3905343 fix: Warn when defaulting to --inc=patch in CLI
0d0a0a2 feat: Add truncate function (#855)
c368af6 docs: fix typos in documentation (#853)
6946fef chore: bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852)
37776c3 docs: fix BNF grammar to distinguish prerelease from build identifiers (#846)
See full diff in compare view

Updates undici from 8.0.2 to 8.2.0

Release notes

Sourced from undici's releases.

v8.2.0

What's Changed

chore: use native addAbortListener by @trivikr in nodejs/undici#5021

fix: fix the logic for the UNDICI_NO_WASM_SIMD environment variable by @ShenHongFei in nodejs/undici#5026

fix(http2): send body for non-expectsPayload methods with content by @mcollina in nodejs/undici#5030

fix(fetch): correct 'navigator' typo to 'navigate' in fetchFinale by @deepview-autofix in nodejs/undici#5044

fix(webidl): correct signed integer bounds in ConvertToInt by @deepview-autofix in nodejs/undici#5038

fix(fetch): use || for CRLF check in multipart formdata-parser by @deepview-autofix in nodejs/undici#5049

fix(websocket): correct argument order in WebSocketStream UTF-8 failure by @deepview-autofix in nodejs/undici#5050

fix(pool): propagate useH2c to connector when connections > 1 by @SAY-5 in nodejs/undici#5031

fix(cache): return immutable staleAt in milliseconds by @deepview-autofix in nodejs/undici#5048

fix(socks5-proxy-agent): use per-origin pools to prevent cross-origin routing by @deepview-autofix in nodejs/undici#5041

fix(cache): evict oldest entries first in SqliteCacheStore prune by @deepview-autofix in nodejs/undici#5039

fix(socks5): correctly expand IPv6 '::' compressed notation by @deepview-autofix in nodejs/undici#5046

Remove unused func and unnecessary shim by @tsctx in nodejs/undici#5053

fix: reject malformed content-length request headers by @trivikr in nodejs/undici#5060

fix(request): reject NaN highWaterMark during option validation by @trivikr in nodejs/undici#5062

docs: fix broken links in docsify sidebar by @maruthang in nodejs/undici#5065

fix(fetch): prefer filename* over filename in multipart form-data by @maruthang in nodejs/undici#5068

fix(http2): reject websocket upgrades on non-200 responses by @trivikr in nodejs/undici#5072

feat: support username-only proxy authentication in ProxyAgent by @rossilor95 in nodejs/undici#4935

build(deps): bump uWebSockets.js from v20.58.0 to v20.64.0 in /benchmarks by @dependabot[bot] in nodejs/undici#5083

fix(client-h2): stop double-decrementing kOpenStreams on stream timeout by @SAY-5 in nodejs/undici#5076

fix(http2): reject upgrade streams closed before response headers by @trivikr in nodejs/undici#5069

fix(http2): allow GET and HEAD request bodies over h2 by @trivikr in nodejs/undici#5058

fix(cache): include query in cache key when opts.path is undefined by @maruthang in nodejs/undici#5081

fix: avoid premature cleanup of dispatcher in Agent by @bienzaaron in nodejs/undici#5034

fix(http2): record ping failures on the socket by @trivikr in nodejs/undici#5075

add undici security policy by @mcollina in nodejs/undici#5056

fix(mock): make filterCalls AND operator actually intersect results by @deepview-autofix in nodejs/undici#5045

fix(socks5): enforce authenticated state before CONNECT by @trivikr in nodejs/undici#5097

fix(cache): skip expired sqlite vary entries during lookup by @trivikr in nodejs/undici#5095

fix: enforce maxCachedSessions in TLS session cache by @trivikr in nodejs/undici#5102

fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly by @trivikr in nodejs/undici#5099

fix: handle invalid HTTP/2 connection headers (#4356) by @mcollina in nodejs/undici#5101

fix(interceptor): add throwOnMaxRedirect to types and interceptor opts by @maruthang in nodejs/undici#5066

fix(websocket): avoid double-closing canceled stream readers by @colinaaa in nodejs/undici#5105

fix(cache): persist vary when updating sqlite cache entries by @trivikr in nodejs/undici#5109

refactor(h1): track HEAD keep-alive override as boolean by @trivikr in nodejs/undici#5110

client: cache llhttp wasm buffer view by @trivikr in nodejs/undici#5115

deps: update llhttp to 9.3.1 by @mcollina in nodejs/undici#5113

fix(http2): preserve accepted streams after GOAWAY by @trivikr in nodejs/undici#5090

fix: reuse parser WeakRef for timeout callbacks by @trivikr in nodejs/undici#5125

fix: stop buffering data after SOCKS5 connect by @trivikr in nodejs/undici#5118

perf(http2): avoid response header reserialization by @trivikr in nodejs/undici#5085

fix(cache): enforce sqlite maxCount after insert by @trivikr in nodejs/undici#5112

perf: reduce EventSourceStream parser allocations by @trivikr in nodejs/undici#5032

types(dispatcher): use OutgoingHttpHeaders for request headers by @maruthang in nodejs/undici#5067

cleanup: delete redundant .gitkeep file by @shivarm in nodejs/undici#5133

fix(http2): respect peer max concurrent streams by @trivikr in nodejs/undici#5135

... (truncated)

Commits

bf684f7 Bumped v8.2.0 (#5152)
0ca054a fix: replace stale pool clients under connection limit (#5145)
7af90e9 perf: avoid redundant scans in BalancedPool dispatcher selection (#5146)
abb9d06 fix: validate H2CClient maxConcurrentStreams option (#5143)
72a7591 perf(http2): avoid cloning headers when removing status (#5127)
96fd5e9 fix(cache): allow streamed entries at maxEntrySize limit (#5129)
f41e53f perf: use byteLength property for binary body chunks (#5126)
bec4961 chore(deps): add lockfile (#5139)
86f1242 perf(http2): reduce writeH2 per-request callback allocations (#5138)
cad3f70 perf(client): parse h1 content-length statelessly (#5124)
Additional commits viewable in compare view

Updates which from 6.0.1 to 7.0.0

Release notes

Sourced from which's releases.

v7.0.0

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

which now supports node ^22.22.2 || ^24.15.0 || >=26.0.0

template-oss-apply

Features

471d90b #176 bump to new node engine range (@owlstronaut)

8aac36f #176 template-oss-apply (@owlstronaut)

Chores

9bdf003 #176 template-oss-apply (@owlstronaut)

Changelog

Sourced from which's changelog.

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

which now supports node ^22.22.2 || ^24.15.0 || >=26.0.0

template-oss-apply

Features

471d90b #176 bump to new node engine range (@owlstronaut)

8aac36f #176 template-oss-apply (@owlstronaut)

Chores

9bdf003 #176 template-oss-apply (@owlstronaut)

Commits

297db11 chore: release 7.0.0 (#177)
9bdf003 chore: template-oss-apply
471d90b feat!: bump to new node engine range
8aac36f feat!: template-oss-apply
4824908 deps & engine update
See full diff in compare view

Updates @babel/compat-data from 7.29.0 to 7.29.3

Release notes

Sourced from @babel/compat-data's releases.

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

#17818 Load async Wasm and JSON imports in parallel (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.29.2 (2026-03-16)

👓 Spec Compliance

babel-parser

#17840 [7.x backport] async x => {} must be in leading pos (@JLHwung)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3

#17805 [7.x backport] fix: Properly handle await in finally (@liuxingbaoyu)

babel-preset-env

#17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@JLHwung)

🏠 Internal

#17813 chore: update eslint peer deps (@JLHwung)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

... (truncated)

Commits

183db7b v7.29.3
268f246 Add bugfix plugin for Safari array rest destructuring bug (#17788)
f8524d8 Update compat data (#17686)
See full diff in compare view

Updates @babel/parser from 7.29.2 to 7.29.3

Release notes

Sourced from @babel/parser's releases.

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

#17818 Load async Wasm and JSON imports in parallel (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

Commits

183db7b v7.29.3
9bc522a Support flow extends bound (#17923)
69277a0 Improve trailing comma comment handling (#17782)
See full diff in compare view

Updates @istanbuljs/schema from 0.1.3 to 0.1.6

Release notes

Sourced from @istanbuljs/schema's releases.

v0.1.6

0.1.6 (2026-04-13)

Bug Fixes

Undo change to schema in 0.1.x series (440f977)

v0.1.5

0.1.5 (2026-04-13)

Bug Fixes

Re-add release-please (7c25461)

Changelog

Sourced from @istanbuljs/schema's changelog.

0.1.6 (2026-04-13)

Bug Fixes

Undo change to schema in 0.1.x series (440f977)

0.1.5 (2026-04-13)

Bug Fixes

Re-add release-please (7c25461)

0.1.4 (2026-04-13)

Bug Fixes

Remove development dependencies (a24b4c1)

Commits

f870afe chore(master): release 0.1.6
440f977 fix: Undo change to schema in 0.1.x series
d258e9e chore(master): release 0.1.5
7c25461 fix: Re-add release-please
75b89fd chore: Remove release-please
467c01f chore(master): release 0.1.4
a24b4c1 fix: Remove development dependencies
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @istanbuljs/schema since your current version.

Updates baseline-browser-mapping from 2.10.20 to 2.10.29

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

Remove process.loadEnfFile() from main script by @tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

0d664fc Patch to 2.10.29 because browser or feature data changed
2aeb209 Browser or feature data changed
2f77cb8 Updating static site
1ab697e Patch to 2.10.28 because browser or feature data changed
477cb1c Browser or feature data changed
fc469fd Updating static site
26e8653 Patch to 2.10.27 because browser or feature data changed
301ef19 Browser or feature data changed
60baaeb Updating static site
c63db83 Patch to 2.10.26 because browser or feature data changed
Additional commits viewable in compare view

Updates brace-expansion from 5.0.5 to 5.0.6

Commits

46317b5 5.0.6
c0b095b Merge commit from fork
ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
See full diff in compare view

Updates caniuse-lite from 1.0.30001788 to 1.0.30001792

Commits

53c6e7b Update caniuse-db 1.0.30001792
abf9bca Update caniuse-db 1.0.30001791
a387dba Update caniuse-db 1.0.30001790
7f81a3c Update lock file
ac1ee53 Move from ESLint & Prettier to oxlint & oxfmt
29a690f Update CI actions
cabad5e Update dependencies
16f140f Update email
See full diff in compare view

Updates electron-to-chromium from 1.5.343 to 1.5.354

Commits

eaaa33e 1.5.354
abb9317 generate new version
d2bd4d8 1.5.353
3c6685c generate new version
d542de9 1.5.352
7b711f1 generate new version
f3e7665 1.5.351
4938def generate new version
d292d13 1.5.350
800f78b generate new version
Additional commits viewable in compare view

Updates get-east-asian-width from 1.5.0 to 1.6.0

Release notes

Sourced from get-east-asian-width's releases.

v1.6.0

Improve tree-shaking (#15) 0c9afbc

sindresorhus/get-east-asian-width@v1.5.0...v1.6.0

Commits

75cd90f 1.6.0
0c9afbc Improve tree-shaking (#15)
See full diff in compare view

Updates jsonfile from 6.2.0 to 6.2.1

Changelog

Sourced from jsonfile's changelog.

6.2.1 / 2026-04-20

Throw descriptive TypeError when obj is not JSON-serializable (#168)

Commits

97478af 6.2.1
f58238a Throw descriptive TypeError when obj is not JSON-serializable (#168)
See full diff in compare view

Updates node-releases from 2.0.37 to 2.0.44

Commits

1ae4960 2.0.44
37fef30 ci: bump runner Node to 24 (npm 11 needed for trusted publishing OIDC)
e0fcac6 2.0.43
619e9b2 ci: switch to npm trusted publishing (drop NODE_AUTH_TOKEN)
163f80f ci: bump checkout/setup-node to v6 and add manual publish_only trigger
2b594a8 2.0.42
50f02d0 publish automation
4720541 2.0.41
95daf37 feat: Nightly Sync
22487ce 2.0.40
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for node-releases since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…h 14 updates Bumps the production group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.4` | `11.3.5` | | [semver](https://github.com/npm/node-semver) | `7.7.4` | `7.8.0` | | [undici](https://github.com/nodejs/undici) | `8.0.2` | `8.2.0` | | [which](https://github.com/npm/node-which) | `6.0.1` | `7.0.0` | | [@babel/compat-data](https://github.com/babel/babel/tree/HEAD/packages/babel-compat-data) | `7.29.0` | `7.29.3` | | [@babel/parser](https://github.com/babel/babel/tree/HEAD/packages/babel-parser) | `7.29.2` | `7.29.3` | | [@istanbuljs/schema](https://github.com/istanbuljs/schema) | `0.1.3` | `0.1.6` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.20` | `2.10.29` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `5.0.5` | `5.0.6` | | [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001788` | `1.0.30001792` | | [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.343` | `1.5.354` | | [get-east-asian-width](https://github.com/sindresorhus/get-east-asian-width) | `1.5.0` | `1.6.0` | | [node-releases](https://github.com/chicoxyzzy/node-releases) | `2.0.37` | `2.0.44` | Updates `fs-extra` from 11.3.4 to 11.3.5 - [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-fs-extra@11.3.4...11.3.5) Updates `semver` from 7.7.4 to 7.8.0 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.7.4...v7.8.0) Updates `undici` from 8.0.2 to 8.2.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v8.0.2...v8.2.0) Updates `which` from 6.0.1 to 7.0.0 - [Release notes](https://github.com/npm/node-which/releases) - [Changelog](https://github.com/npm/node-which/blob/main/CHANGELOG.md) - [Commits](npm/node-which@v6.0.1...v7.0.0) Updates `@babel/compat-data` from 7.29.0 to 7.29.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-compat-data) Updates `@babel/parser` from 7.29.2 to 7.29.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-parser) Updates `@istanbuljs/schema` from 0.1.3 to 0.1.6 - [Release notes](https://github.com/istanbuljs/schema/releases) - [Changelog](https://github.com/istanbuljs/schema/blob/master/CHANGELOG.md) - [Commits](istanbuljs/schema@v0.1.3...v0.1.6) Updates `baseline-browser-mapping` from 2.10.20 to 2.10.29 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.10.20...v2.10.29) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `caniuse-lite` from 1.0.30001788 to 1.0.30001792 - [Commits](browserslist/caniuse-lite@1.0.30001788...1.0.30001792) Updates `electron-to-chromium` from 1.5.343 to 1.5.354 - [Changelog](https://github.com/Kilian/electron-to-chromium/blob/main/CHANGELOG.md) - [Commits](Kilian/electron-to-chromium@v1.5.343...v1.5.354) Updates `get-east-asian-width` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/sindresorhus/get-east-asian-width/releases) - [Commits](sindresorhus/get-east-asian-width@v1.5.0...v1.6.0) Updates `jsonfile` from 6.2.0 to 6.2.1 - [Changelog](https://github.com/jprichardson/node-jsonfile/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-jsonfile@6.2.0...6.2.1) Updates `node-releases` from 2.0.37 to 2.0.44 - [Commits](chicoxyzzy/node-releases@v2.0.37...v2.0.44) --- updated-dependencies: - dependency-name: fs-extra dependency-version: 11.3.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: semver dependency-version: 7.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: undici dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: which dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production - dependency-name: "@babel/compat-data" dependency-version: 7.29.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: "@babel/parser" dependency-version: 7.29.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: "@istanbuljs/schema" dependency-version: 0.1.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: baseline-browser-mapping dependency-version: 2.10.29 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: caniuse-lite dependency-version: 1.0.30001792 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: electron-to-chromium dependency-version: 1.5.354 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: get-east-asian-width dependency-version: 1.6.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: jsonfile dependency-version: 6.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: node-releases dependency-version: 2.0.44 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-05-13T03:02:08Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	undici@8.2.0
	which@6.0.1 ⏵ 7.0.0
	semver@7.8.0
	fs-extra@11.3.5

View full report

dependabot Bot added the dependencies Pull requests that update a dependency file label May 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): (deps): bump the production group across 1 directory with 14 updates#944

chore(deps): (deps): bump the production group across 1 directory with 14 updates#944
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-c5fb81446d

dependabot Bot commented on behalf of github May 13, 2026

Uh oh!

socket-security Bot commented May 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 13, 2026

11.3.5 / 2026-05-06

v7.8.0

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

v8.2.0

What's Changed

v7.0.0

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

Features

Chores

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

Features

Chores

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏃‍♀️ Performance

Committers: 4

v7.29.2 (2026-03-16)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

Committers: 2

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏃‍♀️ Performance

Committers: 4

v0.1.6

0.1.6 (2026-04-13)

Bug Fixes

v0.1.5

0.1.5 (2026-04-13)

Bug Fixes

0.1.6 (2026-04-13)

Bug Fixes

0.1.5 (2026-04-13)

Bug Fixes

0.1.4 (2026-04-13)

Bug Fixes

v2.9.3 - remove process.loadEnvFile()

What's Changed

v1.6.0

Uh oh!

socket-security Bot commented May 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

v2.9.3 - remove `process.loadEnvFile()`