chore(deps): (deps): bump the production group across 1 directory with 36 updates by dependabot[bot] · Pull Request #953 · tidev/titanium-cli

dependabot · 2026-06-17T02:48:41Z

Bumps the production group with 6 updates in the / directory:

Package	From	To
commander	`14.0.3`	`15.0.0`
fs-extra	`11.3.4`	`11.3.5`
semver	`7.7.4`	`7.8.4`
undici	`8.0.2`	`8.5.0`
which	`6.0.1`	`7.0.0`
yauzl	`3.3.0`	`3.4.0`

Updates commander from 14.0.3 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

show excess command-arguments in error message (#2384)

Fixed

Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)

update example to use compatible character for MINGW64 (#2475)

Changed

Breaking: migrated Commander implementation from CommonJS to ESM (#2464)

Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).

dev: switch tests from Jest to node:test test runner (#2463)

Deleted

Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

show excess command-arguments in error message (#2384)

Fixed

Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)

update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

show excess command-arguments in error message (#2384)

Fixed

Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)

update example to use compatible character for MINGW64 (#2475)

Changed

Breaking: migrated Commander implementation from CommonJS to ESM (#2464)

Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).

dev: switch tests from Jest to node:test test runner (#2463)

Deleted

Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

Commits

ba6d13d Fix release dates in changelog (#2523)
a752ed9 Pin GitHub actions with hash (#2521)
74d5dfe Drop EOL node 20 from test matrix, and add node 26 (#2520)
6df9b68 Update details for 15.0.0 release (#2519)
01ce5d0 Remove jest esm examples (#2517)
d785d8b Update dependencies (#2518)
9098b48 Update dependencies (#2506)
373f660 Use node:util stripVTControlCharacters instead of own code (#2486)
987f289 Use simple match in test (to avoid warning about expensive regex) (#2485)
0ea3bb3 Update dependecies and lint (#2489)
Additional commits viewable in compare view

Updates fs-extra from 11.3.4 to 11.3.5

Changelog

Sourced from fs-extra's changelog.

11.3.5 / 2026-05-06

Fix ensureLink*/ensureSymlink* identical file detection on Windows (#1068)

Fix error handling in timestamp preservation code (#1065, #1069)

Fix potential file descriptor leak on error in synchronous timestamp preservation code (#1066)

Commits

8a88f58 11.3.5
81a1311 Mirror all utimesMillis() tests for utimesMillisSync() (#1070)
b7ab7f8 Properly handle close errors in utimesMillis*() (#1069)
1c248ed Fix file descriptor leak in utimesMillisSync (#1066)
a4000d6 Ensure all usages of areIdentical receive bigint stats (#1068)
1e9c57d Fix error handling in utimesMillis (#1065)
See full diff in compare view

Updates semver from 7.7.4 to 7.8.4

Release notes

Sourced from semver's releases.

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

e583226 #874 reject numeric segments after x-ranges (@pupuking723)

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

046da7f #872 align caret includePrerelease lower bounds (#872) (@wayyoungboy)

Chores

3485dda #866 bump @npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@dependabot[bot])

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

bea6028 #870 increment dotted prerelease identifiers (#870) (@liuzemei, @SheldonNeo)

v7.8.1

7.8.1 (2026-05-21)

Bug Fixes

17aa702 #869 strip build metadata before comparator trimming (#869) (@owlstronaut)

5f3ca13 #867 handle prerelease bounds in subset (#867) (@puneetdixit200, Puneet Dixit)

v7.8.0

7.8.0 (2026-05-08)

Features

0d0a0a2 #855 Add truncate function (#855) (@pjohnmeyer, @owlstronaut)

Bug Fixes

3905343 #859 Warn when defaulting to --inc=patch in CLI (@pjohnmeyer)

Documentation

c368af6 #853 fix typos in documentation (#853) (@ankitkumar572005)

37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@abhu85, @claude)

Chores

9542e09 #860 template-oss-apply (@owlstronaut)

937bc2c #860 template-oss-apply@5.0.0 (@owlstronaut)

6946fef #852 bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@dependabot[bot], @npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.8.4 (2026-06-09)

Bug Fixes

e583226 #874 reject numeric segments after x-ranges (@pupuking723)

7.8.3 (2026-06-08)

Bug Fixes

046da7f #872 align caret includePrerelease lower bounds (#872) (@wayyoungboy)

Chores

3485dda #866 bump @npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@dependabot[bot])

7.8.2 (2026-06-04)

Bug Fixes

bea6028 #870 increment dotted prerelease identifiers (#870) (@liuzemei, @SheldonNeo)

7.8.1 (2026-05-21)

Bug Fixes

17aa702 #869 strip build metadata before comparator trimming (#869) (@owlstronaut)

5f3ca13 #867 handle prerelease bounds in subset (#867) (@puneetdixit200, Puneet Dixit)

7.8.0 (2026-05-08)

Features

0d0a0a2 #855 Add truncate function (#855) (@pjohnmeyer, @owlstronaut)

Bug Fixes

3905343 #859 Warn when defaulting to --inc=patch in CLI (@pjohnmeyer)

Documentation

c368af6 #853 fix typos in documentation (#853) (@ankitkumar572005)

37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@abhu85, @claude)

Chores

9542e09 #860 template-oss-apply (@owlstronaut)

937bc2c #860 template-oss-apply@5.0.0 (@owlstronaut)

6946fef #852 bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@dependabot[bot], @npm-cli-bot)

Commits

8640bd6 chore: release 7.8.4 (#875)
e583226 fix: reject numeric segments after x-ranges
6b77aa8 chore: release 7.8.3 (#873)
3485dda chore: bump @npmcli/eslint-config from 6.0.1 to 7.0.0 (#866)
046da7f fix: align caret includePrerelease lower bounds (#872)
efafcf8 chore: release 7.8.2 (#871)
bea6028 fix: increment dotted prerelease identifiers (#870)
7641608 chore: release 7.8.1 (#868)
17aa702 fix: strip build metadata before comparator trimming (#869)
5f3ca13 fix: handle prerelease bounds in subset (#867)
Additional commits viewable in compare view

Updates undici from 8.0.2 to 8.5.0

Release notes

Sourced from undici's releases.

v8.5.0

What's Changed

test: absorb h2 stream timeout resets by @marko1olo in nodejs/undici#5383

fix: keep idle validation on native timers by @mcollina in nodejs/undici#5397

fix: keep idle validation on global timers by @mcollina in nodejs/undici#5407

fix(h2): do not rewind kPendingIdx past in-flight requests by @DucMinhNe in nodejs/undici#5408

docs: explain request header validation by @vibhor-aggr in nodejs/undici#5413

fix: allow h2 post request multiplexing by @mcollina in nodejs/undici#5391

fix: reap idle HTTP/2 sessions by @mcollina in nodejs/undici#5406

add bodymixin.textStream() by @KhafraDev in nodejs/undici#5416

fix: preserve h2 queue on out-of-order completion by @mcollina in nodejs/undici#5410

align EventSource with spec by @KhafraDev in nodejs/undici#5418

chore: removed repro-h2-pipelining-default.mjs and lint by @mcollina in nodejs/undici#5420

ci: extend Windows Node.js workflow timeout by @mcollina in nodejs/undici#5426

test: detect available python command in wpt runner by @mcollina in nodejs/undici#5427

New Contributors

@DucMinhNe made their first contribution in nodejs/undici#5408

@vibhor-aggr made their first contribution in nodejs/undici#5413

Full Changelog: nodejs/undici@v8.4.1...v8.5.0

v8.4.1

What's Changed

test: avoid localhost lookup in fetch cookies tests by @mcollina in nodejs/undici#5363

fix: prevent race condition between onEnd and onTrailers in HTTP/2 client (#5216) by @mcollina in nodejs/undici#5343

fix(dns): skip requests without origin by @marko1olo in nodejs/undici#5376

docs: add Getting Started guide by @AliMahmoudDev in nodejs/undici#5371

docs: fix code examples that crash at runtime and other inaccuracies by @AliMahmoudDev in nodejs/undici#5386

fix: handle paused parser on socket end (issue #5360) by @mcollina in nodejs/undici#5389

fix(client): reject pipelined TLS altname errors by @marko1olo in nodejs/undici#5373

docs: fix multiple inaccuracies in API documentation by @AliMahmoudDev in nodejs/undici#5384

docs: fix remaining broken links in API documentation by @AliMahmoudDev in nodejs/undici#5342

New Contributors

@marko1olo made their first contribution in nodejs/undici#5376

Full Changelog: nodejs/undici@v8.4.0...v8.4.1

v8.4.0

What's Changed

fix: register connect listener before initiating requests in close-and-destroy test by @mcollina in nodejs/undici#5272

test: stabilize tls-cert-leak regression by @mcollina in nodejs/undici#5306

fix: replace tspl with native test context in test/examples.js by @mcollina in nodejs/undici#5300

http2: remove redundant request stream binding by @trivikr in nodejs/undici#5302

test: limit cache-tests workers on Windows by @mcollina in nodejs/undici#5309

test: use test context cleanup hooks in parser issue tests by @mcollina in nodejs/undici#5282

Add redirect option to strip headers on redirect by @mcollina in nodejs/undici#5281

chore(test): fix lint failure by @aduh95 in nodejs/undici#5316

chore(ci): use npm ci instead of npm install by @aduh95 in nodejs/undici#5315

... (truncated)

Commits

a0806e1 Bumped v8.5.0 (#5429)
8a0392c test: detect available python command in wpt runner (#5427)
f4045b9 ci: increase Node.js workflow timeout (#5426)
363e44f chore: removed repro-h2-pipelining-default.mjs and lint (#5420)
c5ed787 websocket: handle empty fragments and stream limits
e114e77 align EventSource with spec (#5418)
6df53c5 fix: preserve h2 queue on out-of-order completion (#5410)
32dbf0b websocket: limit the number of fragments in a message
0d6ecc5 add bodymixin.textStream() (#5416)
42d4955 fix: honor requestTls when proxy is SOCKS5
Additional commits viewable in compare view

Updates which from 6.0.1 to 7.0.0

Release notes

Sourced from which's releases.

v7.0.0

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

which now supports node ^22.22.2 || ^24.15.0 || >=26.0.0

template-oss-apply

Features

471d90b #176 bump to new node engine range (@owlstronaut)

8aac36f #176 template-oss-apply (@owlstronaut)

Chores

9bdf003 #176 template-oss-apply (@owlstronaut)

Changelog

Sourced from which's changelog.

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

which now supports node ^22.22.2 || ^24.15.0 || >=26.0.0

template-oss-apply

Features

471d90b #176 bump to new node engine range (@owlstronaut)

8aac36f #176 template-oss-apply (@owlstronaut)

Chores

9bdf003 #176 template-oss-apply (@owlstronaut)

Commits

297db11 chore: release 7.0.0 (#177)
9bdf003 chore: template-oss-apply
471d90b feat!: bump to new node engine range
8aac36f feat!: template-oss-apply
4824908 deps & engine update
See full diff in compare view

Updates yauzl from 3.3.0 to 3.4.0

Commits

f5798e1 version 3.4.0
632d650 add promises API (#171)
73b1ba5 CONTRIBUTING.md
84f4776 version 3.3.2
d457074 fix typo in fd-slicer
c0f8eeb drop buffer-crc32 dependency (#173)
84df2f2 version 3.3.1
cd9bd23 Fix destroy() usage in fd-slicer (#170)
bac0725 add tests for unusual compression method
See full diff in compare view

Updates @rollup/rollup-android-arm-eabi from 4.60.3 to 4.62.0

Release notes

Sourced from @rollup/rollup-android-arm-eabi's releases.

v4.62.0

4.62.0

2026-06-13

Features

Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

#6374: Extract the static dependencies imported by manual chunks into separate chunks (@TrickyPi, @lukastaegert)

#6405: fix(deps): update minor/patch updates (@renovate[bot])

#6406: chore(deps): pin dependency concurrently to v9 (@renovate[bot], @lukastaegert)

#6407: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#6409: chore(deps): update minor/patch updates to v6.2.0 (@renovate[bot])

#6410: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#6412: fix(deps): update minor/patch updates (@renovate[bot])

#6413: chore(deps): update dependency eslint-plugin-unicorn to v65 (@renovate[bot])

#6414: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

v4.61.1

4.61.1

2026-06-04

Bug Fixes

Avoid extraneous newlines when adding headers via plugins (#6403)

Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

#6402: Improve documentation for manualPureFunctions (@lukastaegert)

#6403: Does not add an extra leading line feed for addons (@TrickyPi)

#6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@jdz321, @lukastaegert)

v4.61.0

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

... (truncated)

Changelog

Sourced from @rollup/rollup-android-arm-eabi's changelog.

4.62.0

2026-06-13

Features

Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

#6374: Extract the static dependencies imported by manual chunks into separate chunks (@TrickyPi, @lukastaegert)

#6405: fix(deps): update minor/patch updates (@renovate[bot])

#6406: chore(deps): pin dependency concurrently to v9 (@renovate[bot], @lukastaegert)

#6407: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#6409: chore(deps): update minor/patch updates to v6.2.0 (@renovate[bot])

#6410: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#6412: fix(deps): update minor/patch updates (@renovate[bot])

#6413: chore(deps): update dependency eslint-plugin-unicorn to v65 (@renovate[bot])

#6414: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

4.61.1

2026-06-04

Bug Fixes

Avoid extraneous newlines when adding headers via plugins (#6403)

Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

#6402: Improve documentation for manualPureFunctions (@lukastaegert)

#6403: Does not add an extra leading line feed for addons (@TrickyPi)

#6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@jdz321, @lukastaegert)

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

... (truncated)

Commits

5e0066d 4.62.0
93e85fc chore(deps): update dependency eslint-plugin-unicorn to v65 (#6413)
5c9ef2e fix(deps): update minor/patch updates (#6412)
18654d8 chore(deps): lock file maintenance minor/patch updates (#6414)
d96ed95 Extract the static dependencies imported by manual chunks into separate chunk...
126e141 chore(deps): pin dependency concurrently to v9 (#6406)
f2f58c4 chore(deps): lock file maintenance minor/patch updates (#6410)
5a15062 chore(deps): update minor/patch updates to v6.2.0 (#6409)
d02f03a chore(deps): lock file maintenance minor/patch updates (#6407)
844671c fix(deps): update minor/patch updates (#6405)
Additional commits viewable in compare view

Updates @rollup/rollup-android-arm64 from 4.60.3 to 4.62.0

Release notes

Sourced from @rollup/rollup-android-arm64's releases.

v4.62.0

4.62.0

2026-06-13

Features

Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

#6374: Extract the static dependencies imported by manual chunks into separate chunks (@TrickyPi, @lukastaegert)

#6405: fix(deps): update minor/patch updates (@renovate[bot])

#6406: chore(deps): pin dependency concurrently to v9 (@renovate[bot], @lukastaegert)

#6407: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#6409: chore(deps): update minor/patch updates to v6.2.0 (@renovate[bot])

#6410: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#6412: fix(deps): update minor/patch updates (@renovate[bot])

#6413: chore(deps): update dependency eslint-plugin-unicorn to v65 (@renovate[bot])

#6414: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

v4.61.1

4.61.1

2026-06-04

Bug Fixes

Avoid extraneous newlines when adding headers via plugins (#6403)

Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

#6402: Improve documentation for manualPureFunctions (@lukastaegert)

#6403: Does not add an extra leading line feed for addons (@TrickyPi)

#6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@jdz321, @lukastaegert)

v4.61.0

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

... (truncated)

Changelog

Sourced from @rollup/rollup-android-arm64's changelog.

4.62.0

2026-06-13

Features

Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

#6374: Extract the static dependencies imported by manual chunks into separate chunks (@TrickyPi, @lukastaegert)

#6405: fix(deps): update minor/patch updates (@renovate[bot])

#6406: chore(deps): pin dependency concurrently to v9 (@renovate[bot], @lukastaegert)

#6407: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#6409: chore(deps): update minor/patch updates to v6.2.0 (@renovate[bot])

#6410: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#6412: fix(deps): update minor/patch updates (@renovate[bot])

#6413: chore(deps): update dependency eslint-plugin-unicorn to v65 (@renovate[bot])

#6414: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

4.61.1

2026-06-04

Bug Fixes

Avoid extraneous newlines when adding headers via plugins (#6403)

Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

#6402: Improve documentation for manualPureFunctions (@lukastaegert)

#6403: Does not add an extra leading line feed for addons (@TrickyPi)

#6404: fix: set report.excludeNetwork=true before getReport() to avoid blocking PTR lookups (@jdz321, @lukastaegert)

4.61.0

2026-06-01

Features

Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

#6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@lukastaegert)

#6378: fix(deps): update minor/patch updates (@renovate[bot])

#6379: chore(deps): update dependency lint-staged to v17 (@renovate[bot], @lukastaegert)

#6380: chore(deps): update dependency lru-cache to v11 (@renovate[bot], @lukastaegert)

#6381: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

... (truncated)

Commits

…h 36 updates Bumps the production group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [commander](https://github.com/tj/commander.js) | `14.0.3` | `15.0.0` | | [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.4` | `11.3.5` | | [semver](https://github.com/npm/node-semver) | `7.7.4` | `7.8.4` | | [undici](https://github.com/nodejs/undici) | `8.0.2` | `8.5.0` | | [which](https://github.com/npm/node-which) | `6.0.1` | `7.0.0` | | [yauzl](https://github.com/thejoshwolfe/yauzl) | `3.3.0` | `3.4.0` | Updates `commander` from 14.0.3 to 15.0.0 - [Release notes](https://github.com/tj/commander.js/releases) - [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md) - [Commits](tj/commander.js@v14.0.3...v15.0.0) Updates `fs-extra` from 11.3.4 to 11.3.5 - [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-fs-extra@11.3.4...11.3.5) Updates `semver` from 7.7.4 to 7.8.4 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.7.4...v7.8.4) Updates `undici` from 8.0.2 to 8.5.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v8.0.2...v8.5.0) Updates `which` from 6.0.1 to 7.0.0 - [Release notes](https://github.com/npm/node-which/releases) - [Changelog](https://github.com/npm/node-which/blob/main/CHANGELOG.md) - [Commits](npm/node-which@v6.0.1...v7.0.0) Updates `yauzl` from 3.3.0 to 3.4.0 - [Commits](thejoshwolfe/yauzl@3.3.0...3.4.0) Updates `@rollup/rollup-android-arm-eabi` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-android-arm64` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-darwin-arm64` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-darwin-x64` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-freebsd-arm64` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-freebsd-x64` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-arm-gnueabihf` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-arm-musleabihf` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-arm64-gnu` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-arm64-musl` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-loong64-gnu` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-loong64-musl` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-ppc64-gnu` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-ppc64-musl` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-riscv64-gnu` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-riscv64-musl` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-s390x-gnu` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-x64-gnu` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-linux-x64-musl` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-openbsd-x64` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-openharmony-arm64` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-win32-arm64-msvc` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-win32-ia32-msvc` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-win32-x64-gnu` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@rollup/rollup-win32-x64-msvc` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) Updates `@types/estree` from 1.0.8 to 1.0.9 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/estree) Updates `acorn` from 8.16.0 to 8.17.0 - [Commits](acornjs/acorn@8.16.0...8.17.0) Updates `jsonfile` from 6.2.0 to 6.2.1 - [Changelog](https://github.com/jprichardson/node-jsonfile/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-jsonfile@6.2.0...6.2.1) Updates `postcss` from 8.5.14 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.14...8.5.15) Updates `rollup` from 4.60.3 to 4.62.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.60.3...v4.62.0) --- updated-dependencies: - dependency-name: commander dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production - dependency-name: fs-extra dependency-version: 11.3.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: semver dependency-version: 7.8.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: undici dependency-version: 8.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: which dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production - dependency-name: yauzl dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-android-arm-eabi" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-android-arm64" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-darwin-arm64" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-darwin-x64" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-freebsd-arm64" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-freebsd-x64" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-arm-gnueabihf" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-arm-musleabihf" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-arm64-gnu" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-arm64-musl" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-loong64-gnu" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-loong64-musl" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-ppc64-gnu" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-ppc64-musl" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-riscv64-gnu" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-riscv64-musl" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-s390x-gnu" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-x64-gnu" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-linux-x64-musl" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-openbsd-x64" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-openharmony-arm64" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-win32-arm64-msvc" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-win32-ia32-msvc" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-win32-x64-gnu" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@rollup/rollup-win32-x64-msvc" dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@types/estree" dependency-version: 1.0.9 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: acorn dependency-version: 8.17.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: jsonfile dependency-version: 6.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: rollup dependency-version: 4.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-06-17T02:49:30Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	which@6.0.1 ⏵ 7.0.0
	fs-extra@11.3.5
	commander@14.0.3 ⏵ 15.0.0	⁺¹
	yauzl@3.4.0
	semver@7.8.4
	undici@8.5.0

View full report

dependabot · 2026-06-19T05:30:01Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 17, 2026

dependabot Bot closed this Jun 19, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/production-30904a2f64 branch June 19, 2026 05:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): (deps): bump the production group across 1 directory with 36 updates#953

chore(deps): (deps): bump the production group across 1 directory with 36 updates#953
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-30904a2f64

dependabot Bot commented on behalf of github Jun 17, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Jun 17, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v15.0.0

Added

Fixed

Changed

Deleted

Migration Tips

v15.0.0-0

Added

Fixed

[15.0.0] (2026-05-29)

Added

Fixed

Changed

Deleted

Migration Tips

[15.0.0-0] (2026-02-22)

11.3.5 / 2026-05-06

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

Chores

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

v7.8.1

7.8.1 (2026-05-21)

Bug Fixes

v7.8.0

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

7.8.4 (2026-06-09)

Bug Fixes

7.8.3 (2026-06-08)

Bug Fixes

Chores

7.8.2 (2026-06-04)

Bug Fixes

7.8.1 (2026-05-21)

Bug Fixes

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

v8.5.0

What's Changed

New Contributors

v8.4.1

What's Changed

New Contributors

v8.4.0

What's Changed

v7.0.0

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

Features

Chores

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

Features

Chores

v4.62.0

4.62.0

Features

Pull Requests

v4.61.1

4.61.1

Bug Fixes

Pull Requests

dependabot Bot commented on behalf of github Jun 17, 2026 •

edited

Loading