chore(deps): (deps): bump the production group across 1 directory with 21 updates by dependabot[bot] · Pull Request #946 · tidev/titanium-cli

dependabot · 2026-05-20T07:26:06Z

Bumps the production group with 16 updates in the / directory:

Package	From	To
fs-extra	`11.3.4`	`11.3.5`
semver	`7.7.4`	`7.8.0`
undici	`8.0.2`	`8.3.0`
which	`6.0.1`	`7.0.0`
@babel/compat-data	`7.29.0`	`7.29.3`
@babel/parser	`7.29.2`	`7.29.3`
@istanbuljs/schema	`0.1.3`	`0.1.6`
baseline-browser-mapping	`2.10.20`	`2.10.31`
caniuse-lite	`1.0.30001788`	`1.0.30001793`
electron-to-chromium	`1.5.343`	`1.5.360`
get-east-asian-width	`1.5.0`	`1.6.0`
lru-cache	`5.1.1`	`11.5.0`
magicast	`0.5.2`	`0.5.3`
node-releases	`2.0.37`	`2.0.44`
string-width	`4.2.3`	`8.2.1`
strip-ansi	`6.0.1`	`7.2.0`

Updates fs-extra from 11.3.4 to 11.3.5

Changelog

Sourced from fs-extra's changelog.

11.3.5 / 2026-05-06

Fix ensureLink*/ensureSymlink* identical file detection on Windows (#1068)

Fix error handling in timestamp preservation code (#1065, #1069)

Fix potential file descriptor leak on error in synchronous timestamp preservation code (#1066)

Commits

8a88f58 11.3.5
81a1311 Mirror all utimesMillis() tests for utimesMillisSync() (#1070)
b7ab7f8 Properly handle close errors in utimesMillis*() (#1069)
1c248ed Fix file descriptor leak in utimesMillisSync (#1066)
a4000d6 Ensure all usages of areIdentical receive bigint stats (#1068)
1e9c57d Fix error handling in utimesMillis (#1065)
See full diff in compare view

Updates semver from 7.7.4 to 7.8.0

Release notes

Sourced from semver's releases.

v7.8.0

7.8.0 (2026-05-08)

Features

0d0a0a2 #855 Add truncate function (#855) (@pjohnmeyer, @owlstronaut)

Bug Fixes

3905343 #859 Warn when defaulting to --inc=patch in CLI (@pjohnmeyer)

Documentation

c368af6 #853 fix typos in documentation (#853) (@ankitkumar572005)

37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@abhu85, @claude)

Chores

9542e09 #860 template-oss-apply (@owlstronaut)

937bc2c #860 template-oss-apply@5.0.0 (@owlstronaut)

6946fef #852 bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@dependabot[bot], @npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.8.0 (2026-05-08)

Features

0d0a0a2 #855 Add truncate function (#855) (@pjohnmeyer, @owlstronaut)

Bug Fixes

3905343 #859 Warn when defaulting to --inc=patch in CLI (@pjohnmeyer)

Documentation

c368af6 #853 fix typos in documentation (#853) (@ankitkumar572005)

37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@abhu85, @claude)

Chores

9542e09 #860 template-oss-apply (@owlstronaut)

937bc2c #860 template-oss-apply@5.0.0 (@owlstronaut)

6946fef #852 bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@dependabot[bot], @npm-cli-bot)

Commits

efa4be6 chore: release 7.8.0 (#847)
9542e09 chore: template-oss-apply
937bc2c chore: template-oss-apply@5.0.0
3905343 fix: Warn when defaulting to --inc=patch in CLI
0d0a0a2 feat: Add truncate function (#855)
c368af6 docs: fix typos in documentation (#853)
6946fef chore: bump @npmcli/template-oss from 4.29.0 to 4.30.0 (#852)
37776c3 docs: fix BNF grammar to distinguish prerelease from build identifiers (#846)
See full diff in compare view

Updates undici from 8.0.2 to 8.3.0

Release notes

Sourced from undici's releases.

v8.3.0

What's Changed

fix: preserve pool capacity after removing stale client by @trivikr in nodejs/undici#5151

build(deps): bump actions/github-script from 8.0.0 to 9.0.0 by @dependabot[bot] in nodejs/undici#5157

build(deps): bump actions/upload-artifact from 5.0.0 to 7.0.1 by @dependabot[bot] in nodejs/undici#5162

build(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @dependabot[bot] in nodejs/undici#5156

chore(http2): collapse duplicate request stream setup by @trivikr in nodejs/undici#5140

perf(client): cache HTTP/2 authority by @trivikr in nodejs/undici#5141

build(deps-dev): bump borp from 0.20.2 to 1.0.0 by @dependabot[bot] in nodejs/undici#4819

types: add TOpaque to client connect options by @samuel871211 in nodejs/undici#4928

build(deps): bump tinybench from 5.1.0 to 6.0.1 in /benchmarks by @dependabot[bot] in nodejs/undici#4688

build(deps): bump codecov/codecov-action from 5.5.1 to 6.0.0 by @dependabot[bot] in nodejs/undici#4950

build(deps): bump actions/dependency-review-action from 4.8.1 to 4.9.0 by @dependabot[bot] in nodejs/undici#4951

test(fetch): add userinfo coverage for issue-4897 URLs by @mcollina in nodejs/undici#4901

perf: avoid duplicate pool dispatcher selection on backpressure by @trivikr in nodejs/undici#5149

build(deps): bump actions/setup-node from 6.2.0 to 6.4.0 by @dependabot[bot] in nodejs/undici#5163

build(deps): bump step-security/harden-runner from 2.14.1 to 2.19.1 by @dependabot[bot] in nodejs/undici#5160

build(deps): bump cronometro from 5.3.0 to 6.0.3 in /benchmarks by @dependabot[bot] in nodejs/undici#4687

build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @dependabot[bot] in nodejs/undici#5161

build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @dependabot[bot] in nodejs/undici#4853

build(deps): bump hendrikmuhs/ccache-action from 1.2.22 to 1.2.23 by @dependabot[bot] in nodejs/undici#5158

build(deps): bump fastify/github-action-merge-dependabot from 3.11.2 to 3.12.0 by @dependabot[bot] in nodejs/undici#5159

build(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @dependabot[bot] in nodejs/undici#4854

build(deps): bump uWebSockets.js from v20.64.0 to v20.66.0 in /benchmarks by @dependabot[bot] in nodejs/undici#5130

docs: mention install() also installs WebSocket globals by @mcollina in nodejs/undici#5174

types: stop interfering with @types/node by @Renegade334 in nodejs/undici#5173

fix: align h2 empty body content-length methods with h1 by @trivikr in nodejs/undici#5172

build(deps-dev): bump fast-check from 4.6.0 to 4.7.0 by @dependabot[bot] in nodejs/undici#5192

build(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @dependabot[bot] in nodejs/undici#5191

test: move cleanup from finally to after hooks by @trivikr in nodejs/undici#5194

test: resolve flaky timeout in issue-3356 by @trivikr in nodejs/undici#5188

SnapshotAgent: Add normalizeBody and normalizeQuery by @GeoffreyBooth in nodejs/undici#5121

fix(socks5): use configured connector in Socks5ProxyAgent by @trivikr in nodejs/undici#5168

perf(http2): avoid isArray checks for common headers by @trivikr in nodejs/undici#5170

fix(test): make deduplicate body-streaming test non-flaky by @mcollina in nodejs/undici#5196

test(retry): add regression test for RetryAgent + HTTP/2 stream timeout (#5137) by @mcollina in nodejs/undici#5176

fix(socks5): preserve dispatch backpressure return value by @trivikr in nodejs/undici#5166

perf(http2): end zero-length request bodies with headers by @trivikr in nodejs/undici#5169

fix(test): make issue-2898-comment.js assertion robust against flakiness by @mcollina in nodejs/undici#5208

test: disable timeouts in h2 high concurrency regression by @trivikr in nodejs/undici#5205

test: deflake stream compat coverage by @mcollina in nodejs/undici#5209

fix(dispatcher): remove unreachable assert in writeBlob by @SAY-5 in nodejs/undici#5231

fix: clean up benchmark resources before worker exit by @trivikr in nodejs/undici#5225

test: avoid per-chunk assertions in diagnostics get by @trivikr in nodejs/undici#5224

test: capture cache test worker stderr and preserve failures by @trivikr in nodejs/undici#5206

chore: gitignore benchmarks/package-lock.json by @trivikr in nodejs/undici#5228

perf(proxy-agent): avoid extra header allocations in auth guard by @trivikr in nodejs/undici#5164

test(wpt): retry WPT server startup on port conflicts or timeout by @trivikr in nodejs/undici#5215

test: make websocket diagnostics ping-pong ordering deterministic by @trivikr in nodejs/undici#5222

test(websocket): fix flaky send test by @mcollina in nodejs/undici#5232

... (truncated)

Commits

aa33b19 Bumped v8.3.0 (#5305)
f33a6cb test: fix flaky http2-dispatcher WebSocket upgrade tests (#5304)
ca0cb16 build(deps): bump uWebSockets.js in /benchmarks (#5299)
e1f9035 build(deps-dev): bump jest from 30.3.0 to 30.4.2 (#5297)
314ba6a perf(client-h2): reuse request upgrade stream handlers (#5293)
be9a544 Add Node 26 to the matrix (#5271)
45f7bd3 test: retry crashed cache-test workers once (#5294)
08cf765 build(deps-dev): bump fast-check from 4.7.0 to 4.8.0 (#5298)
df5ded9 cache formdata boundary (#5292)
e101dcb test: include after in parser-issues (#5284)
Additional commits viewable in compare view

Updates which from 6.0.1 to 7.0.0

Release notes

Sourced from which's releases.

v7.0.0

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

which now supports node ^22.22.2 || ^24.15.0 || >=26.0.0

template-oss-apply

Features

471d90b #176 bump to new node engine range (@owlstronaut)

8aac36f #176 template-oss-apply (@owlstronaut)

Chores

9bdf003 #176 template-oss-apply (@owlstronaut)

Changelog

Sourced from which's changelog.

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

which now supports node ^22.22.2 || ^24.15.0 || >=26.0.0

template-oss-apply

Features

471d90b #176 bump to new node engine range (@owlstronaut)

8aac36f #176 template-oss-apply (@owlstronaut)

Chores

9bdf003 #176 template-oss-apply (@owlstronaut)

Commits

297db11 chore: release 7.0.0 (#177)
9bdf003 chore: template-oss-apply
471d90b feat!: bump to new node engine range
8aac36f feat!: template-oss-apply
4824908 deps & engine update
See full diff in compare view

Updates @babel/compat-data from 7.29.0 to 7.29.3

Release notes

Sourced from @babel/compat-data's releases.

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

#17818 Load async Wasm and JSON imports in parallel (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.29.2 (2026-03-16)

👓 Spec Compliance

babel-parser

#17840 [7.x backport] async x => {} must be in leading pos (@JLHwung)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3

#17805 [7.x backport] fix: Properly handle await in finally (@liuxingbaoyu)

babel-preset-env

#17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@JLHwung)

🏠 Internal

#17813 chore: update eslint peer deps (@JLHwung)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

... (truncated)

Commits

183db7b v7.29.3
268f246 Add bugfix plugin for Safari array rest destructuring bug (#17788)
f8524d8 Update compat data (#17686)
See full diff in compare view

Updates @babel/parser from 7.29.2 to 7.29.3

Release notes

Sourced from @babel/parser's releases.

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

#17818 Load async Wasm and JSON imports in parallel (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

Commits

183db7b v7.29.3
9bc522a Support flow extends bound (#17923)
69277a0 Improve trailing comma comment handling (#17782)
See full diff in compare view

Updates @istanbuljs/schema from 0.1.3 to 0.1.6

Release notes

Sourced from @istanbuljs/schema's releases.

v0.1.6

0.1.6 (2026-04-13)

Bug Fixes

Undo change to schema in 0.1.x series (440f977)

v0.1.5

0.1.5 (2026-04-13)

Bug Fixes

Re-add release-please (7c25461)

Changelog

Sourced from @istanbuljs/schema's changelog.

0.1.6 (2026-04-13)

Bug Fixes

Undo change to schema in 0.1.x series (440f977)

0.1.5 (2026-04-13)

Bug Fixes

Re-add release-please (7c25461)

0.1.4 (2026-04-13)

Bug Fixes

Remove development dependencies (a24b4c1)

Commits

f870afe chore(master): release 0.1.6
440f977 fix: Undo change to schema in 0.1.x series
d258e9e chore(master): release 0.1.5
7c25461 fix: Re-add release-please
75b89fd chore: Remove release-please
467c01f chore(master): release 0.1.4
a24b4c1 fix: Remove development dependencies
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @istanbuljs/schema since your current version.

Updates @types/estree from 1.0.8 to 1.0.9

Commits

See full diff in compare view

Updates baseline-browser-mapping from 2.10.20 to 2.10.31

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

Remove process.loadEnfFile() from main script by @tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

a057bc0 Patch to 2.10.31 because browser or feature data changed
0b69854 Browser or feature data changed
7e593fc Updating static site
06bb2ba Patch to 2.10.30 because browser or feature data changed
c49e411 Browser or feature data changed
b7881aa Updating static site
0d664fc Patch to 2.10.29 because browser or feature data changed
2aeb209 Browser or feature data changed
2f77cb8 Updating static site
1ab697e Patch to 2.10.28 because browser or feature data changed
Additional commits viewable in compare view

Updates brace-expansion from 5.0.5 to 5.0.6

Commits

46317b5 5.0.6
c0b095b Merge commit from fork
ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
See full diff in compare view

Updates caniuse-lite from 1.0.30001788 to 1.0.30001793

Commits

19625ff Update caniuse-db 1.0.30001793
53c6e7b Update caniuse-db 1.0.30001792
abf9bca Update caniuse-db 1.0.30001791
a387dba Update caniuse-db 1.0.30001790
7f81a3c Update lock file
ac1ee53 Move from ESLint & Prettier to oxlint & oxfmt
29a690f Update CI actions
cabad5e Update dependencies
16f140f Update email
See full diff in compare view

Updates electron-to-chromium from 1.5.343 to 1.5.360

Commits

8d4cc40 1.5.360
15cc117 generate new version
e32d6dd 1.5.359
1ea14ee generate new version
14c203e 1.5.358
819458d generate new version
e1c862f 1.5.357
48473e6 generate new version
442dbbf 1.5.356
b42783d generate new version
Additional commits viewable in compare view

Updates get-east-asian-width from 1.5.0 to 1.6.0

Release notes

Sourced from get-east-asian-width's releases.

v1.6.0

Improve tree-shaking (#15) 0c9afbc

sindresorhus/get-east-asian-width@v1.5.0...v1.6.0

Commits

75cd90f 1.6.0
0c9afbc Improve tree-shaking (#15)
See full diff in compare view

Updates jsonfile from 6.2.0 to 6.2.1

Changelog

Sourced from jsonfile's changelog.

6.2.1 / 2026-04-20

Throw descriptive TypeError when obj is not JSON-serializable (#168)

Commits

97478af 6.2.1
f58238a Throw descriptive TypeError when obj is not JSON-serializable (#168)
See full diff in compare view

Updates lru-cache from 5.1.1 to 11.5.0

Changelog

Sourced from lru-cache's changelog.

cringe lorg

11.5

Add backgroundFetchSize option, defaulting to 1, to set an effective size for provisional background fetch objects while in flight, if they do not shadow an existing stale entry.

11.4

Add cache property to status objects, in order to differentiate which cache is emitting the metric or trace.

Several small bugs regarding fetch behavior edge cases.

onInsert does not fire for background fetch internal promises.

dispose() and disposeAfter() now fire for the stale value left behind when an in-process background fetch is pre-empted by eviction.

fetchMethod that returns a non-Promise value is handled correctly.

No Error is created, or abort() signaled, when a background fetch promise is resolved. (Presumably the implementation is done by that point.)

11.3

Add observability features, expand the coverage of LRUCache.Status objects.

11.2

Add the perf option to specify performance, Date, or any other object with a now() method that returns a number.

11.1

Add the onInsert method

11.0

Drop support for node less than v20

10.4

Accidental minor update, should've been patch.

10.3

add forceFetch() method

set disposeReason to 'expire' when it's the result of a TTL

... (truncated)

Commits

0adc7a5 11.5.0
4708153 add backgroundFetchSize option
9bed6db formatting changelog
cd8f37b test: loosen test on onInsert
c440996 11.4.0
fdab191 changelog 11.4
fbd958d add cache to status type
451737c fix several bugs related to background fetch edge cases
425dd43 update deps
c6eafb2 11.3.6
Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates magicast from 0.5.2 to 0.5.3

Release notes

Sourced from magicast's releases.

v0.5.3

🚀 Features

Add await expression support - by @Jack-sh1 in unjs/magicast#157 (b1124)

View changes on GitHub

Commits

8d4fed0 chore: release v0.5.3
b87cb34 chore: update deps and lint
b112424 feat: add await expression support (#157)
See full diff in compare view

Updates node-releases from 2.0.37 to 2.0.44

Commits

1ae4960 2.0.44
37fef30 ci: bump runner Node to 24 (npm 11 needed for trusted publishing OIDC)
e0fcac6 2.0.43
619e9b2 ci: switch to npm trusted publishing (drop NODE_AUTH_TOKEN)
163f80f ci: bump checkout/setup-node to v6 and add manual publish_only trigger
2b594a8 2.0.42
50f02d0 publish automation
4720541 2.0.41
95daf37 feat: Nightly Sync
22487ce 2.0.40
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for node-releases since your current version.

Updates postcss from 8.5.14 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

Fixed declaration parsing performance (by @homanp).

Changelog

Sourced from postcss's changelog.

8.5.15

Fixed declaration parsing performance (by @homanp).

Commits

eae46db Release 8.5.15 version
79508ff Update CI actions
b128e21 Speed up declaration parsing by avoiding creating new array on each token
9825dca Fix code format
55789c8 Update dependencies
84fbbe9 Install older pnpm action for old Node.js
9f860bd Revert pnpm action for old Node.js
0877198 Update CI actions
b2d1a33 Fix linter warnings
0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
Additional commits viewable in compare view

Updates string-width from 4.2.3 to 8.2.1

Release notes

Sourced from string-width's releases.

v8.2.1

Fix Hangul grapheme width handling 9781ea4

sindresorhus/string-width@v8.2.0...v8.2.1

v8.2.0

Improve performance with ASCII fast path (#72) 91b9857

Fix width calculation for minimally-qualified emoji sequences (#68) 28147cc

sindresorhus/string-width@v8.1.1...v8.2.0

v8.1.1

Fix crash on Unicode Format characters like U+0600 7626ac3

sindresorhus/string-width@v8.1.0...v8.1.1

v8.1.0

Improve performance bf041e0 8691a94

sindresorhus/string-width@v8.0.0...v8.1.0

v8.0.0

Breaking

Require Node.js 20 fbea7e5

Improvements

It now handles a lot more edge-cases fbea7e5

One less dependency fbea7e5

sindresorhus/string-width@v7.2.0...v8.0.0

v7.2.0

Handle more edge-cases be33439

sindresorhus/string-width@v7.1.0...v7.2.0

v7.1.0

Improve performance (#54) b0dd0fa

... (truncated)

Commits

cf857c1 8.2.1
9781ea4 Fix Hangul grapheme width handling
7c2f550 8.2.0
8b6dc2f Meta tweaks
91b9857<...
Description has been truncated

…h 21 updates Bumps the production group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.4` | `11.3.5` | | [semver](https://github.com/npm/node-semver) | `7.7.4` | `7.8.0` | | [undici](https://github.com/nodejs/undici) | `8.0.2` | `8.3.0` | | [which](https://github.com/npm/node-which) | `6.0.1` | `7.0.0` | | [@babel/compat-data](https://github.com/babel/babel/tree/HEAD/packages/babel-compat-data) | `7.29.0` | `7.29.3` | | [@babel/parser](https://github.com/babel/babel/tree/HEAD/packages/babel-parser) | `7.29.2` | `7.29.3` | | [@istanbuljs/schema](https://github.com/istanbuljs/schema) | `0.1.3` | `0.1.6` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.20` | `2.10.31` | | [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001788` | `1.0.30001793` | | [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.343` | `1.5.360` | | [get-east-asian-width](https://github.com/sindresorhus/get-east-asian-width) | `1.5.0` | `1.6.0` | | [lru-cache](https://github.com/isaacs/node-lru-cache) | `5.1.1` | `11.5.0` | | [magicast](https://github.com/unjs/magicast) | `0.5.2` | `0.5.3` | | [node-releases](https://github.com/chicoxyzzy/node-releases) | `2.0.37` | `2.0.44` | | [string-width](https://github.com/sindresorhus/string-width) | `4.2.3` | `8.2.1` | | [strip-ansi](https://github.com/chalk/strip-ansi) | `6.0.1` | `7.2.0` | Updates `fs-extra` from 11.3.4 to 11.3.5 - [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-fs-extra@11.3.4...11.3.5) Updates `semver` from 7.7.4 to 7.8.0 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.7.4...v7.8.0) Updates `undici` from 8.0.2 to 8.3.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v8.0.2...v8.3.0) Updates `which` from 6.0.1 to 7.0.0 - [Release notes](https://github.com/npm/node-which/releases) - [Changelog](https://github.com/npm/node-which/blob/main/CHANGELOG.md) - [Commits](npm/node-which@v6.0.1...v7.0.0) Updates `@babel/compat-data` from 7.29.0 to 7.29.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-compat-data) Updates `@babel/parser` from 7.29.2 to 7.29.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-parser) Updates `@istanbuljs/schema` from 0.1.3 to 0.1.6 - [Release notes](https://github.com/istanbuljs/schema/releases) - [Changelog](https://github.com/istanbuljs/schema/blob/master/CHANGELOG.md) - [Commits](istanbuljs/schema@v0.1.3...v0.1.6) Updates `@types/estree` from 1.0.8 to 1.0.9 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/estree) Updates `baseline-browser-mapping` from 2.10.20 to 2.10.31 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.10.20...v2.10.31) Updates `brace-expansion` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v5.0.5...v5.0.6) Updates `caniuse-lite` from 1.0.30001788 to 1.0.30001793 - [Commits](browserslist/caniuse-lite@1.0.30001788...1.0.30001793) Updates `electron-to-chromium` from 1.5.343 to 1.5.360 - [Changelog](https://github.com/Kilian/electron-to-chromium/blob/main/CHANGELOG.md) - [Commits](Kilian/electron-to-chromium@v1.5.343...v1.5.360) Updates `get-east-asian-width` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/sindresorhus/get-east-asian-width/releases) - [Commits](sindresorhus/get-east-asian-width@v1.5.0...v1.6.0) Updates `jsonfile` from 6.2.0 to 6.2.1 - [Changelog](https://github.com/jprichardson/node-jsonfile/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-jsonfile@6.2.0...6.2.1) Updates `lru-cache` from 5.1.1 to 11.5.0 - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](isaacs/node-lru-cache@v5.1.1...v11.5.0) Updates `magicast` from 0.5.2 to 0.5.3 - [Release notes](https://github.com/unjs/magicast/releases) - [Changelog](https://github.com/unjs/magicast/blob/main/CHANGELOG.md) - [Commits](unjs/magicast@v0.5.2...v0.5.3) Updates `node-releases` from 2.0.37 to 2.0.44 - [Commits](chicoxyzzy/node-releases@v2.0.37...v2.0.44) Updates `postcss` from 8.5.14 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.14...8.5.15) Updates `string-width` from 4.2.3 to 8.2.1 - [Release notes](https://github.com/sindresorhus/string-width/releases) - [Commits](sindresorhus/string-width@v4.2.3...v8.2.1) Updates `strip-ansi` from 6.0.1 to 7.2.0 - [Release notes](https://github.com/chalk/strip-ansi/releases) - [Commits](chalk/strip-ansi@v6.0.1...v7.2.0) Updates `vite` from 5.4.21 to 8.0.13 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite) --- updated-dependencies: - dependency-name: fs-extra dependency-version: 11.3.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: semver dependency-version: 7.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: undici dependency-version: 8.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: which dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production - dependency-name: "@babel/compat-data" dependency-version: 7.29.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: "@babel/parser" dependency-version: 7.29.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: "@istanbuljs/schema" dependency-version: 0.1.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: "@types/estree" dependency-version: 1.0.9 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: baseline-browser-mapping dependency-version: 2.10.31 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: brace-expansion dependency-version: 5.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: caniuse-lite dependency-version: 1.0.30001793 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: electron-to-chromium dependency-version: 1.5.360 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: get-east-asian-width dependency-version: 1.6.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: jsonfile dependency-version: 6.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: lru-cache dependency-version: 11.5.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: production - dependency-name: magicast dependency-version: 0.5.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: node-releases dependency-version: 2.0.44 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: string-width dependency-version: 8.2.1 dependency-type: indirect update-type: version-update:semver-major dependency-group: production - dependency-name: strip-ansi dependency-version: 7.2.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: production - dependency-name: vite dependency-version: 8.0.13 dependency-type: indirect update-type: version-update:semver-major dependency-group: production ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-05-20T07:27:08Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	undici@8.3.0
	which@6.0.1 ⏵ 7.0.0
	semver@7.8.0
	fs-extra@11.3.5

View full report

dependabot Bot added the dependencies Pull requests that update a dependency file label May 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): (deps): bump the production group across 1 directory with 21 updates#946

chore(deps): (deps): bump the production group across 1 directory with 21 updates#946
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-83e1628929

dependabot Bot commented on behalf of github May 20, 2026

Uh oh!

socket-security Bot commented May 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 20, 2026

11.3.5 / 2026-05-06

v7.8.0

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

7.8.0 (2026-05-08)

Features

Bug Fixes

Documentation

Chores

v8.3.0

What's Changed

v7.0.0

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

Features

Chores

7.0.0 (2026-05-08)

⚠️ BREAKING CHANGES

Features

Chores

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏃‍♀️ Performance

Committers: 4

v7.29.2 (2026-03-16)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

Committers: 2

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏃‍♀️ Performance

Committers: 4

v0.1.6

0.1.6 (2026-04-13)

Bug Fixes

v0.1.5

0.1.5 (2026-04-13)

Bug Fixes

0.1.6 (2026-04-13)

Bug Fixes

0.1.5 (2026-04-13)

Bug Fixes

0.1.4 (2026-04-13)

Bug Fixes

v2.9.3 - remove process.loadEnvFile()

What's Changed

v1.6.0

cringe lorg

11.5

11.4

11.3

11.2

11.1

11.0

10.4

10.3

v0.5.3

🚀 Features

View changes on GitHub

8.5.15

8.5.15

v8.2.1

v8.2.0

v8.1.1

v8.1.0

v8.0.0

Breaking

v2.9.3 - remove `process.loadEnvFile()`