Skip to content

build(deps-dev): bump lerna from 8.2.2 to 8.2.4#64

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/lerna-8.2.4
Closed

build(deps-dev): bump lerna from 8.2.2 to 8.2.4#64
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/lerna-8.2.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Sep 15, 2025

Bumps lerna from 8.2.2 to 8.2.4.

Release notes

Sourced from lerna's releases.

v8.2.4

8.2.4 (2025-07-27)

Bug Fixes

Features

  • version: update workspace specifiers in peerDependencies (#4203) (45e00ce)

v8.2.3

8.2.3 (2025-06-29)

Bug Fixes

  • use internal fork of unmaintained strong-log-transformer (#4195) (7115485)
Changelog

Sourced from lerna's changelog.

8.2.4 (2025-07-27)

Bug Fixes

8.2.3 (2025-06-29)

Bug Fixes

  • use internal fork of unmaintained strong-log-transformer (#4195) (7115485)
Commits
  • 61e4bc2 chore(misc): publish 8.2.4
  • 8211512 fix: remove all remaining lodash usage (#4207)
  • 25331af chore(misc): publish 8.2.3
  • 7115485 fix: use internal fork of unmaintained strong-log-transformer (#4195)
  • bde7882 chore: kill legacy linting setup and migrate from globby to tinyglobby (#4179)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps-dev): bump lerna from 8.2.2 to 8.2.4
1c67e86 
Bumps [lerna](https://github.com/lerna/lerna/tree/HEAD/packages/lerna) from 8.2.2 to 8.2.4.
- [Release notes](https://github.com/lerna/lerna/releases)
- [Changelog](https://github.com/lerna/lerna/blob/main/packages/lerna/CHANGELOG.md)
- [Commits](https://github.com/lerna/lerna/commits/v8.2.4/packages/lerna)

---
updated-dependencies:
- dependency-name: lerna
  dependency-version: 8.2.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 15, 2025
@dependabot dependabot Bot mentioned this pull request Sep 15, 2025
Closed
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Sep 15, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedwhich-collection@​1.0.2671008952100
Addedsafer-buffer@​2.1.26110010052100
Addedtypedarray@​0.0.6671008852100
Addedset-function-length@​1.2.2661008552100
Addedpath-parse@​1.0.7671007952100
Addedunbox-primitive@​1.1.0671008252100
Addedtyped-array-buffer@​1.0.3671007852100
Addedsafe-regex-test@​1.1.0671008052100
Addedsafe-array-concat@​1.1.3661008452100
Addedside-channel@​1.1.0661008752100
Addedtyped-array-length@​1.0.7661008952100
Addedstring.prototype.trim@​1.2.10661008352100
Addedstring.prototype.matchall@​4.0.12661009253100
Addedtyped-array-byte-length@​1.0.3661009153100
Addedwhich-boxed-primitive@​1.1.1661009153100
Addedtyped-array-byte-offset@​1.0.4661009153100
Addedstring.prototype.repeat@​1.0.0671008153100
Addedregexp.prototype.flags@​1.5.4661008653100
Addedsafe-buffer@​5.2.16710010053100
Addedstring.prototype.trimstart@​1.0.8671008253100
Addedstring.prototype.includes@​2.0.1671008454100
Addedstring.prototype.trimend@​1.0.9671008254100
Added@​bedrock-layout/​use-stateful-ref@​2.0.171001005778100
Added@​bedrock-layout/​register-resize-callback@​2.0.15671005978100
Addedunique-slug@​4.0.01001006184100
Addedunique-filename@​3.0.01001006584100
Addedp-try@​1.0.01001006577100
Addedset-blocking@​2.0.01001006577100
Addedtemp-dir@​1.0.01001006577100
Addedstrip-final-newline@​2.0.01001006677100
Updatedrestore-cursor@​5.1.0 ⏵ 3.1.010010067 +177100
Addedxml-name-validator@​5.0.01001006883100
See 174 more rows in the dashboard

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Sep 15, 2025

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
safer-buffer@2.1.2 has Obfuscated code.

Confidence: 0.94

Location: Package overview

From: yarn.locknpm/safer-buffer@2.1.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Sep 23, 2025

Superseded by #71.

@dependabot dependabot Bot closed this Sep 23, 2025
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/lerna-8.2.4 branch September 23, 2025 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants