Skip to content

feat: bump degit from 2.8.4 to 3.6.0#137

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/degit-3.6.0
Open

feat: bump degit from 2.8.4 to 3.6.0#137
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/degit-3.6.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown

Bumps degit from 2.8.4 to 3.6.0.

Changelog

Sourced from degit's changelog.

3.6.0

  • Add gitlab://host/user/repo syntax for cloning from self-hosted GitLab instances (thanks to @​dnldsht for the original PR #361).

3.5.1

  • Fix GitLab archive URL format and centralize provider templates (thanks to @​satotake for the original PR #335).

3.5.0

  • Add a search_replace action for degit.json (thanks to @​Tythos for the original PR #365).

3.4.7

  • Gate clone error details behind --verbose.

3.4.6

  • Block remove path traversal outside the destination.

3.4.5

  • Stream git ls-remote for SSH ref discovery.

3.4.4

  • Remove the sander dependency in favor of native Node fs helpers.

3.4.3

  • Swap terminal colors to yoctocolors.

3.4.2

  • Fix git-lfs pointer files falling through the tarball path.

3.4.1

  • Fix first-clone hangs during archive downloads.

3.4.0

  • Tarball downloads are now the default, with SSH fallback on failure.
  • Public remotes now prefer HTTPS; explicit SSH sources still use SSH.
  • The JavaScript git backend is bundled for HTTPS ref discovery; SSH/private repos still need system git.
  • The published package no longer includes sourcemaps, so the tarball is smaller.

3.3.2

  • Retry corrupt tarball downloads (issue #313).

... (truncated)

Commits
  • a900176 feat: support self-hosted GitLab via gitlab://host/user/repo syntax (#456)
  • 8f3d2f3 fix: update GitLab archive URL and centralize provider templates (#455)
  • 8387b12 chore(test): enforce test guidelines (#454)
  • 5190934 feat: add search_replace directive (#453)
  • c4753ac refactor: remove fs-extra dependency (#452)
  • 5ac7cdc refactor(src): rename src modules into layered layout (#450)
  • c7b235a chore(lint): enable pedantic warnings and refactor hotspots (#449)
  • d33c071 chore: clean up oxlint suspicious warnings (#447)
  • ed7ddd2 chore: update version to 3.4.7 and add changelog entry for verbose clone erro...
  • 46f98be feat: gate clone error details behind verbose (#446)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for degit since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [degit](https://github.com/Rich-Harris/degit) from 2.8.4 to 3.6.0.
- [Changelog](https://github.com/Rich-Harris/degit/blob/master/docs/CHANGELOG.md)
- [Commits](Rich-Harris/degit@v2.8.4...v3.6.0)

---
updated-dependencies:
- dependency-name: degit
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 14, 2026
@codecov

codecov Bot commented Jul 14, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.29%. Comparing base (35c3388) to head (b65c64f).

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #137   +/-   ##
=======================================
  Coverage   79.29%   79.29%           
=======================================
  Files          45       45           
  Lines        3704     3704           
  Branches     1118     1059   -59     
=======================================
  Hits         2937     2937           
  Misses        758      758           
  Partials        9        9           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants