Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 8 updates #174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the npm_and_yarn group across 1 directory with 8 updates #174

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 14, 2025
edited by github-management-service
Loading

Resolves intercom/intercom#448833.

Bumps the npm_and_yarn group with 1 update in the / directory: semantic-release.

Updates semantic-release from 17.4.7 to 19.0.3

Commits
  • 58a226f fix(log-repo): use the original form of the repo url to remove the need to ma...
  • 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
  • ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
  • ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
  • fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
  • b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
  • 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
  • 2b94bb4 docs: update broken link to CI config recipes (#2378)
  • b4bc191 docs: Correct circleci workflow (#2365)
  • 2c30e26 Merge pull request #2333 from semantic-release/next
  • Additional commits viewable in compare view

Updates @octokit/plugin-paginate-rest from 2.11.0 to 6.1.2

Release notes

Sourced from @​octokit/plugin-paginate-rest's releases.

v6.1.2

6.1.2 (2023-05-19)

Bug Fixes

  • build: replace Pika with esbuild and tsc (#527) (3ba0db6)

v6.1.1

6.1.1 (2023-05-19)

Bug Fixes

v6.1.0

6.1.0 (2023-05-12)

Features

v6.0.0

6.0.0 (2023-01-20)

Features

BREAKING CHANGES

  • remove defunct endpoints

v5.0.1

5.0.1 (2022-10-13)

Bug Fixes

  • release: use org secret for npm token to fix publishing to npm (d2ab1b5)

v5.0.0

5.0.0 (2022-10-13)

Bug Fixes

... (truncated)

Commits

Updates @octokit/request-error from 2.0.5 to 3.0.3

Release notes

Sourced from @​octokit/request-error's releases.

v3.0.3

3.0.3 (2023-01-20)

Bug Fixes

  • deps: update dependency @​octokit/types to v9 (#307) (82c78fc)

v3.0.2

3.0.2 (2022-10-13)

Bug Fixes

  • deps: update dependency @​octokit/types to v8 (4cabbec)

v3.0.1

3.0.1 (2022-08-15)

Bug Fixes

  • deps: update dependency @​octokit/types to v7 (#254) (5abe81a)

v3.0.0

3.0.0 (2022-07-08)

Continuous Integration

  • stop testing against NodeJS v10, v12 (#236) (0a86afe)

BREAKING CHANGES

  • Drop support for NodeJS v10, v12

v2.1.0

2.1.0 (2021-06-11)

Features

  • error.response. Deprecates error.headers (#194) (487082b)

v2.0.6

2.0.6 (2021-06-11)

Bug Fixes

... (truncated)

Commits

Updates @octokit/request from 5.4.14 to 6.2.8

Release notes

Sourced from @​octokit/request's releases.

v6.2.8

6.2.8 (2023-06-16)

Reverts

  • Revert "fix(deps): update dependency @​octokit/request-error to v4 (#593)" (9c9c6d7), closes #593

v6.2.7

6.2.7 (2023-06-16)

Bug Fixes

  • deps: update dependency @​octokit/request-error to v4 (#593) (62f51d6)

v6.2.6

6.2.6 (2023-06-13)

Bug Fixes

  • deps: update dependency @octokit/tsconfig to v2, explicitly mark type imports (#588) (71d7488)

v6.2.5

6.2.5 (2023-05-18)

Bug Fixes

  • build: replace pika with esbuild and tsc (#584) (947d7a5)

v6.2.4

6.2.4 (2023-05-16)

Bug Fixes

  • addsduplex option when sending a body (3df1556), closes #570

v6.2.3

6.2.3 (2023-01-21)

Bug Fixes

  • deps: update dependency @​octokit/types to v9 (9247e87)

v6.2.2

6.2.2 (2022-10-13)

... (truncated)

Commits
  • 9c9c6d7 Revert "fix(deps): update dependency @​octokit/request-error to v4 (#593)"
  • 62f51d6 fix(deps): update dependency @​octokit/request-error to v4 (#593)
  • cbd121f docs: replace references to Skypack CDN with esm.sh (#595)
  • 71d7488 fix(deps): update dependency @octokit/tsconfig to v2, explicitly mark type ...
  • ab33ea2 chore(deps): update dependency esbuild to ^0.18.0 (#590)
  • 947d7a5 fix(build): replace pika with esbuild and tsc (#584)
  • 3df1556 fix: addsduplex option when sending a body
  • 792a68f chore(deps): update dependency prettier to v2.8.8
  • 2970f68 ci(action): update actions/add-to-project action to v0.5.0 (#578)
  • cdf3701 [fix] addsduplex option when sending a body
  • Additional commits viewable in compare view

Updates http-cache-semantics from 3.8.1 to 4.2.0

Commits

Updates marked from 2.0.1 to 4.3.0

Release notes

Sourced from marked's releases.

v4.3.0

4.3.0 (2023-03-22)

Bug Fixes

Features

v4.2.12

4.2.12 (2023-01-14)

Sorry for all of the quick releases. We were testing out different ways to build the files for releases. v4.2.5 - v4.2.12 have no changes to how marked works. The only addition is the version number in the comment in the build files.

Bug Fixes

  • revert to build script in ci (d2ab474)

v4.2.11

4.2.11 (2023-01-14)

Bug Fixes

v4.2.10

4.2.10 (2023-01-14)

Bug Fixes

v4.2.9

4.2.9 (2023-01-14)

Bug Fixes

... (truncated)

Commits
  • d65cf63 chore(release): 4.3.0 [skip ci]
  • 28f4342 🗜️ build v4.3.0 [skip ci]
  • 9b452bc feat: add preprocess and postprocess hooks (#2730)
  • 042dcc5 fix: always return promise if async (#2728)
  • 3acbb7f fix: fenced code doesn't need a trailing newline (#2756)
  • d1f1319 chore(deps-dev): Bump rollup from 3.19.1 to 3.20.0 (#2760)
  • 0ced8a5 chore(deps-dev): Bump jasmine from 4.5.0 to 4.6.0 (#2758)
  • a5bbe19 chore(deps-dev): Bump @​babel/core from 7.21.0 to 7.21.3 (#2761)
  • 00f6e2a chore(deps-dev): Bump semantic-release from 20.1.1 to 20.1.3 (#2759)
  • 8c7bca8 chore(deps-dev): Bump node-fetch from 3.3.0 to 3.3.1 (#2754)
  • Additional commits viewable in compare view

Updates tar from 4.4.19 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

Documentation

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

  • Add support for brotli compression
  • Add maxDepth option to prevent extraction into excessively deep folders.

... (truncated)

Commits

Updates yargs-parser from 7.0.0 to 18.1.3

Release notes

Sourced from yargs-parser's releases.

yargs-parser yargs-parser-v15.0.3

Bug Fixes

  • build: should use releases_created when using manifest (49ea4ef)

yargs-parser yargs-parser-v15.0.2

Bug Fixes

  • perf: address slow parse when using unknown-options-as-args (#400) (bc387ec)
Changelog

Sourced from yargs-parser's changelog.

18.1.3 (2020-04-16)

Bug Fixes

  • setArg: options using camel-case and dot-notation populated twice (#268) (f7e15b9)

18.1.2 (2020-03-26)

Bug Fixes

  • array, nargs: support -o=--value and --option=--value format (#262) (41d3f81)

18.1.1 (2020-03-16)

Bug Fixes

  • __proto__ will now be replaced with ___proto___ in parse (#258), patching a potential prototype pollution vulnerability. This was reported by the Snyk Security Research Team.(63810ca)

18.1.0 (2020-03-07)

Features

  • introduce single-digit boolean aliases (#255) (9c60265)

18.0.0 (2020-03-02)

⚠ BREAKING CHANGES

  • the narg count is now enforced when parsing arrays.

Features

  • NaN can now be provided as a value for nargs, indicating "at least" one value is expected for array (#251) (9db4be8)

17.1.0 (2020-03-01)

Features

  • introduce greedy-arrays config, for specifying whether arrays consume multiple positionals (#249) (60e880a)

17.0.1 (2020-02-29)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 8 up…
70ee8a4 
…dates

Bumps the npm_and_yarn group with 1 update in the / directory: [semantic-release](https://github.com/semantic-release/semantic-release).


Updates `semantic-release` from 17.4.7 to 19.0.3
- [Release notes](https://github.com/semantic-release/semantic-release/releases)
- [Commits](semantic-release/semantic-release@v17.4.7...v19.0.3)

Updates `@octokit/plugin-paginate-rest` from 2.11.0 to 6.1.2
- [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases)
- [Commits](octokit/plugin-paginate-rest.js@v2.11.0...v6.1.2)

Updates `@octokit/request-error` from 2.0.5 to 3.0.3
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](octokit/request-error.js@v2.0.5...v3.0.3)

Updates `@octokit/request` from 5.4.14 to 6.2.8
- [Release notes](https://github.com/octokit/request.js/releases)
- [Commits](octokit/request.js@v5.4.14...v6.2.8)

Updates `http-cache-semantics` from 3.8.1 to 4.2.0
- [Commits](https://github.com/kornelski/http-cache-semantics/commits)

Updates `marked` from 2.0.1 to 4.3.0
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json)
- [Commits](markedjs/marked@v2.0.1...v4.3.0)

Updates `tar` from 4.4.19 to 6.2.1
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.19...v6.2.1)

Updates `yargs-parser` from 7.0.0 to 18.1.3
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)
- [Commits](yargs/yargs-parser@v7.0.0...v18.1.3)

---
updated-dependencies:
- dependency-name: semantic-release
  dependency-version: 19.0.3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/plugin-paginate-rest"
  dependency-version: 6.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request-error"
  dependency-version: 3.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request"
  dependency-version: 6.2.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-cache-semantics
  dependency-version: 4.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: marked
  dependency-version: 4.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 6.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yargs-parser
  dependency-version: 18.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 14, 2025
@github-management-service github-management-service requested a review from a team November 14, 2025 15:41
@socket-security
Copy link

socket-security bot commented Nov 14, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedsemantic-release@​17.4.7 ⏵ 19.0.398 +1100 +810099 +1100

View full report

@socket-security
Copy link

socket-security bot commented Nov 14, 2025

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm npm under CC-BY-3.0

License: CC-BY-3.0 (package/node_modules/spdx-exceptions/package.json)

License: CC-BY-SA-4.0 (package/node_modules/node-gyp/node_modules/glob/LICENSE)

License: CC-BY-SA-4.0 (package/node_modules/rimraf/node_modules/glob/LICENSE)

From: ?npm/semantic-release@19.0.3npm/npm@8.19.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/npm@8.19.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm npm is 94.0% likely obfuscated

Confidence: 0.94

Location: Package overview

From: ?npm/semantic-release@19.0.3npm/npm@8.19.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/npm@8.19.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

alert-severity-MODERATE dependabot-failed-tests dependabot-no-alert dependabot-semver-unknown dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@github-management-service