Skip to content

npm (master)(deps): bump the production-dependencies group across 1 directory with 2 updates#25

Merged
mimmi20 merged 1 commit into
masterfrom
dependabot/npm_and_yarn/production-dependencies-8facc17e02
Apr 15, 2026
Merged

npm (master)(deps): bump the production-dependencies group across 1 directory with 2 updates#25
mimmi20 merged 1 commit into
masterfrom
dependabot/npm_and_yarn/production-dependencies-8facc17e02

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026

Copy link
Copy Markdown

Updates the requirements on rimraf and tempfile to permit the latest version.
Updates rimraf to 6.1.3

Changelog

Sourced from rimraf's changelog.

6.1

  • Move to native fs/promises usage instead of promisifying manually.

6.0

  • Drop support for nodes before v20
  • Add --version to CLI

5.0

  • No default export, only named exports

4.4

  • Provide Dirent or Stats object as second argument to filter

4.3

  • Return boolean indicating whether the path was fully removed
  • Add filter option
  • bin: add --verbose, -v to print files as they are deleted
  • bin: add --no-verbose, -V to not print files as they are deleted
  • bin: add -i --interactive to be prompted on each deletion
  • bin: add -I --no-interactive to not be prompted on each deletion
  • 4.3.1 Fixed inappropriately following symbolic links to directories

v4.2

  • Brought back glob support, using the new and improved glob v9

v4.1

  • Improved hybrid module with no need to look at the .default dangly bit. .default preserved as a reference to rimraf for compatibility with anyone who came to rely on it in v4.0.
  • Accept and ignore -rf and -fr arguments to the bin.

v4.0

  • Remove glob dependency entirely. This library now only accepts actual file and folder names to delete.
  • Accept array of paths or single path.
  • Windows performance and reliability improved.
  • All strategies separated into explicitly exported methods.
  • Drop support for Node.js below version 14
  • rewrite in TypeScript

... (truncated)

Commits

Updates tempfile from 5.0.0 to 6.0.1

Release notes

Sourced from tempfile's releases.

v6.0.1

  • Stricter option validation 07abd94

sindresorhus/tempfile@v6.0.0...v6.0.1

v6.0.0

Breaking

  • Require Node.js 20 135f7ef

sindresorhus/tempfile@v5.0.0...v6.0.0

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 15, 2026
@github-actions

github-actions Bot commented Apr 15, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 8c5f9fa.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

package.json

PackageVersionLicenseIssue Type
rimraf^6.1.3NullUnknown License
tempfile^6.0.1NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
npm/rimraf ^6.1.3 UnknownUnknown
npm/tempfile ^6.0.1 UnknownUnknown

Scanned Files

  • package.json

@socket-security

socket-security Bot commented Apr 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedtempfile@​5.0.0 ⏵ 6.0.11001007981100

View full report

…ates

Updates the requirements on [rimraf](https://github.com/isaacs/rimraf) and [tempfile](https://github.com/sindresorhus/tempfile) to permit the latest version.

Updates `rimraf` to 6.1.3
- [Changelog](https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md)
- [Commits](isaacs/rimraf@v6.1.2...v6.1.3)

Updates `tempfile` from 5.0.0 to 6.0.1
- [Release notes](https://github.com/sindresorhus/tempfile/releases)
- [Commits](sindresorhus/tempfile@v5.0.0...v6.0.1)

---
updated-dependencies:
- dependency-name: rimraf
  dependency-version: 6.1.3
  dependency-type: direct:production
  dependency-group: production-dependencies
- dependency-name: tempfile
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title npm (master)(deps): bump the production-dependencies group with 2 updates npm (master)(deps): bump the production-dependencies group across 1 directory with 2 updates Apr 15, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-8facc17e02 branch from 59ca0e5 to 8c5f9fa Compare April 15, 2026 05:13
@mimmi20 mimmi20 merged commit 0c4ca90 into master Apr 15, 2026
91 checks passed
@mimmi20 mimmi20 deleted the dependabot/npm_and_yarn/production-dependencies-8facc17e02 branch April 15, 2026 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant