Skip to content

chore: bump the npm-patch-minor group with 3 updates#10

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm-patch-minor-5a7bb4e289
Open

chore: bump the npm-patch-minor group with 3 updates#10
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm-patch-minor-5a7bb4e289

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 17, 2026
edited
Loading

Bumps the npm-patch-minor group with 3 updates: minimist, underscore and xml2js.

Updates minimist from 1.2.6 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits
  • 6901ee2 v1.2.8
  • a026794 Merge tag 'v0.2.3'
  • c0b2661 v0.2.3
  • 63b8fee [Fix] Fix long option followed by single dash (#17)
  • 72239e6 [Tests] Remove duplicate test (#12)
  • 34b0f1c [eslint] fix indentation
  • 3226afa [Dev Deps] add missing npmignore dev dep
  • 098873c [Dev Deps] update @ljharb/eslint-config, aud
  • 9ec4d27 [Fix] Fix long option followed by single dash
  • ba92fe6 [actions] Avoid 0.6 tests due to build failures
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.


Updates underscore from 1.12.1 to 1.13.8

Commits
  • 9374840 Merge branch 'release/1.13.8'
  • 309ad7e Re-generate annotated sources and minified codemaps
  • a1ac1d3 Add links to diff and docs in 1.13.8 change log entry
  • b579595 Mention CVE-2026-27601 in comments and documentation (#3011)
  • 45ea015 Revert obfuscations from 42823bb.
  • 4a4019e Update minified bundles
  • 1ccfdd0 Add preliminary release notes for 1.13.8
  • 42823bb Temporarily obfuscate comments
  • a6e23ae Make _.isEqual nonrecursive
  • f2b5164 Add regression test against stack overflow in _.isEqual
  • Additional commits viewable in compare view

Updates xml2js from 0.5.0 to 0.6.2

Commits
  • cf3e061 New release, 0.6.2
  • cb2f77e Fix read-only constraint via mistyped key name
  • 8e9a120 Update version number for release 0.6.1
  • 30f9d61 Replace filtering of names with defineProperty
  • ba46e54 Update package lock
  • 0e29f0e Release new version
  • a25035c Remove old unused files
  • 1de4688 Merge pull request #680 from Leonidas-from-XIV/zap-dependency-fix
  • 3b97ae5 Merge pull request #681 from Leonidas-from-XIV/cve-compat-fix
  • 167a385 Fix zap to be the original dependency
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 17, 2026
@dependabot
chore: bump the npm-patch-minor group with 3 updates
a076d54 
Bumps the npm-patch-minor group with 3 updates: [minimist](https://github.com/minimistjs/minimist), [underscore](https://github.com/jashkenas/underscore) and [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js).


Updates `minimist` from 1.2.6 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.6...v1.2.8)

Updates `underscore` from 1.12.1 to 1.13.8
- [Commits](jashkenas/underscore@1.12.1...1.13.8)

Updates `xml2js` from 0.5.0 to 0.6.2
- [Commits](Leonidas-from-XIV/node-xml2js@0.5.0...0.6.2)

---
updated-dependencies:
- dependency-name: minimist
  dependency-version: 1.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-patch-minor
- dependency-name: underscore
  dependency-version: 1.13.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-patch-minor
- dependency-name: xml2js
  dependency-version: 0.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-patch-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-patch-minor-5a7bb4e289 branch from 8de6894 to a076d54 Compare March 24, 2026 05:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants