chore(deps): bump the npm_and_yarn group across 1 directory with 22 updates by dependabot[bot] · Pull Request #1 · montinode/--cli

dependabot · 2026-05-09T05:32:11Z

Bumps the npm_and_yarn group with 22 updates in the / directory:

Package	From	To
simple-git	`3.28.0`	`3.36.0`
tar	`7.5.6`	`7.5.15`
uuid	`13.0.0`	`14.0.0`
@modelcontextprotocol/sdk	`1.25.3`	`1.29.0`
undici	`7.19.0`	`7.25.0`
ajv	`8.17.1`	`8.18.0`
picomatch	`4.0.3`	`4.0.4`
systeminformation	`5.30.2`	`5.31.6`
@hono/node-server	`1.19.9`	`1.19.14`
@isaacs/brace-expansion	`5.0.0`	`5.0.1`
brace-expansion	`1.1.12`	`1.1.14`
minimatch	`3.1.2`	`3.1.5`
fast-uri	`3.0.6`	`3.1.2`
fast-xml-parser	`4.5.3`	`5.7.3`
flatted	`3.3.3`	`3.4.2`
hono	`4.11.5`	`4.12.18`
lodash	`4.17.23`	`4.18.1`
path-to-regexp	`8.2.0`	`8.4.2`
protobufjs	`7.5.3`	`7.5.6`
qs	`6.14.1`	`6.15.1`
rollup	`4.53.2`	`4.60.3`
vite	`7.2.2`	`7.3.3`

Updates simple-git from 3.28.0 to 3.36.0

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

89a2294: Extend known exploitable configuration keys and per-task environment variables.

Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

Thanks to @zebbern for identifying the need to block core.fsmonitor. Thanks to @kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

1ad57e8: Remove conflicting node:buffer import

Updated dependencies [89a2294]

Updated dependencies [675570a]

@simple-git/argv-parser@1.1.0

@simple-git/args-pathspec@1.0.3

simple-git@3.35.2

Patch Changes

0cf9d8c: Improvements for mono-repo publishing pipeline

Updated dependencies [0cf9d8c]

@simple-git/args-pathspec@1.0.2

@simple-git/argv-parser@1.0.3

simple-git@3.35.1

Patch Changes

0de400e: Update monorepo version handling during publish

Updated dependencies [0de400e]

@simple-git/argv-parser@1.0.2

simple-git@3.33.0

Minor Changes

a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

e253a0d: Enhanced git -c checks in unsafe plugin.

Thanks to @JohannesLks for identifying the issue

simple-git@3.32.3

Patch Changes

f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

89a2294: Extend known exploitable configuration keys and per-task environment variables.

Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

Thanks to @zebbern for identifying the need to block core.fsmonitor. Thanks to @kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

1ad57e8: Remove conflicting node:buffer import

Updated dependencies [89a2294]

Updated dependencies [675570a]

@simple-git/argv-parser@1.1.0

@simple-git/args-pathspec@1.0.3

3.35.2

Patch Changes

0cf9d8c: Improvements for mono-repo publishing pipeline

Updated dependencies [0cf9d8c]

@simple-git/args-pathspec@1.0.2

@simple-git/argv-parser@1.0.3

3.35.1

Patch Changes

0de400e: Update monorepo version handling during publish

Updated dependencies [0de400e]

@simple-git/argv-parser@1.0.2

3.35.0

Minor Changes

3d8708b: Updating publish config

Patch Changes

Updated dependencies [3d8708b]

@simple-git/args-pathspec@1.0.1

@simple-git/argv-parser@1.0.1

3.34.0

... (truncated)

Commits

7dc1a53 Version Packages
76f5376 Merge pull request #1061 from Vinzent03/fix/buffer-import
89a2294 Environment Parsing (#1156)
1b91b76 fix: remove explicit node:buffer import
e390685 Version Packages
3c9e4b8 Pin version of @simple-git/args-pathspec
94ee21f Export pathspec types through simple-git for backward compatibility
6d7cb51 Version Packages
0de400e Switch to semver from workspace revisions
2264722 Version Packages
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for simple-git since your current version.

Updates tar from 7.5.6 to 7.5.15

Commits

87cc309 7.5.15
7aef486 fix: regression in pending links detection
6244eb3 7.5.14
9704d8c stricter protection against hardlinks preempting their targets
700734f update workflows and deps
d6611ae 7.5.13
119c401 fix(extract): prevent raced symlink writes outside cwd
2a294d3 7.5.12
01082a4 fix: reject top promise on floating addFilesAsync rejections
dd1c36a linting
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates uuid from 13.0.0 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

expect crypto to be global everywhere (requires node@20+) (#935)

drop node@18 support (#934)

Features

drop node@18 support (#934) (dc4ddb8)

Bug Fixes

expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)

Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

crypto is now expected to be globally defined (requires node@20+) (#935)

drop node@18 support (#934)

upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

Commits

7c1ea08 chore(main): release 14.0.0 (#926)
3d2c5b0 Merge commit from fork
f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
529ef08 chore: upgrade TypeScript and fixup types (#927)
086fd79 chore: update dependencies (#933)
dc4ddb8 feat!: drop node@18 support (#934)
0f1f9c9 chore: switch to Biome for parsing and linting (#932)
e2879e6 chore: use maintained version of npm-run-all (#930)
ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
0423d49 docs: remove obsolete v1 option notes (#915)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Updates @modelcontextprotocol/sdk from 1.25.3 to 1.29.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @felixweinberger in modelcontextprotocol/typescript-sdk#1749

[v1.x] fix: disallow null (infinite) requested TTL by @LucaButBoring in modelcontextprotocol/typescript-sdk#1339

[v1.x] fix: add missing size field to ResourceSchema by @olaservo in modelcontextprotocol/typescript-sdk#1575

Add typings exports by @tdraier in modelcontextprotocol/typescript-sdk#1623

v1.x npm audit fix by @KKonstantinov in modelcontextprotocol/typescript-sdk#1780

v1.x #1623 follow up -add missing types to package.json by @KKonstantinov in modelcontextprotocol/typescript-sdk#1773

[v1.x backport] Allow servers / clients to advertise extensions in the capability object by @localden in modelcontextprotocol/typescript-sdk#1811

fix(stdio): always set windowsHide on Windows, not just in Electron by @jnMetaCode in modelcontextprotocol/typescript-sdk#1640

chore: bump version to 1.29.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

@tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623

@jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

feat: use scopes_supported from resource metadata by default (fixes #580) by @antogyn in modelcontextprotocol/typescript-sdk#757

[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @pcarleton in modelcontextprotocol/typescript-sdk#1611

fix: reject plain JSON Schema objects passed as inputSchema by @tiluckdave in modelcontextprotocol/typescript-sdk#1596

fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @pcarleton in modelcontextprotocol/typescript-sdk#1462

fix(server/auth): RFC 8252 loopback port relaxation by @poteat in modelcontextprotocol/typescript-sdk#1738

chore: bump version to 1.28.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

@antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757

@tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596

@poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

v1.27.1

What's Changed

feat: implement auth/pre-registration conformance scenario by @felixweinberger in modelcontextprotocol/typescript-sdk#1545

docs: add governance documentation for SEP-1730 by @felixweinberger in modelcontextprotocol/typescript-sdk#1547

docs: comprehensive feature documentation for SEP-1730 Tier 1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1548

fix: prevent command injection in example URL opening (v1.x backport) by @maxisbey in modelcontextprotocol/typescript-sdk#1579

fix: call onerror for silently swallowed transport errors by @qing-ant in modelcontextprotocol/typescript-sdk#1580

chore: bump version to 1.27.1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

@qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

... (truncated)

Commits

e12cbd7 chore: bump version to 1.29.0 (#1820)
3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
364f38c v1.x npm audit fix (#1780)
c95cc09 Add typings exports (#1623)
ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
a056569 chore: bump version to 1.28.0 (#1746)
Additional commits viewable in compare view

Updates undici from 7.19.0 to 7.25.0

Release notes

Sourced from undici's releases.

v7.25.0

What's Changed

Full Changelog: nodejs/undici@v7.24.8...v7.25.0

v7.24.8

What's Changed

fix: backport 401 stream-backed body fix to v7.x by @mcollina in nodejs/undici#5006

Full Changelog: nodejs/undici@v7.24.7...v7.24.8

v7.24.7

What's Changed

docs: update broken links in file "Dispatcher.md" by @samuel871211 in nodejs/undici#4924

doc: remove unused parameter redirectionLimitReached by @samuel871211 in nodejs/undici#4933

test: skip flaky macOS Node 20 cookie fetch cases by @mcollina in nodejs/undici#4932

fix(types): align Response with DOM fetch types by @theamodhshetty in nodejs/undici#4867

fix(types): Fix clone method type declaration to be an instance method rather than instance property by @mistval in nodejs/undici#4925

test: skip IPv6 tests when IPv6 is not available by @mcollina in nodejs/undici#4939

fix: correctly handle multi-value rawHeaders in fetch by @mcollina in nodejs/undici#4938

ignore AGENTS.md by @mcollina in nodejs/undici#4942

New Contributors

@samuel871211 made their first contribution in nodejs/undici#4924

@mistval made their first contribution in nodejs/undici#4925

Full Changelog: nodejs/undici@v7.24.6...v7.24.7

v7.24.6

What's Changed

fix(test): client wasm compatible with clang 22 by @rozzilla in nodejs/undici#4909

fix(mock): improve error message when intercepts are exhausted by @travisbreaks in nodejs/undici#4912

fix(websocket): support open diagnostics over h2 by @mcollina in nodejs/undici#4921

fix: assume http/https scheme for scheme-less proxy env vars by @travisbreaks in nodejs/undici#4914

fix(cache): check Authorization on request headers per RFC 9111 §3.5 by @metalix2 in nodejs/undici#4911

fix: wrap kConnector call in try/catch to prevent client hang by @veeceey in nodejs/undici#4834

docs: clarify fetch and FormData pairing by @mcollina in nodejs/undici#4922

fix: support Connection header with connection-specific header names per RFC 7230 by @mcollina in nodejs/undici#4775

fix: avoid prototype collisions in parseHeaders by @mcollina in nodejs/undici#4923

build(deps-dev): bump typescript from 5.9.3 to 6.0.2 by @dependabot[bot] in nodejs/undici#4926

test: auto-init WPT submodule by @mcollina in nodejs/undici#4930

New Contributors

@rozzilla made their first contribution in nodejs/undici#4909

@veeceey made their first contribution in nodejs/undici#4834

Full Changelog: nodejs/undici@v7.24.5...v7.24.6

... (truncated)

Commits

12d9045 Bumped v7.25.0 (#5025)
7a6f7fe Bumped v7.24.8 (#5020)
1f85ae4 fix: avoid 401 failures for stream-backed request bodies (#4941) (#5006)
c661067 chore: update v7.x maintenance release flow
84f23e2 Bumped v7.24.7 (#4947)
a770b10 ignore AGENTS.md (#4942)
6acd19b fix: correctly handle multi-value rawHeaders in fetch (#4938)
1da1c74 test: skip IPv6 tests when IPv6 is not available (#4939)
04cb773 fix(types): Fix clone method type declaration to be an instance method rather...
5145a7c fix(types): align Response with DOM fetch types (#4867)
Additional commits viewable in compare view

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

e5474fc Publish 4.0.4
4516eb5 Merge commit from fork
5eceecd Merge commit from fork
0db7dd7 Run benchmark again against latest minimatch version (#161)
9500377 docs: clarify what brace expansion syntax is and isn't supported (#134)
2661f23 fix typo in globstars.js test name (#138)
1798b07 docs: fix makeRe example (#143)
9d76bc5 chore: undocument removed options (#146)
e4d718b Remove unused time-require (#160)
38dffeb chore(deps): pin dependencies (#158)
Additional commits viewable in compare view

Updates systeminformation from 5.30.2 to 5.31.6

Release notes

Sourced from systeminformation's releases.

v5.31.6

Full Changelog: sebhildebrandt/systeminformation@v5.31.5...v5.31.6

v5.31.5

Full Changelog: sebhildebrandt/systeminformation@v5.31.4...v5.31.5

v5.31.4

Full Changelog: sebhildebrandt/systeminformation@v5.31.3...v5.31.4

v5.31.3

Full Changelog: sebhildebrandt/systeminformation@v5.31.2...v5.31.3

v5.31.2

Full Changelog: sebhildebrandt/systeminformation@v5.31.1...v5.31.2

v5.31.1

Full Changelog: sebhildebrandt/systeminformation@v5.31.0...v5.31.1

v5.31.0

Full Changelog: sebhildebrandt/systeminformation@v5.30.8...v5.31.0

v5.30.8

Full Changelog: sebhildebrandt/systeminformation@v5.30.7...v5.30.8

v5.30.7

Full Changelog: sebhildebrandt/systeminformation@v5.30.6...v5.30.7

v5.30.6

Full Changelog: sebhildebrandt/systeminformation@v5.30.5...v5.30.6

v5.30.5

Full Changelog: sebhildebrandt/systeminformation@v5.30.4...v5.30.5

v5.30.4

Full Changelog: sebhildebrandt/systeminformation@v5.30.3...v5.30.4

v5.30.3

Full Changelog: sebhildebrandt/systeminformation@v5.30.2...v5.30.3

Changelog

Sourced from systeminformation's changelog.

Changelog

Major Changes - Version 5

New Functions

audio() detailed audio information

bluetoothDevices() detailed information detected bluetooth devices

dockerImages() detailed information docker images

dockerVolumes() detailed information docker volumes

printers() detailed printer information

usb() detailed USB information

wifiInterfaces() detected Wi-Fi interfaces

wifiConnections() active Wi-Fi connections

Breaking Changes

Be aware, that the new version 5.x is NOT fully backward compatible to version 4.x ...

We had to make several interface changes to keep systeminformation as consistent as possible. We highly recommend to go through the complete list and adapt your own code to be again compatible to the new version 5.

Function Old New (V5) Comments

unsupported values -1 null values which are unknown orunsupported on platform

battery() hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining pascalCase conformity

blockDevices() fstype fsType pascalCase conformity

cpu() speedminspeedmax speedMinspeedMax pascalCase conformity

cpu().speedcpu().speedMincpu().speedMax string values now returningnumerical values better value handling

cpuCurrentspeed() cpuCurrentSpeed() function name changedpascalCase conformity

currentLoad() avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad pascalCase conformity

dockerContainerStats() mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats pascalCase conformity

dockerContainerProcesses() pid_host pidHost pascalCase conformity

graphics().display pixeldepthresolutionxresolutionysizexsizey pixelDepthresolutionXresolutionYsizeXsizeY pascalCase conformity

networkConnections() localaddresslocalportpeeraddresspeerport localAddresslocalPortpeerAddresspeerPort pascalCase conformity

networkInterfaces() carrier_changes carrierChanges pascalCase conformity

processes() mem_vszmem_rsspcpupcpuupcpuspmem memVszmemRsscpucpuucpusmem pascalCase conformityrenamed attributes

processLoad() result as object result as array of objects function now allows to provide more thanone process (as a comma separated list)

services() pcpupmem cpumem renamed attributes

vbox() HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC hpetpaeapicx2ApicacpiioApicbiosApicModertc pascalCase conformity

Other Improvements and Changes

baseboard(): added memMax, memSlots

bios(): added language and features (linux)

blockDevices() added raid group member (linux)

cpu(): extended AMD processor list

... (truncated)

Commits

da1cbf5 5.31.6
87dbb60 fix: smaller issues
1d1bddf fix: smaller issues
f69576f fix: networkInterfaces() ci wip
78624d1 fix: networkInterfaces() ci
ed1cac5 5.31.5
4dd5aa9 netStats() netstat command adaption (mac OS)
59360e6 5.31.4
3ef3f3b diskLayout() USB tahoe compatibility (mac OS)
8edd130 5.31.3
Additional commits viewable in compare view

Updates @hono/node-server from 1.19.9 to 1.19.14

Release notes

Sourced from @hono/node-server's releases.

v1.19.14

What's Changed

fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @usualoma in honojs/node-server#340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

v1.19.12

What's Changed

chore: ignore claude setting by @yusukebe in honojs/node-server#314

fix: request draining for early 413 responses by @usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

v1.19.11

What's Changed

fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

b5e63a3 1.19.14
c02d777 fix: add custom inspect to lightweight Request/Response to prevent TypeError ...
fd64e65 1.19.13
025c30f Merge commit from fork
6cdb5a7 1.19.12
70250f7 fix: request draining for early 413 responses (#329)
cfc08b3 chore: ignore claude setting (#314)
ecd4d6b 1.19.11
c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
2f8ca36 1.19.10
Additional commits viewable in compare view

Updates @isaacs/brace-expansion from 5.0.0 to 5.0.1

Updates brace-expansion from 1.1.12 to 1.1.14

Commits

10c05fc 1.1.14
1afa1b2 Add opt-in { max } mitigation to v1 legacy line (#103)
2fbb6a2 Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)
0d7652e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)
6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view<...
Description has been truncated

…pdates Bumps the npm_and_yarn group with 22 updates in the / directory: | Package | From | To | | --- | --- | --- | | [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` | | [tar](https://github.com/isaacs/node-tar) | `7.5.6` | `7.5.15` | | [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.3` | `1.29.0` | | [undici](https://github.com/nodejs/undici) | `7.19.0` | `7.25.0` | | [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` | | [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` | | [systeminformation](https://github.com/sebhildebrandt/systeminformation) | `5.30.2` | `5.31.6` | | [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` | | @isaacs/brace-expansion | `5.0.0` | `5.0.1` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.7.3` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [hono](https://github.com/honojs/hono) | `4.11.5` | `4.12.18` | | [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.6` | | [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.15.1` | | [rollup](https://github.com/rollup/rollup) | `4.53.2` | `4.60.3` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.3` | Updates `simple-git` from 3.28.0 to 3.36.0 - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git) Updates `tar` from 7.5.6 to 7.5.15 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.6...v7.5.15) Updates `uuid` from 13.0.0 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v13.0.0...v14.0.0) Updates `@modelcontextprotocol/sdk` from 1.25.3 to 1.29.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.25.3...v1.29.0) Updates `undici` from 7.19.0 to 7.25.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.19.0...v7.25.0) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) Updates `systeminformation` from 5.30.2 to 5.31.6 - [Release notes](https://github.com/sebhildebrandt/systeminformation/releases) - [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md) - [Commits](sebhildebrandt/systeminformation@v5.30.2...v5.31.6) Updates `@hono/node-server` from 1.19.9 to 1.19.14 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.14) Updates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1 Updates `brace-expansion` from 1.1.12 to 1.1.14 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.14) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `fast-uri` from 3.0.6 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.0.6...v3.1.2) Updates `fast-xml-parser` from 4.5.3 to 5.7.3 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.5.3...v5.7.3) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `hono` from 4.11.5 to 4.12.18 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.5...v4.12.18) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) Updates `path-to-regexp` from 8.2.0 to 8.4.2 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.2.0...v8.4.2) Updates `protobufjs` from 7.5.3 to 7.5.6 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.3...protobufjs-v7.5.6) Updates `qs` from 6.14.1 to 6.15.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.1) Updates `rollup` from 4.53.2 to 4.60.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.2...v4.60.3) Updates `vite` from 7.2.2 to 7.3.3 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.3/packages/vite) --- updated-dependencies: - dependency-name: simple-git dependency-version: 3.36.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.15 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.29.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.25.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: systeminformation dependency-version: 5.31.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@isaacs/brace-expansion" dependency-version: 5.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 5.7.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.18 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 8.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 7.5.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.60.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.3.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 9, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 22 updates#1

chore(deps): bump the npm_and_yarn group across 1 directory with 22 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-58bf2d444d

dependabot Bot commented on behalf of github May 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Function	Old	New (V5)	Comments
unsupported values	-1	null	values which are unknown orunsupported on platform
`battery()`	hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining	hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining	pascalCase conformity
`blockDevices()`	fstype	fsType	pascalCase conformity
`cpu()`	speedminspeedmax	speedMinspeedMax	pascalCase conformity
`cpu().speedcpu().speedMincpu().speedMax`	string values	now returningnumerical values	better value handling
`cpuCurrentspeed()`		cpuCurrentSpeed()	function name changedpascalCase conformity
`currentLoad()`	avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload	avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad	pascalCase conformity
`dockerContainerStats()`	mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats	memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats	pascalCase conformity
`dockerContainerProcesses()`	pid_host	pidHost	pascalCase conformity
`graphics().display`	pixeldepthresolutionxresolutionysizexsizey	pixelDepthresolutionXresolutionYsizeXsizeY	pascalCase conformity
`networkConnections()`	localaddresslocalportpeeraddresspeerport	localAddresslocalPortpeerAddresspeerPort	pascalCase conformity
`networkInterfaces()`	carrier_changes	carrierChanges	pascalCase conformity
`processes()`	mem_vszmem_rsspcpupcpuupcpuspmem	memVszmemRsscpucpuucpusmem	pascalCase conformityrenamed attributes
`processLoad()`	result as object	result as array of objects	function now allows to provide more thanone process (as a comma separated list)
`services()`	pcpupmem	cpumem	renamed attributes
`vbox()`	HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC	hpetpaeapicx2ApicacpiioApicbiosApicModertc	pascalCase conformity

Conversation

dependabot Bot commented on behalf of github May 9, 2026

simple-git@3.36.0

Minor Changes

Patch Changes

simple-git@3.35.2

Patch Changes

simple-git@3.35.1

Patch Changes

simple-git@3.33.0

Minor Changes

Patch Changes

simple-git@3.32.3

Patch Changes

3.36.0

Minor Changes

Patch Changes

3.35.2

Patch Changes

3.35.1

Patch Changes

3.35.0

Minor Changes

Patch Changes

3.34.0

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

Features

Bug Fixes

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

14.0.0 (2026-04-19)

Security

⚠ BREAKING CHANGES

v1.29.0

What's Changed

New Contributors

v1.28.0

What's Changed

New Contributors

v1.27.1

What's Changed

New Contributors

v1.27.0

What's Changed

v7.25.0

What's Changed

v7.24.8

What's Changed

v7.24.7

What's Changed

New Contributors

v7.24.6

What's Changed

New Contributors

v8.18.0

What's Changed

New Contributors

4.0.4

What's Changed

v5.31.6

v5.31.5

v5.31.4

v5.31.3

v5.31.2

v5.31.1

v5.31.0

v5.30.8

v5.30.7

v5.30.6

v5.30.5

v5.30.4

v5.30.3

Changelog

Major Changes - Version 5