Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 19 updates#17

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-304c0ed03b
Open

chore(deps): bump the npm_and_yarn group across 2 directories with 19 updates#17
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-304c0ed03b

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package From To
simple-git 3.28.0 3.36.0
glob 10.4.5 10.5.0
glob 11.0.3 11.1.0
tar 7.5.1 7.5.13
@modelcontextprotocol/sdk 1.15.1 1.29.0
diff 7.0.0 9.0.0
undici 7.15.0 7.25.0
ajv 8.17.1 8.18.0
picomatch 4.0.3 4.0.4
js-yaml 3.14.1 3.14.2
brace-expansion 1.1.12 1.1.14
minimatch 3.1.2 3.1.5
fast-xml-parser 4.5.3 5.7.1
flatted 3.3.3 3.4.2
jws 4.0.0 4.0.1
jws 3.2.2 3.2.3
lodash 4.17.21 4.18.1
path-to-regexp 8.2.0 8.4.2
protobufjs 7.5.3 7.5.5
rollup 4.44.0 4.60.2
vite 7.1.9 7.3.2

Bumps the npm_and_yarn group with 1 update in the /packages/core directory: diff.

Updates simple-git from 3.28.0 to 3.36.0

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3

simple-git@3.35.2

Patch Changes

  • 0cf9d8c: Improvements for mono-repo publishing pipeline
  • Updated dependencies [0cf9d8c]
    • @​simple-git/args-pathspec@​1.0.2
    • @​simple-git/argv-parser@​1.0.3

simple-git@3.35.1

Patch Changes

  • 0de400e: Update monorepo version handling during publish
  • Updated dependencies [0de400e]
    • @​simple-git/argv-parser@​1.0.2

simple-git@3.33.0

Minor Changes

  • a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.

Patch Changes

  • e253a0d: Enhanced git -c checks in unsafe plugin.

    Thanks to @​JohannesLks for identifying the issue

simple-git@3.32.3

Patch Changes

  • f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3

3.35.2

Patch Changes

  • 0cf9d8c: Improvements for mono-repo publishing pipeline
  • Updated dependencies [0cf9d8c]
    • @​simple-git/args-pathspec@​1.0.2
    • @​simple-git/argv-parser@​1.0.3

3.35.1

Patch Changes

  • 0de400e: Update monorepo version handling during publish
  • Updated dependencies [0de400e]
    • @​simple-git/argv-parser@​1.0.2

3.35.0

Minor Changes

  • 3d8708b: Updating publish config

Patch Changes

  • Updated dependencies [3d8708b]
    • @​simple-git/args-pathspec@​1.0.1
    • @​simple-git/argv-parser@​1.0.1

3.34.0

... (truncated)

Commits
  • 7dc1a53 Version Packages
  • 76f5376 Merge pull request #1061 from Vinzent03/fix/buffer-import
  • 89a2294 Environment Parsing (#1156)
  • 1b91b76 fix: remove explicit node:buffer import
  • e390685 Version Packages
  • 3c9e4b8 Pin version of @​simple-git/args-pathspec
  • 94ee21f Export pathspec types through simple-git for backward compatibility
  • 6d7cb51 Version Packages
  • 0de400e Switch to semver from workspace revisions
  • 2264722 Version Packages
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for simple-git since your current version.


Updates glob from 10.4.5 to 10.5.0

Commits

Updates glob from 11.0.3 to 11.1.0

Commits

Updates tar from 7.5.1 to 7.5.13

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates @modelcontextprotocol/sdk from 1.15.1 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

v1.27.1

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @​modelcontextprotocol/sdk since your current version.


Updates diff from 7.0.0 to 9.0.0

Changelog

Sourced from diff's changelog.

9.0.0

(All changes part of PR #672.)

  • ES5 support is dropped. parsePatch now uses TextDecoder and Uint8Array, which are not available in ES5, and TypeScript is now compiled with the "es6" target. From now on, I intend to freely use any features that are deemed "Widely available" by Baseline. Users who need ES5 support should stick to version 8.

  • C-style quoted strings in filename headers are now properly supported.

    When the name of either the old or new file in a patch contains "special characters", both GNU diff and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; parsePatch would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. formatPatch, meanwhile, did not quote or escape special characters at all.

    Now, parsePatch parses all the possible escape sequences that GNU diff (or Git) ever output, and formatPatch quotes and escapes filenames containing special characters in the same way GNU diff does.

  • formatPatch now omits file headers when oldFileName or newFileName in the provided patch object are undefined, regardless of the headerOptions parameter. (Previously, it would treat the absence of oldFileName or newFileName as indicating the filename was the word "undefined" and emit headers --- undefined / +++ undefined.)

  • formatPatch no longer outputs trailing tab characters at the end of ---/+++ headers.

    Previously, if formatPatch was passed a patch object to serialize that had empty strings for the oldHeader or newHeader property, it would include a trailing tab character after the filename in the --- and/or +++ file header. Now, this scenario is treated the same as when oldHeader/newHeader is undefined - i.e. the trailing tab is omitted.

  • formatPatch no longer mutates its input when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously formatPatch would provide the correct output but also mutate the oldLines or newLines property on the hunk, changing the meaning of the underlying patch.

  • Git-style patches are now supported by parsePatch, formatPatch, and reversePatch.

    Patches output by git diff can include some features that are unlike those output by GNU diff, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the content of two files, but Git diffs can also indicate, via "extended headers", the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated ---/+++ file headers nor any hunks.

    jsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now parsePatch parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no --- or +++ file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by parsePatch. See isGit and subsequent properties in the docs in the README.md file.

    formatPatch now outputs extended headers based on these new Git-specific properties, and reversePatch respects them as far as possible (with one unavoidable caveat noted in the README.md file).

  • Unpaired file headers now cause parsePatch to throw.

    It remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a @@ hunk header on the very first line), but a patch with only a --- header or only a +++ header is now considered an error.

  • parsePatch is now more tolerant of "trailing garbage"

    That is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of "garbage" (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a +, -, or and thus is interpretable as part of a hunk still triggers a throw).

    This means we no longer reject patches output by tools that include extra data in "garbage" lines not understood by generic unified diff parsers. (For example, SVN patches can include "Property changes on:" lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)

    This change brings jsdiff's behaviour more in line with GNU patch, which is highly permissive of "garbage".

  • The oldFileName and newFileName fields of StructuredPatch are now typed as string | undefined instead of string. This type change reflects the (pre-existing) reality that parsePatch can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).

8.0.4

  • #667 - fix another bug in diffWords when used with an Intl.Segmenter. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), diffWords would previously crash. Now this case is handled correctly.

8.0.3

  • #631 - fix support for using an Intl.Segmenter with diffWords. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).
  • #635 - small tweaks to tokenization behaviour of diffWords when used without an Intl.Segmenter. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (× and ÷) are now treated as punctuation instead of as letters / word characters.

... (truncated)

Commits

Updates undici from 7.15.0 to 7.25.0

Release notes

Sourced from undici's releases.

v7.25.0

What's Changed

Full Changelog: nodejs/undici@v7.24.8...v7.25.0

v7.24.8

What's Changed

Full Changelog: nodejs/undici@v7.24.7...v7.24.8

v7.24.7

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.24.6...v7.24.7

v7.24.6

What's Changed

New Contributors

Full Changelog: nodejs/undici@v7.24.5...v7.24.6

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for undici since your current version.


Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

New Contributors

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits
  • 142ce84 8.18.0
  • 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
  • 82735a1 fix: typos in schema-language.md (#2507)
  • b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
  • 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
  • f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
  • See full diff in compare view

Updates picomatch from 4.0.3 to 4.0.4

Release notes

Sourced from picomatch's releases.

4.0.4

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@4.0.3...4.0.4

Commits

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

  • Types are now exported as yaml.types.XXX.
  • Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

  • Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

  • Check migration guide to see details for all breaking changes.
  • Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
  • Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
  • yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
  • yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
  • !!binary now always mapped to Uint8Array on load.
  • Reduced nesting of /lib folder.
  • Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
  • dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
  • Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
  • Code snippet created in exceptions now contains multiple lines with line numbers.
  • dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
  • dump() with skipInvalid=true now serializes invalid items in collections as null.
  • Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
  • Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

  • Added .mjs (es modules) support.
  • Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
  • Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

Updates brace-expansion from 1.1.12 to 1.1.14

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates fast-xml-parser from 4.5.3 to 5.7.1

Release notes

Sourced from fast-xml-parser's releases.

upgrade @​nodable/entities and FXB

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to use entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is not required to be set to set xml version for NCR entity value
  • update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

  • No API change
  • No change in performance for basic usage
  • No typing change
  • No config change
  • new dependency
  • breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

  • increase default entity explansion limit as many projects demand for that
maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,
  • performance improvement
    • reduce calls to toString
    • early return when entities are not present
    • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call

fix bugs of entity parsing and value parsing

fix: entity expansion limits update strnum package to 2.2.0

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.1 / 2026-04-20

  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.0 / 2026-04-17

  • Use @nodable/entities v2.1.0
    • breaking changes
      • single entity scan. You're not allowed to user entity value to form another entity name.
      • you cant add numeric external entity
      • entity error message when expantion limit is crossed might change
    • typings are updated for new options related to process entity
    • please follow documentation of @nodable/entities for more detail.
    • performance
      • if processEntities is false, then there should not be impact on performance.
      • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
      • if processEntities is true, and you pass entity decoder separately
        • if no entity then performance should be same as before
        • if there are entities then performance should be increased from past versions
    • ignoreAttributes is n...

      Description has been truncated

@dependabot
chore(deps): bump the npm_and_yarn group across 2 directories with 19…
b7b99df 
… updates

Bumps the npm_and_yarn group with 19 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |
| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |
| [glob](https://github.com/isaacs/node-glob) | `11.0.3` | `11.1.0` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.1` | `7.5.13` |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |
| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |
| [undici](https://github.com/nodejs/undici) | `7.15.0` | `7.25.0` |
| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |
| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.7.1` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |
| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.5` |
| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.9` | `7.3.2` |

Bumps the npm_and_yarn group with 1 update in the /packages/core directory: [diff](https://github.com/kpdecker/jsdiff).


Updates `simple-git` from 3.28.0 to 3.36.0
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git)

Updates `glob` from 10.4.5 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.5...v10.5.0)

Updates `glob` from 11.0.3 to 11.1.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.5...v10.5.0)

Updates `tar` from 7.5.1 to 7.5.13
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.1...v7.5.13)

Updates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.15.1...v1.29.0)

Updates `diff` from 7.0.0 to 9.0.0
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@7.0.0...v9.0.0)

Updates `undici` from 7.15.0 to 7.25.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.15.0...v7.25.0)

Updates `ajv` from 8.17.1 to 8.18.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.17.1...v8.18.0)

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.3...4.0.4)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `brace-expansion` from 1.1.12 to 1.1.14
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.14)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `fast-xml-parser` from 4.5.3 to 5.7.1
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.3...v5.7.1)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `jws` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v4.0.0...v4.0.1)

Updates `jws` from 3.2.2 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v4.0.0...v4.0.1)

Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.18.1)

Updates `path-to-regexp` from 8.2.0 to 8.4.2
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.2.0...v8.4.2)

Updates `protobufjs` from 7.5.3 to 7.5.5
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.3...protobufjs-v7.5.5)

Updates `rollup` from 4.44.0 to 4.60.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.44.0...v4.60.2)

Updates `vite` from 7.1.9 to 7.3.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

Updates `diff` from 7.0.0 to 9.0.0
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@7.0.0...v9.0.0)

---
updated-dependencies:
- dependency-name: simple-git
  dependency-version: 3.36.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: glob
  dependency-version: 11.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.13
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.29.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 9.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.25.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-version: 8.18.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.14
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 5.7.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 4.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: protobufjs
  dependency-version: 7.5.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.60.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 9.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 23, 2026
@dependabot dependabot Bot mentioned this pull request Apr 23, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants