Skip to content

chore(deps-dev): bump shell-quote from 1.7.3 to 1.10.0#3540

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/shell-quote-1.9.0
Closed

chore(deps-dev): bump shell-quote from 1.7.3 to 1.10.0#3540
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/shell-quote-1.9.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps shell-quote from 1.7.3 to 1.10.0.

Changelog

Sourced from shell-quote's changelog.

v1.10.0 - 2026-07-10

Merged

Commits

  • [Fix] parse: match nested ${...} braces so nested parameter expansion is consumed as one substitution c0842c8
  • [Tests] parse: pin single-quote literalness and unmatched-quote handling a0d03e3
  • [readme] remove the space in js code fences so evalmd evaluates them 2116fa3
  • [Tests] quote: pin conservative escaping of =, @, ^, ,, :, ! (#11) 1c36f3f
  • [readme] document that quote outputs POSIX quoting, not cmd.exe/PowerShell 100e96e
  • [readme] document parse's supported parameter-expansion subset e1c75cd
  • [Fix] parse: a backslash inside single quotes must not escape the closing quote 5d460a3
  • [readme] fix stale example outputs 2de86f5
  • [Tests] quote: pin that a backslash with whitespace is not doubled in single quotes (#14) 190e236
  • [readme] quote: use output verbatim; do not re-quote it (#11) 1b36468
  • [Refactor] parse: fix swapped SINGLE_QUOTE/DOUBLE_QUOTE variable names 801af5c
  • [types] fix an error TS v6 ignores but v7 fails on 59bbf8b
  • [Dev Deps] update @arethetypeswrong/cli, evalmd a04d475
  • [Dev Deps] update @arethetypeswrong/ci, eslint d390f9a
  • [Tests] quote: the tilde test escapes every ~, not just a leading one (#9) 617d119

v1.9.0 - 2026-06-24

Commits

  • [New] add types dca6e21
  • [Dev Deps] update eslint 9aa9e8f
  • [Fix] parse: finalize tokens in linear time (GHSA-395f-4hp3-45gv) 7ff5488
  • [actions] update workflows 75e8497
  • [actions] Windows + node 4/6/7: pin eslint to 9 before install, since npm 2/3 cannot stage eslint 10@types/esrecurse 3fb739d
  • [actions] retry npm install on Windows to survive npm 2/3 staging-rename flake abe0163
  • [actions] Windows + node 5/7: install deps with a modern node b4bafa2
  • [Fix] quote: escape leading ~ to prevent shell tilde-expansion 7a76c1a
  • [Dev Deps] update auto-changelog, tape 7184b44
  • [Dev Deps] apparently jackspeak is no longer in the graph 9ba368a

v1.8.4 - 2026-05-22

Commits

  • [Fix] quote: validate object-token shapes 4378a6e
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore 22ebec0
  • [Tests] increase coverage 9f3caa3
  • [readme] replace runkit CI badge with shields.io check-runs badge 3344a04
  • [Dev Deps] update @ljharb/eslint-config 699c511

v1.8.3 - 2025-06-01

... (truncated)

Commits
  • 64988d9 v1.10.0
  • 617d119 [Tests] quote: the tilde test escapes every ~, not just a leading one (#9)
  • 59bbf8b [types] fix an error TS v6 ignores but v7 fails on
  • 190e236 [Tests] quote: pin that a backslash with whitespace is not doubled in singl...
  • a04d475 [Dev Deps] update @arethetypeswrong/cli, evalmd
  • b9545b3 [New] parse: add opt-in splitUnquoted option for shell field-splitting of...
  • 1b36468 [readme] quote: use output verbatim; do not re-quote it (#11)
  • 1c36f3f [Tests] quote: pin conservative escaping of =, @, ^, ,, :, ! (#11)
  • e1c75cd [readme] document parse's supported parameter-expansion subset
  • c0842c8 [Fix] parse: match nested ${...} braces so nested parameter expansion is ...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency (dev or runtime) javascript Pull requests that update Javascript code skip-changelog Do not include in Changelog and Release Notes labels Jun 30, 2026
Bumps [shell-quote](https://github.com/ljharb/shell-quote) from 1.7.3 to 1.10.0.
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.7.3...v1.10.0)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-version: 1.9.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps-dev): bump shell-quote from 1.7.3 to 1.9.0 chore(deps-dev): bump shell-quote from 1.7.3 to 1.10.0 Jul 13, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/shell-quote-1.9.0 branch from c768f8c to d17bfa4 Compare July 13, 2026 00:33
@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #3546.

@dependabot dependabot Bot closed this Jul 14, 2026
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/shell-quote-1.9.0 branch July 14, 2026 23:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency (dev or runtime) javascript Pull requests that update Javascript code skip-changelog Do not include in Changelog and Release Notes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants