Skip to content

Bump the all-dependencies group with 7 updates#47

Merged
shgysk8zer0 merged 1 commit into
masterfrom
dependabot/npm_and_yarn/all-dependencies-172d34a87a
Jun 17, 2026
Merged

Bump the all-dependencies group with 7 updates#47
shgysk8zer0 merged 1 commit into
masterfrom
dependabot/npm_and_yarn/all-dependencies-172d34a87a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-dependencies group with 7 updates:

Package From To
@aegisjsproject/dev-server 1.0.6 1.1.0
@aegisjsproject/http-utils 1.0.4 1.1.0
@shgysk8zer0/eslint-config 1.0.9 1.1.0
@shgysk8zer0/http-server 1.1.2 1.2.0
@shgysk8zer0/importmap 1.9.20 1.10.2
eslint 10.4.1 10.5.0
rollup 4.61.1 4.62.0

Updates @aegisjsproject/dev-server from 1.0.6 to 1.1.0

Release notes

Sourced from @​aegisjsproject/dev-server's releases.

Release v1.1.0

See Changelog

Changelog

Sourced from @​aegisjsproject/dev-server's changelog.

[v1.1.0] - 2026-06-14

Added

  • Add Security policy
  • Add npm config to harden installs

Changed

  • Update Workflows with permissions
  • Update contributiing guidelines
  • Update to node 26.3.0 & npm 11.16.0
Commits
  • 4860a24 Merge pull request #45 from AegisJSProject/feature/ci-security
  • d54659a Security Hardening
  • 518a0e2 Merge pull request #44 from AegisJSProject/dependabot/npm_and_yarn/all-depend...
  • cbd26b1 Bump the all-dependencies group with 2 updates
  • b45ae10 Merge pull request #43 from AegisJSProject/dependabot/npm_and_yarn/all-depend...
  • f5bf9d5 Bump eslint from 10.3.0 to 10.4.0 in the all-dependencies group
  • 9f2ef46 Merge pull request #42 from AegisJSProject/dependabot/npm_and_yarn/all-depend...
  • d812acc Bump @​shgysk8zer0/importmap in the all-dependencies group
  • ad7060d Merge pull request #41 from AegisJSProject/dependabot/npm_and_yarn/all-depend...
  • 77baedf Bump the all-dependencies group with 2 updates
  • Additional commits viewable in compare view

Updates @aegisjsproject/http-utils from 1.0.4 to 1.1.0

Release notes

Sourced from @​aegisjsproject/http-utils's releases.

Release v1.1.0

See Changelog

Changelog

Sourced from @​aegisjsproject/http-utils's changelog.

[v1.1.0] - 2026-06-14

Added

  • Add Security policy
  • Add npm config to harden installs

Changed

  • Update Workflows with permissions
  • Update contributiing guidelines
  • Update to node 26.3.0 & npm 11.16.0
Commits
  • aec840c Merge pull request #47 from AegisJSProject/feature/ci-security
  • 8e5666e Security Hardening
  • 019eb1f Merge pull request #46 from AegisJSProject/dependabot/npm_and_yarn/all-depend...
  • b582757 Bump the all-dependencies group with 2 updates
  • e10e247 Merge pull request #45 from AegisJSProject/dependabot/npm_and_yarn/all-depend...
  • aa4be48 Bump eslint from 10.3.0 to 10.4.0 in the all-dependencies group
  • 2e55260 Merge pull request #44 from AegisJSProject/dependabot/npm_and_yarn/all-depend...
  • 2b86aad Bump @​shgysk8zer0/importmap in the all-dependencies group
  • fd0db57 Merge pull request #43 from AegisJSProject/dependabot/npm_and_yarn/all-depend...
  • 0ad59a7 Bump the all-dependencies group with 2 updates
  • Additional commits viewable in compare view

Updates @shgysk8zer0/eslint-config from 1.0.9 to 1.1.0

Release notes

Sourced from @​shgysk8zer0/eslint-config's releases.

Release v1.1.0

See Changelog

Changelog

Sourced from @​shgysk8zer0/eslint-config's changelog.

[v1.1.0] - 2026-06-14

Added

  • Add Security policy
  • Add npm config to harden installs

Changed

  • Update Workflows with permissions
  • Update contributiing guidelines
Commits
  • 84786ad Merge pull request #173 from shgysk8zer0/feature/harden
  • f80cee0 Update README.md
  • 1cf714a Hardening
  • cf99db2 Merge pull request #172 from shgysk8zer0/dependabot/npm_and_yarn/all-dependen...
  • 98ebc19 Bump rollup from 4.61.0 to 4.61.1 in the all-dependencies group
  • 6f05051 Merge pull request #171 from shgysk8zer0/dependabot/npm_and_yarn/all-dependen...
  • a20c7fc Bump the all-dependencies group with 2 updates
  • c0755a4 Merge pull request #170 from shgysk8zer0/dependabot/npm_and_yarn/all-dependen...
  • b3f5623 Bump the all-dependencies group with 2 updates
  • 2a1e691 Merge pull request #169 from shgysk8zer0/dependabot/npm_and_yarn/brace-expans...
  • Additional commits viewable in compare view

Updates @shgysk8zer0/http-server from 1.1.2 to 1.2.0

Release notes

Sourced from @​shgysk8zer0/http-server's releases.

Release v1.2.0

See Changelog

Changelog

Sourced from @​shgysk8zer0/http-server's changelog.

[v1.2.0] - 2026-06-12

Changed

  • Upgrade to node 26.3.0 / npm 11.16.0
  • Min node version set to 22.12.0
  • Use npm stage publish
  • Allow expected scripts
  • Update various dependencies
Commits
  • 08c9b54 Merge pull request #125 from shgysk8zer0/feature/harden
  • 8adf75c Upgrade Node to 26.3.0; update deps & CI
  • ab6babd Merge pull request #124 from shgysk8zer0/dependabot/npm_and_yarn/all-dependen...
  • a91f833 chore(deps-dev): bump rollup in the all-dependencies group
  • 582e819 Merge pull request #123 from shgysk8zer0/dependabot/npm_and_yarn/all-dependen...
  • 876e755 chore(deps-dev): bump the all-dependencies group with 3 updates
  • 4de1bb3 Merge pull request #122 from shgysk8zer0/dependabot/npm_and_yarn/all-dependen...
  • 6085b33 chore(deps-dev): bump the all-dependencies group with 2 updates
  • 6459351 Merge pull request #121 from shgysk8zer0/dependabot/npm_and_yarn/all-dependen...
  • 7983be8 chore(deps-dev): bump @​shgysk8zer0/importmap
  • Additional commits viewable in compare view

Updates @shgysk8zer0/importmap from 1.9.20 to 1.10.2

Release notes

Sourced from @​shgysk8zer0/importmap's releases.

Release v1.10.2

See Changelog

Release v1.10.1

See Changelog

Release v1.10.0

See Changelog

Changelog

Sourced from @​shgysk8zer0/importmap's changelog.

[v1.10.2] - 2026-06-15

Changed

  • Bulk updates in packages hardening CI security

[v1.10.1] - 2026-06-14

Added

  • Add Security policy
  • Add npm config to harden installs

Changed

  • Update Workflows with permissions
  • Update contributiing guidelines

Removed

  • Remove auto-update workflow

[v1.10.0] - 2026-06-11

Changed

  • Switch to using npm stage publish

[v1.9.21] - 2026-06-10

Changed

  • Update @aegisjsproject/hermes
Commits
  • e4c652d Merge pull request #384 from shgysk8zer0/patch/updates
  • de84529 Bulk updates in packages hardening CI security
  • db99352 Merge pull request #383 from shgysk8zer0/patch/version-bump
  • e3068ba Fix version
  • 614b844 Merge pull request #382 from shgysk8zer0/feature/harden
  • 680024e Fix markdown linting errors
  • bc2c69a Add security policy and CI/npm hardening
  • 193ebca Merge pull request #381 from shgysk8zer0/feature/stage
  • 1a4ae59 Bump version to v1.10.0 and update publish flow
  • f52f349 Merge pull request #380 from shgysk8zer0/patch/updates
  • Additional commits viewable in compare view

Updates eslint from 10.4.1 to 10.5.0

Release notes

Sourced from eslint's releases.

v10.5.0

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)

Chores

  • b18bf58 chore: update ecosystem plugins (#20959) (ESLint Bot)
  • c2d1444 refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)
  • 243b8c5 chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)
  • 217b2a9 test: add unit tests for ParserService (#20949) (Taejin Kim)
  • 72003e7 test: add location information to error messages in max-statements (#20945) (lumir)
  • 7797c26 refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)
  • 67c46fa chore: update ecosystem plugins (#20938) (ESLint Bot)
  • 95d8c7a chore: update dependency @​eslint/json to v2 (#20934) (renovate[bot])
  • cf9e496 chore: update @​arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)
  • fb6d396 test: run type tests with TypeScript 7 (#20868) (sethamus)
Commits

Updates rollup from 4.61.1 to 4.62.0

Release notes

Sourced from rollup's releases.

v4.62.0

4.62.0

2026-06-13

Features

  • Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

Changelog

Sourced from rollup's changelog.

4.62.0

2026-06-13

Features

  • Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

Commits
  • 5e0066d 4.62.0
  • 93e85fc chore(deps): update dependency eslint-plugin-unicorn to v65 (#6413)
  • 5c9ef2e fix(deps): update minor/patch updates (#6412)
  • 18654d8 chore(deps): lock file maintenance minor/patch updates (#6414)
  • d96ed95 Extract the static dependencies imported by manual chunks into separate chunk...
  • 126e141 chore(deps): pin dependency concurrently to v9 (#6406)
  • f2f58c4 chore(deps): lock file maintenance minor/patch updates (#6410)
  • 5a15062 chore(deps): update minor/patch updates to v6.2.0 (#6409)
  • d02f03a chore(deps): lock file maintenance minor/patch updates (#6407)
  • 844671c fix(deps): update minor/patch updates (#6405)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@aegisjsproject/dev-server](https://github.com/AegisJSProject/dev-server) | `1.0.6` | `1.1.0` |
| [@aegisjsproject/http-utils](https://github.com/AegisJSProject/http-utils) | `1.0.4` | `1.1.0` |
| [@shgysk8zer0/eslint-config](https://github.com/shgysk8zer0/eslint-config) | `1.0.9` | `1.1.0` |
| [@shgysk8zer0/http-server](https://github.com/shgysk8zer0/http-server) | `1.1.2` | `1.2.0` |
| [@shgysk8zer0/importmap](https://github.com/shgysk8zer0/importmap) | `1.9.20` | `1.10.2` |
| [eslint](https://github.com/eslint/eslint) | `10.4.1` | `10.5.0` |
| [rollup](https://github.com/rollup/rollup) | `4.61.1` | `4.62.0` |


Updates `@aegisjsproject/dev-server` from 1.0.6 to 1.1.0
- [Release notes](https://github.com/AegisJSProject/dev-server/releases)
- [Changelog](https://github.com/AegisJSProject/dev-server/blob/master/CHANGELOG.md)
- [Commits](AegisJSProject/dev-server@v1.0.6...v1.1.0)

Updates `@aegisjsproject/http-utils` from 1.0.4 to 1.1.0
- [Release notes](https://github.com/AegisJSProject/http-utils/releases)
- [Changelog](https://github.com/AegisJSProject/http-utils/blob/master/CHANGELOG.md)
- [Commits](AegisJSProject/http-utils@v1.0.4...v1.1.0)

Updates `@shgysk8zer0/eslint-config` from 1.0.9 to 1.1.0
- [Release notes](https://github.com/shgysk8zer0/eslint-config/releases)
- [Changelog](https://github.com/shgysk8zer0/eslint-config/blob/master/CHANGELOG.md)
- [Commits](shgysk8zer0/eslint-config@v1.0.9...v1.1.0)

Updates `@shgysk8zer0/http-server` from 1.1.2 to 1.2.0
- [Release notes](https://github.com/shgysk8zer0/http-server/releases)
- [Changelog](https://github.com/shgysk8zer0/http-server/blob/master/CHANGELOG.md)
- [Commits](shgysk8zer0/http-server@v1.1.2...v1.2.0)

Updates `@shgysk8zer0/importmap` from 1.9.20 to 1.10.2
- [Release notes](https://github.com/shgysk8zer0/importmap/releases)
- [Changelog](https://github.com/shgysk8zer0/importmap/blob/master/CHANGELOG.md)
- [Commits](shgysk8zer0/importmap@v1.9.20...v1.10.2)

Updates `eslint` from 10.4.1 to 10.5.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.4.1...v10.5.0)

Updates `rollup` from 4.61.1 to 4.62.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.61.1...v4.62.0)

---
updated-dependencies:
- dependency-name: "@aegisjsproject/dev-server"
  dependency-version: 1.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@aegisjsproject/http-utils"
  dependency-version: 1.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@shgysk8zer0/eslint-config"
  dependency-version: 1.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@shgysk8zer0/http-server"
  dependency-version: 1.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@shgysk8zer0/importmap"
  dependency-version: 1.10.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: eslint
  dependency-version: 10.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: rollup
  dependency-version: 4.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@socket-security

Copy link
Copy Markdown

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm js-yaml is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@shgysk8zer0/importmap@1.10.2npm/js-yaml@4.2.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-yaml@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@shgysk8zer0
shgysk8zer0 merged commit 6b99ad3 into master Jun 17, 2026
6 checks passed
@shgysk8zer0
shgysk8zer0 deleted the dependabot/npm_and_yarn/all-dependencies-172d34a87a branch June 17, 2026 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant