Skip to content

chore(deps-dev): bump @moonrepo/cli from 2.2.5 to 2.3.3 in the moon group across 1 directory#1047

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/moon-42851e3c20
Open

chore(deps-dev): bump @moonrepo/cli from 2.2.5 to 2.3.3 in the moon group across 1 directory#1047
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/moon-42851e3c20

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the moon group with 1 update in the / directory: @moonrepo/cli.

Updates @moonrepo/cli from 2.2.5 to 2.3.3

Release notes

Sourced from @​moonrepo/cli's releases.

2.3.3

Release Notes

🛡️ Security

  • Fixed a security issue where task outputs being hydrated from the remote cache can overwrite files outside the output list, if the manifest in the remote cache has been compromised.

🧰 Toolchains

  • Go
    • Fixed a go.mod parsing regression that failed to parse tool ().

Install moon_cli 2.3.3

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/moonrepo/moon/releases/download/v2.3.3/moon_cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/moonrepo/moon/releases/download/v2.3.3/moon_cli-installer.ps1 | iex"

Download moon_cli 2.3.3

File Platform Checksum
moon_cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
moon_cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
moon_cli-x86_64-pc-windows-msvc.zip x64 Windows checksum
moon_cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
moon_cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum
moon_cli-aarch64-unknown-linux-musl.tar.xz ARM64 MUSL Linux checksum
moon_cli-x86_64-unknown-linux-musl.tar.xz x64 MUSL Linux checksum

2.3.2

Release Notes

🚀 Updates

  • Added panic handling to the daemon server, to capture and log unexpected panics.
  • Updated the pipeline to continue if the daemon client cannot connect, instead of failing the whole pipeline.

🐞 Fixes

... (truncated)

Changelog

Sourced from @​moonrepo/cli's changelog.

2.3.3

🛡️ Security

  • Fixed a security issue where task outputs being hydrated from the remote cache can overwrite files outside the output list, if the manifest in the remote cache has been compromised.

🧰 Toolchains

  • Go
    • Fixed a go.mod parsing regression that failed to parse tool ().

2.3.2

🚀 Updates

  • Added panic handling to the daemon server, to capture and log unexpected panics.
  • Updated the pipeline to continue if the daemon client cannot connect, instead of failing the whole pipeline.

🐞 Fixes

  • Potential fix for the daemon client connection refused error. If this problem persists, temporarily disable the daemon and report an issue.
  • Fixed an issue with project:^ inputs where resolved files would be excluded when project sources overlap.

🧰 Toolchains

  • Go
    • Added an inferRelationshipsPackages setting to customize the package patterns passed to go list --deps.
    • Updated go list --deps relationship inference to scan all packages (./...) by default, so dependencies imported only from subdirectories (internal/, pkg/, ...) are now inferred.

2.3.1

🚀 Updates

  • Added in-memory caching to certain toolchain operations, primarily around locating executables.
  • Improved daemon startup performance by loading the workspace graph in the background after the server is ready.
  • Updated plugin distribution to use ghcr.io instead of raw URLs, which should improve reliability and performance of plugin downloads.

🐞 Fixes

  • Reworked the daemon connect/ready logic to possibly fix some Windows connection issues.
  • Fixed an issue where the task dependency cacheStrategy inferrence was not working correctly based on what experiments are enabled.

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 4, 2026
@dependabot
chore(deps-dev): bump @moonrepo/cli in the moon group across 1 directory
109df77 
Bumps the moon group with 1 update in the / directory: [@moonrepo/cli](https://github.com/moonrepo/moon/tree/HEAD/packages/cli).


Updates `@moonrepo/cli` from 2.2.5 to 2.3.3
- [Release notes](https://github.com/moonrepo/moon/releases)
- [Changelog](https://github.com/moonrepo/moon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moonrepo/moon/commits/v2.3.3/packages/cli)

---
updated-dependencies:
- dependency-name: "@moonrepo/cli"
  dependency-version: 2.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: moon
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps-dev): bump @moonrepo/cli from 2.2.5 to 2.3.0 in the moon group chore(deps-dev): bump @moonrepo/cli from 2.2.5 to 2.3.3 in the moon group across 1 directory Jun 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/moon-42851e3c20 branch from 33491c0 to 109df77 Compare June 14, 2026 06:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants