Bump the npm_and_yarn group across 1 directory with 21 updates by dependabot[bot] · Pull Request #26 · RedTecLab/tsmeta

dependabot · 2026-03-24T12:15:36Z

Bumps the npm_and_yarn group with 21 updates in the / directory:

Package	From	To
lodash	`4.17.19`	`4.17.23`
koa	`2.11.0`	`3.1.2`
@babel/traverse	`7.7.4`	`7.29.0`
@octokit/endpoint	`10.1.1`	`10.1.4`
@octokit/plugin-paginate-rest	`11.3.0`	`11.6.0`
@octokit/request-error	`6.1.1`	`6.1.8`
@octokit/request	`9.1.1`	`9.2.4`
ajv	`6.10.2`	`6.14.0`
async	`2.6.3`	`2.6.4`
color-string	`1.5.3`	`1.9.1`
decode-uri-component	`0.2.0`	`0.2.2`
glob-parent	`5.1.0`	`5.1.2`
handlebars	`4.5.3`	`4.7.8`
json5	`2.1.1`	`2.2.3`
path-parse	`1.0.6`	`1.0.7`
path-to-regexp	`1.8.0`	`1.9.0`
tmpl	`1.0.4`	`1.0.5`
undefsafe	`2.0.2`	`2.0.5`
urijs	`1.19.2`	`1.19.11`
word-wrap	`1.2.3`	`1.2.5`
ws	`5.2.2`	`5.2.4`

Updates lodash from 4.17.19 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates koa from 2.11.0 to 3.1.2

Release notes

Sourced from koa's releases.

v3.1.2

What's Changed

fix: typo in troubleshooting.md by @WuMingDao in koajs/koa#1916

build(deps-dev): bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in koajs/koa#1921

build(deps): bump http-errors from 2.0.0 to 2.0.1 by @dependabot[bot] in koajs/koa#1919

build(deps): bump mime-types from 3.0.1 to 3.0.2 by @dependabot[bot] in koajs/koa#1918

docs: use correct term "Server-Sent Events" in guide by @jtr860830 in koajs/koa#1920

build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @dependabot[bot] in koajs/koa#1917

build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in koajs/koa#1922

fix(security): Host Header Injection via ctx.hostname by @killagu GHSA-7gcc-r8m5-44qm

New Contributors

@WuMingDao made their first contribution in koajs/koa#1916

@jtr860830 made their first contribution in koajs/koa#1920

Full Changelog: koajs/koa@v3.1.1...v3.1.2

v3.1.1

What's Changed

fix: only original value destroy if the new value is not a stream by @yowainwright in koajs/koa#1914

Full Changelog: koajs/koa@v3.1.0...v3.1.1

v3.1.0

What's Changed

feat: fixes mem leak relating to issue-1834 by @yowainwright in koajs/koa#1893

fix: adds steam clean up by @yowainwright in koajs/koa#1910

Full Changelog: koajs/koa@v3.0.3...v3.1.0

v3.0.3

What's Changed

fix: normalize referer before redirect by @fengmk2 in koajs/koa#1908

Full Changelog: koajs/koa@v3.0.2...v3.0.3

v3.0.2

What's Changed

fix: fixes response.attachment behaviour leads to Content-Type Sniffing by @yowainwright in koajs/koa#1904

chore: use NPM trusted publishing with semver tag triggers by @Copilot in koajs/koa#1907

New Contributors

@Copilot made their first contribution in koajs/koa#1907

Full Changelog: koajs/koa@v3.0.1...v3.0.2

v3.0.1

... (truncated)

Changelog

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

3.0.0-alpha.3 / 2025-02-11

fixes

Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

Update http-errors to v2.0.0 #1486

ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors

Remove res.redirect('back'), add back() method to ctx #1115

Replace node querystring with URLSearchParams #1828

Remove obsolete createAsyncCtxStorageMiddleware #1817

features

Add support for web WHATWG #1830

updates

Update cookies to ~0.9.1 #1846

Update statuses to ^2.0.1

Update supertest to ^7.0.0 #1841

fixes

Fix exports.defaults in package.json #1630

Fix leaky handles in tests #1838

Fix body null checks #1814

Fix reformatting redirect URLs #1805 #1804

Fix passing ctx in error handler #1758

migrations

Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

[e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

Commits

c5a52e0 3.1.2
55ab9ba Merge commit from fork
fecd464 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1922)
d2066cf build(deps): bump content-disposition from 0.5.4 to 1.0.1 (#1917)
8694a06 docs: use correct term "Server-Sent Events" in guide (#1920)
096682b build(deps): bump mime-types from 3.0.1 to 3.0.2 (#1918)
8215c2e build(deps): bump http-errors from 2.0.0 to 2.0.1 (#1919)
cfe5ec6 build(deps-dev): bump qs from 6.14.0 to 6.14.1 (#1921)
0a6afa5 fix: typo in troubleshooting.md (#1916)
2e52fb5 3.1.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for koa since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @babel/traverse from 7.7.4 to 7.29.0

Release notes

Sourced from @babel/traverse's releases.

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

babel-generator, babel-runtime-corejs3

#17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

David (@simbahax)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

@magic-akari

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

... (truncated)

Commits

aa8394e v7.29.0
84366a8 fix(traverse): provide a hub when traversing a File or Program and no parentP...
229eb45 [7.x backport] fix: Rename switch discriminant references when body creates s...
d7f4008 v7.28.6
905bc22 fix: lint errors in main branch (#17612)
a03e2b6 fix: path.evaluate correctly returns confident (#17584)
aac2c37 chore: Use Gulpfile.mts (#17579)
65c4a6b [Babel 8] fix: Improve traverse types (#17574)
99dcba5 chore: enable some ts-eslint rules (#17592)
c92c491 Improve Unicode handling in code-frame tokenizer (#17589)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/traverse since your current version.

Updates @octokit/endpoint from 10.1.1 to 10.1.4

Release notes

Sourced from @octokit/endpoint's releases.

v10.1.4

10.1.4 (2025-04-10)

Bug Fixes

deps: update dependency @octokit/types to v14 (#523) (ca8c366)

v10.1.3

10.1.3 (2025-02-13)

Bug Fixes

Fix a ReDos vulnerability, reported by @DayShift (6c9c5be)

v10.1.2

10.1.2 (2024-12-31)

Bug Fixes

deps: bump @octokit/types to improve Deno compat (#507) (15d700b)

Commits

ca8c366 fix(deps): update dependency @octokit/types to v14 (#523)
7b9a884 maint: cleanup package.json and use Node LTS instead of v16 (#519)
bcc0f97 build(deps): bump vite from 6.1.0 to 6.2.5 (#522)
255c59d ci(action): update actions/create-github-app-token action to v2 (#521)
adeee3e chore(deps): update dependency prettier to v3.5.3 (#518)
ea60e07 chore(deps): update dependency semantic-release-plugin-update-version-in-file...
8f43346 chore(deps): update dependency prettier to v3.5.2 (#517)
2209b07 chore(deps): update dependency prettier to v3.5.1 (#513)
d6cf1ad fix: linting issues breaking ci (#514)
6c9c5be Merge commit from fork
Additional commits viewable in compare view

Updates @octokit/plugin-paginate-rest from 11.3.0 to 11.6.0

Release notes

Sourced from @octokit/plugin-paginate-rest's releases.

v11.6.0

11.6.0 (2025-03-18)

Features

new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints (#666) (1f44b54)

v11.5.0

11.5.0 (2025-03-18)

Features

new GET /orgs/{org}/actions/hosted-runners, GET /orgs/{org}/actions/runner-groups/{runner_group_id}/hosted-runners, GET /orgs/{org}/rulesets/{ruleset_id}/history, GET /orgs/{org}/settings/network-configurations, GET /repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#649) (ef30a05)

v11.4.4-cjs.2

11.4.4-cjs.2 (2025-02-26)

[!IMPORTANT] This is a special release to backport newer changes to CJS and address a ReDos vulnerability

Bug Fixes

deps: update @octokit/plugin-rest-endpoint-methods (2c70eaf)

v11.4.4-cjs.1

11.4.4-cjs.1 (2025-02-26)

[!IMPORTANT] This is a special release to backport newer changes to CJS and address a ReDos vulnerability

Bug Fixes

release: set prerelease flag for correct channel (ce534d9) See octokit/plugin-paginate-rest.js@v11.3.1...v11.4.4-cjs.1 for the full comparision

Reverts

Revert "docs(README): update examples to use ESM (#611)" (1389b71)

Revert "feat: package is now ESM (#596)" (64ba6f4)

Revert "fix(pkg): add default fallback and types export (#612)" (27a8552)

v11.4.3

... (truncated)

Commits

1f44b54 feat: new /orgs/{org}/issue-types, `/orgs/{org}/issue-types/{issue_type_id}...
ef30a05 feat: new GET /orgs/{org}/actions/hosted-runners, `GET /orgs/{org}/actions/...
fbadb74 chore(deps): update dependency prettier to v3.5.3 (#665)
1c297ca chore(deps): update dependency semantic-release-plugin-update-version-in-file...
60d26d9 chore(deps): update dependency prettier to v3.5.2 (#664)
9a51aad fix(types): correct pagination return type for data which is an array (#662)
8b8c500 fix(types): add back the pagination keys (#653)
41876f4 chore(deps): update dependency prettier to v3.5.1 (#658)
7d1fade fix: mitigate ReDos issues & linting issues (#659)
bb6c4f9 Merge commit from fork
Additional commits viewable in compare view

Updates @octokit/request-error from 6.1.1 to 6.1.8

Release notes

Sourced from @octokit/request-error's releases.

v6.1.8

6.1.8 (2025-04-10)

Bug Fixes

deps: update dependency @octokit/types to v14 (#505) (ab4ea7b)

v6.1.7

6.1.7 (2025-02-13)

Bug Fixes

ReDos regex vulnerability, reported by @DayShift (d558320874a4bc8d356babf1079e6f0056a59b9e)

v6.1.6

6.1.6 (2024-12-29)

Bug Fixes

deps: bump @octokit/types to fix Deno compat (#483) (e01d470)

v6.1.5

6.1.5 (2024-09-24)

Bug Fixes

types: add explicit | undefined to optional fields (#462) (43fc3bd)

v6.1.4

6.1.4 (2024-07-11)

Bug Fixes

improve perf of request error instantiations (#444) (ba04ffa)

v6.1.3

6.1.3 (2024-07-11)

Bug Fixes

docs: correct title in README (#443) (e24d923)

v6.1.2

6.1.2 (2024-07-10)

... (truncated)

Commits

ab4ea7b fix(deps): update dependency @octokit/types to v14 (#505)
7eba3d2 chore(deps): update dependency tinybench to v4 (#501)
549624b build(deps): bump vite from 6.2.2 to 6.2.5 (#504)
11c1adc build(deps): lock file maintenance (#502)
de5f24d chore(deps): update dependency prettier to v3.5.3 (#499)
ef66347 build(deps): lock file maintenance (#500)
787201d build(deps): lock file maintenance (#498)
5ab6a76 chore(deps): update dependency prettier to v3.5.2 (#497)
f8f8c4a build(deps): lock file maintenance (#496)
eee2491 chore(deps): update dependency prettier to v3.5.1 (#493)
Additional commits viewable in compare view

Updates @octokit/request from 9.1.1 to 9.2.4

Release notes

Sourced from @octokit/request's releases.

v9.2.4

9.2.4 (2025-06-20)

Bug Fixes

pkg: unreplaced version number in dist-bundle/ (#765) (afa9d09)

v9.2.3

9.2.3 (2025-04-10)

Bug Fixes

deps: update dependency @octokit/types to v14 (#753) (7d576b0)

v9.2.2

9.2.2 (2025-02-14)

Bug Fixes

deps: update dependency @octokit/request-error to v6.1.7 [security] (#740) (4b2f485)

v9.2.1

9.2.1 (2025-02-13)

Bug Fixes

mitigate ReDos vulnerabilities & lint (#738) (6bb29ba)

v9.2.0

9.2.0 (2025-01-16)

Features

correctly parse response bodies as JSON where the Content-Type is application/scim+json (#731) (00bf316)

v9.1.4

9.1.4 (2024-12-29)

Bug Fixes

deps: bump @octokit/types to fix deno compat (#730) (324ffef)

v9.1.3

9.1.3 (2024-07-14)

... (truncated)

Commits

afa9d09 fix(pkg): unreplaced version number in dist-bundle/ (#765)
3773e64 ci: replace OCTOKITBOT_PROJECT_ACTION_TOKEN and OCTOKITBOT_PAT with a tok...
7d576b0 fix(deps): update dependency @octokit/types to v14 (#753)
c9bfc37 build(deps): bump vite from 6.1.0 to 6.2.5 (#750)
f7b9616 ci(prettier): use Node LTS instead of Node 16 (#748)
1955847 chore(deps): update dependency prettier to v3.5.3 (#745)
b71107b chore(deps): update dependency semantic-release-plugin-update-version-in-file...
c855943 chore(deps): update dependency prettier to v3.5.2 (#743)
4b2f485 fix(deps): update dependency @octokit/request-error to v6.1.7 [security] (#740)
0320a42 chore(deps): update dependency prettier to v3.5.1 (#737)
Additional commits viewable in compare view

Updates ajv from 6.10.2 to 6.14.0

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@sambauers, #1143) Option keywords to add custom keywords (@franciscomorais, #1137) Types fixes (@boenrobot, @MattiAstedrone) Docs:

error logging example (@RadiationSickness)

TypeScript usage notes (@thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
fe59143 6.12.6
d580d3e Merge pull request #1298 from ajv-validator/fix-url
fd36389 fix: regular expression for "url" format
Additional commits viewable in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

Fix potential prototype pollution exploit (#1828)

Commits

c6bdaca Version 2.6.4
8870da9 Update built files
4df6754 update changelog
8f7f903 Fix prototype pollution vulnerability (#1828)
See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates color-string from 1.5.3 to 1.9.1

Release notes

Sourced from color-string's releases.

1.9.0

Minor Release 1.9.0

Add parsing of exponential alpha values for HWB and HSL (#66)

Thanks to @babycannotsay for their contribution!

1.8.2

Patch release 1.8.2

Fix incorrect handling of optional comma in rgb() regex (#65)

Thanks to @gerdasi and @mastertheblaster for reporting and confirming the bug!

1.8.1

Patch release 1.8.1

Fix rgb alpha percentage parsing from int to float (#61)

Thanks to @clytras for their contribution!

1.8.0

Minor release 1.8.0

Add anchors to keyword regex (#64)

Thanks to @cq360767996 for their contribution!

1.7.4

Patch Release 1.7.4

Fix bug in .to.hex() output if the inputs aren't rounded numbers (#25)

1.7.3

Patch Release 1.7.3

Fix hue modulo operation (#50)

Thanks to @adroitwhiz for their contributions.

1.7.2

Patch Release 1.7.2

Fix issue where color-string with incorrectly return a color for properties on Object's prototype like "constructor". (#45)

Thanks to @tolmasky for their contributions.

1.7.1

Patch release 1.7.1

... (truncated)

Commits

See full diff in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates glob-parent from 5.1.0 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

eliminate ReDoS (#36) (f923116)

v5.1.1

Bug Fixes

unescape exclamation mark (#26) (a98874f)

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

eliminate ReDoS (#36) (f923116)

6.0.2 (2021-09-29)

Bug Fixes

Improve performance (#53) (843f8de)

6.0.1 (2021-07-20)

Bug Fixes

Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

Correct mishandled escaped path separators (#34)

upgrade scaffold, dropping node <10 support

Bug Fixes

Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

unescape exclamation mark (#26) (a98874f)

Commits

eb2c439 chore: update changelog
12bcb6c chore: release 5.1.2
f923116 fix: eliminate ReDoS (#36)
0b014a7 chore: add JSDoc returns information (#33)
2b24ebd chore: generate initial changelog
9b6e874 chore: release 5.1.1
749c35e ci: try wrapping the JOB_ID in a string
5d39def ci: attempt to switch to published coveralls
0b5b37f ci: put the npm step back in for only Windows
473f5d8 ci: update azure build images
Additional commits viewable in compare view

Updates handlebars from 4.5.3 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

Make library compatible with workers (#1894) - 3d3796c

Don't rely on Node.js global object (#1776) - 2954e7e

Fix compiling of each block params in strict mode (#1855) - 30dbf04

Fix rollup warning...
Description has been truncated

Bumps the npm_and_yarn group with 21 updates in the / directory: | Package | From | To | | --- | --- | --- | | [lodash](https://github.com/lodash/lodash) | `4.17.19` | `4.17.23` | | [koa](https://github.com/koajs/koa) | `2.11.0` | `3.1.2` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.7.4` | `7.29.0` | | [@octokit/endpoint](https://github.com/octokit/endpoint.js) | `10.1.1` | `10.1.4` | | [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) | `11.3.0` | `11.6.0` | | [@octokit/request-error](https://github.com/octokit/request-error.js) | `6.1.1` | `6.1.8` | | [@octokit/request](https://github.com/octokit/request.js) | `9.1.1` | `9.2.4` | | [ajv](https://github.com/ajv-validator/ajv) | `6.10.2` | `6.14.0` | | [async](https://github.com/caolan/async) | `2.6.3` | `2.6.4` | | [color-string](https://github.com/Qix-/color-string) | `1.5.3` | `1.9.1` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [glob-parent](https://github.com/gulpjs/glob-parent) | `5.1.0` | `5.1.2` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.5.3` | `4.7.8` | | [json5](https://github.com/json5/json5) | `2.1.1` | `2.2.3` | | [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `1.8.0` | `1.9.0` | | [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` | | [undefsafe](https://github.com/remy/undefsafe) | `2.0.2` | `2.0.5` | | [urijs](https://github.com/medialize/URI.js) | `1.19.2` | `1.19.11` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [ws](https://github.com/websockets/ws) | `5.2.2` | `5.2.4` | Updates `lodash` from 4.17.19 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.19...4.17.23) Updates `koa` from 2.11.0 to 3.1.2 - [Release notes](https://github.com/koajs/koa/releases) - [Changelog](https://github.com/koajs/koa/blob/master/History.md) - [Commits](koajs/koa@2.11.0...v3.1.2) Updates `@babel/traverse` from 7.7.4 to 7.29.0 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-traverse) Updates `@octokit/endpoint` from 10.1.1 to 10.1.4 - [Release notes](https://github.com/octokit/endpoint.js/releases) - [Commits](octokit/endpoint.js@v10.1.1...v10.1.4) Updates `@octokit/plugin-paginate-rest` from 11.3.0 to 11.6.0 - [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases) - [Commits](octokit/plugin-paginate-rest.js@v11.3.0...v11.6.0) Updates `@octokit/request-error` from 6.1.1 to 6.1.8 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v6.1.1...v6.1.8) Updates `@octokit/request` from 9.1.1 to 9.2.4 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v9.1.1...v9.2.4) Updates `ajv` from 6.10.2 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.2...v6.14.0) Updates `async` from 2.6.3 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) Updates `color-string` from 1.5.3 to 1.9.1 - [Release notes](https://github.com/Qix-/color-string/releases) - [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md) - [Commits](https://github.com/Qix-/color-string/commits/1.9.1) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `glob-parent` from 5.1.0 to 5.1.2 - [Release notes](https://github.com/gulpjs/glob-parent/releases) - [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md) - [Commits](gulpjs/glob-parent@v5.1.0...v5.1.2) Updates `handlebars` from 4.5.3 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.5.3...v4.7.8) Updates `json5` from 2.1.1 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.1.1...v2.2.3) Updates `path-parse` from 1.0.6 to 1.0.7 - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) Updates `path-to-regexp` from 1.8.0 to 1.9.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0) Updates `tmpl` from 1.0.4 to 1.0.5 - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) Updates `undefsafe` from 2.0.2 to 2.0.5 - [Release notes](https://github.com/remy/undefsafe/releases) - [Commits](remy/undefsafe@v2.0.2...v2.0.5) Updates `urijs` from 1.19.2 to 1.19.11 - [Release notes](https://github.com/medialize/URI.js/releases) - [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md) - [Commits](medialize/URI.js@v1.19.2...v1.19.11) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `ws` from 5.2.2 to 5.2.4 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@5.2.2...5.2.4) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: koa dependency-version: 3.1.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.29.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/endpoint" dependency-version: 10.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/plugin-paginate-rest" dependency-version: 11.6.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/request-error" dependency-version: 6.1.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/request" dependency-version: 9.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-version: 2.6.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: color-string dependency-version: 1.9.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: glob-parent dependency-version: 5.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-version: 4.7.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-parse dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 1.9.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmpl dependency-version: 1.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undefsafe dependency-version: 2.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: urijs dependency-version: 1.19.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-version: 1.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 5.2.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 24, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 21 updates#26

Bump the npm_and_yarn group across 1 directory with 21 updates#26
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-9385cf501c

dependabot bot commented on behalf of github Mar 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 24, 2026

v3.1.2

What's Changed

New Contributors

v3.1.1

What's Changed

v3.1.0

What's Changed

v3.0.3

What's Changed

v3.0.2

What's Changed

New Contributors

v3.0.1

3.0.0-alpha.3 / 2025-02-11

3.0.0-alpha.2 / 2024-11-04

3.0.0-alpha.1 / 2023-04-12

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

🏃‍♀️ Performance

Committers: 6

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

v10.1.4

10.1.4 (2025-04-10)

Bug Fixes

v10.1.3

10.1.3 (2025-02-13)

Bug Fixes

v10.1.2

10.1.2 (2024-12-31)

Bug Fixes

v11.6.0

11.6.0 (2025-03-18)

Features

v11.5.0

11.5.0 (2025-03-18)

Features

v11.4.4-cjs.2

11.4.4-cjs.2 (2025-02-26)

Bug Fixes

v11.4.4-cjs.1

11.4.4-cjs.1 (2025-02-26)

Bug Fixes

Reverts

v11.4.3

v6.1.8

6.1.8 (2025-04-10)

Bug Fixes

v6.1.7

6.1.7 (2025-02-13)

Bug Fixes

v6.1.6

6.1.6 (2024-12-29)

Bug Fixes

v6.1.5

6.1.5 (2024-09-24)

Bug Fixes

v6.1.4

6.1.4 (2024-07-11)

Bug Fixes

v6.1.3

6.1.3 (2024-07-11)

Bug Fixes

v6.1.2

6.1.2 (2024-07-10)

v9.2.4

9.2.4 (2025-06-20)

Bug Fixes

v9.2.3

9.2.3 (2025-04-10)

Bug Fixes

v9.2.2

9.2.2 (2025-02-14)