Skip to content

build(deps): bump the npm_and_yarn group across 3 directories with 10 updates#1

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/svm/npm_and_yarn-309b692e2f
Open

build(deps): bump the npm_and_yarn group across 3 directories with 10 updates#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/svm/npm_and_yarn-309b692e2f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 3 updates in the /svm directory: @babel/runtime, base-x and bn.js.
Bumps the npm_and_yarn group with 5 updates in the /svm/anchor directory:

Package From To
@babel/runtime 7.25.6 7.29.2
base-x 3.0.10 3.0.11
bn.js 5.2.1 5.2.3
brace-expansion 1.1.11 1.1.14
picomatch 2.3.1 2.3.2

Bumps the npm_and_yarn group with 5 updates in the /api-docs directory:

Package From To
js-yaml 4.1.0 4.1.1
picomatch 2.3.1 2.3.2
ajv 8.17.1 8.20.0
fast-uri 3.0.6 3.1.2
yaml 2.8.1 2.8.4

Updates @babel/runtime from 7.25.6 to 7.29.2

Release notes

Sourced from @​babel/runtime's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

  • babel-parser

🐛 Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • babel-preset-env
    • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

  • babel-types
  • babel-standalone

🐛 Bug Fix

  • babel-parser
  • babel-traverse
    • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
  • babel-plugin-transform-block-scoping, babel-traverse
    • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/runtime since your current version.


Updates base-x from 3.0.10 to 3.0.11

Commits

Updates bn.js from 5.2.1 to 5.2.3

Changelog

Sourced from bn.js's changelog.

5.2.3 / 2026-02-19

  • fix: imaskn state (#317)

5.2.2 / 2025-04-25

  • fix: imuln/muln with zero (#313)
Commits

Updates @babel/runtime from 7.25.6 to 7.29.2

Release notes

Sourced from @​babel/runtime's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

  • babel-parser

🐛 Bug Fix

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • babel-preset-env
    • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

  • babel-types
  • babel-standalone

🐛 Bug Fix

  • babel-parser
  • babel-traverse
    • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
  • babel-plugin-transform-block-scoping, babel-traverse
    • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/runtime since your current version.


Updates base-x from 3.0.10 to 3.0.11

Commits

Updates bn.js from 5.2.1 to 5.2.3

Changelog

Sourced from bn.js's changelog.

5.2.3 / 2026-02-19

  • fix: imaskn state (#317)

5.2.2 / 2025-04-25

  • fix: imuln/muln with zero (#313)
Commits

Updates brace-expansion from 1.1.11 to 1.1.14

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Updates ajv from 8.17.1 to 8.20.0

Release notes

Sourced from ajv's releases.

v8.20.0

What's Changed

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

v8.19.0

What's Changed

Full Changelog: ajv-validator/ajv@v8.18.0...v8.19.0

v8.18.0

What's Changed

New Contributors

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

Updates fast-uri from 3.0.6 to 3.1.2

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

What's Changed

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

What's Changed

New Contributors

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

v3.1.0

What's Changed

... (truncated)

Commits
  • 919dd8e Bumped v3.1.2
  • c65ba57 fixup: linting
  • 6c86c17 Merge commit from fork
  • a95158a Handle malformed fragment decoding without throwing (#171)
  • cea547c Bumped v3.1.1
  • 876ce79 Merge commit from fork
  • dcdf690 ci: add lock-threads workflow (#169)
  • c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
  • 9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
  • 85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
  • Additional commits viewable in compare view

Updates tar from 7.4.3 to 7.5.15

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates yaml from 2.8.1 to 2.8.4

Release notes

Sourced from yaml's releases.

v2.8.4

  • Disable alias resolution with maxAliasCount:0 (#677)
  • Handle invalid unicode escapes (e1a1a77)
  • Apply minFractionDigits only to decimal strings (#676)

v2.8.3

  • Add trailingComma ToString option for multiline flow formatting (#670)
  • Catch stack overflow during node composition (1e84ebb)

v2.8.2

  • Serialize -0 as -0 (#638)
  • Do not double newlines for empty map values (#642)
Commits
  • ccdf743 2.8.4
  • f625789 fix: Disable alias resolution with maxAliasCount:0 (#677)
  • e1a1a77 fix: Handle invalid unicode escapes
  • a163ea0 style: Satify Prettier
  • b2a5a6c fix: Apply minFractionDigits only to decimal strings (#676)
  • 93c951b chore: Bump JSR version to v2.8.3 (#673)
  • 0f226a3 docs: Add trailingComma ToString option
  • ce14587 2.8.3
  • 1e84ebb fix: Catch stack overflow during node composition
  • 6b24090 ci: Include Prettier check in lint action
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

… updates

Bumps the npm_and_yarn group with 3 updates in the /svm directory: [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime), [base-x](https://github.com/cryptocoinjs/base-x) and [bn.js](https://github.com/indutny/bn.js).
Bumps the npm_and_yarn group with 5 updates in the /svm/anchor directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.25.6` | `7.29.2` |
| [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.10` | `3.0.11` |
| [bn.js](https://github.com/indutny/bn.js) | `5.2.1` | `5.2.3` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |

Bumps the npm_and_yarn group with 5 updates in the /api-docs directory:

| Package | From | To |
| --- | --- | --- |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |
| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |
| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.4` |



Updates `@babel/runtime` from 7.25.6 to 7.29.2
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime)

Updates `base-x` from 3.0.10 to 3.0.11
- [Commits](cryptocoinjs/base-x@v3.0.10...v3.0.11)

Updates `bn.js` from 5.2.1 to 5.2.3
- [Release notes](https://github.com/indutny/bn.js/releases)
- [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md)
- [Commits](indutny/bn.js@v5.2.1...v5.2.3)

Updates `@babel/runtime` from 7.25.6 to 7.29.2
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime)

Updates `base-x` from 3.0.10 to 3.0.11
- [Commits](cryptocoinjs/base-x@v3.0.10...v3.0.11)

Updates `bn.js` from 5.2.1 to 5.2.3
- [Release notes](https://github.com/indutny/bn.js/releases)
- [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md)
- [Commits](indutny/bn.js@v5.2.1...v5.2.3)

Updates `brace-expansion` from 1.1.11 to 1.1.14
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.14)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `ajv` from 8.17.1 to 8.20.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.17.1...v8.20.0)

Updates `fast-uri` from 3.0.6 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.6...v3.1.2)

Updates `tar` from 7.4.3 to 7.5.15
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.4.3...v7.5.15)

Updates `yaml` from 2.8.1 to 2.8.4
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.1...v2.8.4)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-version: 7.29.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: base-x
  dependency-version: 3.0.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: bn.js
  dependency-version: 5.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/runtime"
  dependency-version: 7.29.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: base-x
  dependency-version: 3.0.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: bn.js
  dependency-version: 5.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.14
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-version: 8.20.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.15
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 2.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants