Skip to content

Dependabot Updates#878

Merged
jreineckearm merged 12 commits into
mainfrom
dependabot-updates
Mar 2, 2026
Merged

Dependabot Updates#878
jreineckearm merged 12 commits into
mainfrom
dependabot-updates

Conversation

@jreineckearm
Copy link
Copy Markdown
Collaborator

@jreineckearm jreineckearm commented Mar 2, 2026
edited
Loading

Fixes

Changes

  • Cherry-picks changes from above dependabot PRs
  • Manually bumps minimatch versions to latest patch releases
    • 10.2.2 -> 10.2.4
    • 3.1.2 -> 3.1.5
    • 9.0.5 -> 9.0.9

Screenshots

Checklist

  • 🤖 This change is covered by unit tests (if applicable).
  • 🤹 Manual testing has been performed (if necessary).
  • 🛡️ Security impacts have been considered (if relevant).
  • 📖 Documentation updates are complete (if required).
  • 🧠 Third-party dependencies and TPIP updated (if required).

dependabot Bot and others added 10 commits March 2, 2026 13:04
@dependabot @jreineckearm
Bump @types/node from 20.19.33 to 20.19.34
8ffd377 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.19.33 to 20.19.34.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 20.19.34
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @jreineckearm
Bump eslint from 10.0.1 to 10.0.2
25d4345 
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.1 to 10.0.2.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.0.1...v10.0.2)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @jreineckearm
Bump typescript-eslint from 8.56.0 to 8.56.1
fd5c5bd 
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.56.0 to 8.56.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.56.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @jreineckearm
Bump @typescript-eslint/parser from 8.56.0 to 8.56.1
354600f 
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.56.0 to 8.56.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.56.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Reinecke <jens.reinecke@arm.com>
@dependabot @jreineckearm
Bump @typescript-eslint/eslint-plugin from 8.56.0 to 8.56.1
79f10a7 
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.56.0 to 8.56.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.56.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Reinecke <jens.reinecke@arm.com>
@dependabot @jreineckearm
Bump github/codeql-action from 4.32.0 to 4.32.4
e3188a7 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.0 to 4.32.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b20883b...89a39a4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @jreineckearm
Bump step-security/harden-runner from 2.14.1 to 2.15.0
c1f5e06 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.1 to 2.15.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@e3f713f...a90bcbc)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @jreineckearm
Bump actions/upload-artifact from 6.0.0 to 7.0.0
52ceacd 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b7c566a...bbbca2d)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @jreineckearm
Bump actions/download-artifact from 7.0.0 to 8.0.0
2aed850 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@37930b1...70fc10c)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@jreineckearm
minimatch bumps
b4a1a12 
10.2.2 -> 10.2.4
3.1.2 -> 3.1.5
9.0.5 -> 9.0.9
10.1.1 -> 10.1.3 (requested was ~10.1.1)

Signed-off-by: Jens Reinecke <jens.reinecke@arm.com>
@qltysh
Copy link
Copy Markdown

qltysh Bot commented Mar 2, 2026
edited
Loading

Qlty

Coverage Impact

This PR will not change total coverage.

🚦 See full report on Qlty Cloud »

🛟 Help

  • Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

  • Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

  • File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

    • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.

JonatanAntoni
JonatanAntoni previously approved these changes Mar 2, 2026
View reviewed changes
@jreineckearm
Revert bump 10.1.1 -> 10.1.3 (requested was ~10.1.1), dependency revi…
22fbe31 
…ew disagrees

Signed-off-by: Jens Reinecke <jens.reinecke@arm.com>
@jreineckearm
Copy link
Copy Markdown
Collaborator Author

jreineckearm commented Mar 2, 2026

Reverted bump of 10.1.1 -> 10.1.3 (requested was ~10.1.1)
Dependency checker disagreed with this bump, version still vulnerable.

thorstendb-ARM
thorstendb-ARM approved these changes Mar 2, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@thorstendb-ARM thorstendb-ARM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, few things were removed.

@jreineckearm jreineckearm merged commit 78fc461 into main Mar 2, 2026
22 of 23 checks passed
@jreineckearm jreineckearm deleted the dependabot-updates branch March 2, 2026 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thorstendb-ARM thorstendb-ARM thorstendb-ARM approved these changes

@JonatanAntoni JonatanAntoni JonatanAntoni approved these changes

@soumeh01 soumeh01 Awaiting requested review from soumeh01

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jreineckearm @thorstendb-ARM @JonatanAntoni