Bump the all-npm-dependencies group across 1 directory with 14 updates by dependabot[bot] · Pull Request #17 · hexlet-components/devops-example-app

dependabot · 2026-05-20T11:23:04Z

Bumps the all-npm-dependencies group with 14 updates in the / directory:

Package	From	To
@dnlup/fastify-traps	`2.0.0`	`3.1.0`
@fastify/static	`6.10.2`	`9.1.3`
@fastify/view	`8.0.0`	`11.1.1`
bootstrap	`5.3.0`	`5.3.8`
dotenv	`16.3.1`	`17.4.2`
fastify	`4.19.2`	`5.8.5`
fastify-cli	`5.7.1`	`8.0.0`
lodash	`4.17.21`	`4.18.1`
pug	`3.0.2`	`3.0.4`
rollbar	`2.26.2`	`3.1.0`
jest	`29.6.1`	`30.4.2`
npm-check-updates	`16.10.15`	`22.2.0`
pino	`8.14.1`	`10.3.1`
pino-pretty	`10.0.1`	`13.1.3`

Updates @dnlup/fastify-traps from 2.0.0 to 3.1.0

Release notes

Sourced from @dnlup/fastify-traps's releases.

3.1.0

3.1.0 (2024-11-29)

Features

support fastify 5 (#346) (0bffa37)

3.0.2

3.0.2 (2024-01-16)

3.0.1

3.0.1 (2023-12-21)

Bug Fixes

exported module types (6daab84)

typo (30942a2)

3.0.0

3.0.0 (2023-08-31)

⚠ BREAKING CHANGES

types: the hooks type is changed

Changelog

Sourced from @dnlup/fastify-traps's changelog.

3.1.0 (2024-11-29)

Features

support fastify 5 (#346) (0bffa37)

3.0.2 (2024-01-16)

3.0.1 (2023-12-21)

Bug Fixes

exported module types (6daab84)

typo (30942a2)

3.0.0 (2023-08-31)

⚠ BREAKING CHANGES

types: the hooks type is changed

Features

upgrade fastify-plugin from 3.0.1 to 4.0.0 (a95fef8)

Bug Fixes

types: fix hooks types (eeb86c5)

Commits

2adbf0c chore(release): 3.1.0
0bffa37 feat: support fastify 5 (#346)
6bf2574 build(deps-dev): bump tsd from 0.29.0 to 0.30.3
e56b988 chore(release): 3.0.2
cf3a7b9 Update typings
f38aabc build(deps-dev): bump lint-staged from 14.0.1 to 15.2.0
857790a build(deps): bump actions/setup-node from 3 to 4
99db576 chore(release): 3.0.1
6daab84 fix: exported module types
30942a2 fix: typo
Additional commits viewable in compare view

Updates @fastify/static from 6.10.2 to 9.1.3

Release notes

Sourced from @fastify/static's releases.

v9.1.3

What's Changed

fix: support wildcard prefixes with route params by @mcollina in fastify/fastify-static#576

Full Changelog: fastify/fastify-static@v9.1.2...v9.1.3

v9.1.2

What's Changed

fix: resolve wildcard paths in encapsulated contexts by @mcollina in fastify/fastify-static#574

Full Changelog: fastify/fastify-static@v9.1.1...v9.1.2

v9.1.1

⚠️ Security Release

This fixes CVE CVE-2026-6410 GHSA-pr96-94w5-mx2h. This fixes CVE CVE-2026-6414 GHSA-x428-ghpx-8j92.

What's Changed

ci: add lock-threads workflow by @Fdawgs in fastify/fastify-static#570

Full Changelog: fastify/fastify-static@v9.1.0...v9.1.1

v9.1.0

What's Changed

build(deps-dev): bump @types/node from 24.10.4 to 25.0.3 by @dependabot[bot] in fastify/fastify-static#552

test: move ignoreTrailingSlash under routerOptions by @lraveri in fastify/fastify-static#553

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify-static#543

chore: bump pino and borp dependencies, delete stale.yml by @Tony133 in fastify/fastify-static#557

chore: update syntax typescript by @Tony133 in fastify/fastify-static#558

chore(license): standardise license notice by @Fdawgs in fastify/fastify-static#560

fix: sendFile ignoring option overrides in some cases by @bakugo in fastify/fastify-static#559

chore: upgrade c8 to v11.0.0 and improvements test by @Tony133 in fastify/fastify-static#564

build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @dependabot[bot] in fastify/fastify-static#566

New Contributors

@lraveri made their first contribution in fastify/fastify-static#553

@Tony133 made their first contribution in fastify/fastify-static#557

@bakugo made their first contribution in fastify/fastify-static#559

Full Changelog: fastify/fastify-static@v9.0.0...v9.1.0

v9.0.0

What's Changed

build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @dependabot[bot] in fastify/fastify-static#547

Update glob@13 by @mcollina in fastify/fastify-static#550

... (truncated)

Commits

880c1a6 Bumped v9.1.3
7f92da5 fix: support wildcard prefixes with route params (#576)
b0a66d5 Bumped v9.1.2
32af863 fix: resolve wildcard paths in encapsulated contexts (#574)
48b136f Bumped v9.1.1
cc7b7f7 Merge commit from fork
9921faa Merge commit from fork
4183d2d ci: add lock-threads workflow (#570)
a3a8cd6 Bumped v9.1.0
8423c80 build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#566)
Additional commits viewable in compare view

Updates @fastify/view from 8.0.0 to 11.1.1

Release notes

Sourced from @fastify/view's releases.

v11.1.1

What's Changed

chore(license): update date ranges; standardise style by @Fdawgs in fastify/point-of-view#478

build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in fastify/point-of-view#479

build(deps-dev): bump cross-env from 7.0.3 to 10.0.0 by @dependabot[bot] in fastify/point-of-view#480

chore: remove tap by @ilteoood in fastify/point-of-view#482

Fix using multiple view instances in production mode by @ilmari in fastify/point-of-view#476

New Contributors

@ilmari made their first contribution in fastify/point-of-view#476

Full Changelog: fastify/point-of-view@v11.1.0...v11.1.1

v11.1.0

What's Changed

ci: set permissions at workflow level by @Fdawgs in fastify/point-of-view#468

ci: restore job level permissions by @Fdawgs in fastify/point-of-view#469

build(deps-dev): bump express from 4.21.2 to 5.1.0 by @dependabot in fastify/point-of-view#470

fix: support mustache partials as documented by @blex41 in fastify/point-of-view#471

build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @dependabot in fastify/point-of-view#473

build(deps-dev): bump borp from 0.19.0 to 0.20.0 by @dependabot in fastify/point-of-view#474

Add security notice for raw option by @mcollina in fastify/point-of-view#475

feat: add Edge.js templating engine support by @oszoou in fastify/point-of-view#472

New Contributors

@blex41 made their first contribution in fastify/point-of-view#471

@oszoou made their first contribution in fastify/point-of-view#472

Full Changelog: fastify/point-of-view@v11.0.0...v11.1.0

v11.0.0

What's Changed

build(dependabot): reduce npm updates to monthly by @Fdawgs in fastify/point-of-view#458

chore: rename master to main by @Fdawgs in fastify/point-of-view#459

ci(ci): set job permissions by @Fdawgs in fastify/point-of-view#460

(test): migrate to node test runner by @ilteoood in fastify/point-of-view#461

test(test): limit file permissions by @Fdawgs in fastify/point-of-view#462

chore: remove .taprc by @Fdawgs in fastify/point-of-view#464

Revert "chore: remove .taprc" by @Fdawgs in fastify/point-of-view#465

refactor!: remove art-template support by @Fdawgs in fastify/point-of-view#466

New Contributors

@ilteoood made their first contribution in fastify/point-of-view#461

Full Changelog: fastify/point-of-view@v10.0.2...v11.0.0

v10.0.2

What's Changed

refactor(index): use Object.hasOwn() by @Fdawgs in fastify/point-of-view#439

build(deps-dev): bump autocannon from 7.15.0 to 8.0.0 by @dependabot in fastify/point-of-view#441

... (truncated)

Commits

d0da734 Bumped v11.1.1
399543d Fix using multiple view instances in production mode (#476)
c7f1cb0 chore: remove tap (#482)
add11a0 build(deps-dev): bump cross-env from 7.0.3 to 10.0.0 (#480)
c68d474 build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 (#479)
969e833 chore(license): update date ranges; standardise style (#478)
966840f Bumped v11.1.0
8944500 feat: add Edge.js templating engine support (#472)
0af5663 Add security notice for raw option (#475)
64f6502 build(deps-dev): bump borp from 0.19.0 to 0.20.0 (#474)
Additional commits viewable in compare view

Updates bootstrap from 5.3.0 to 5.3.8

Release notes

Sourced from bootstrap's releases.

v5.3.8

What's Changed

Streamline release prep script by @mdo in twbs/bootstrap#41539

Docs: restore local dev port to 9001 by @chalin in twbs/bootstrap#41545

Docs: use Example shortcode instead of divs with only .bd-example class by @julien-deramond in twbs/bootstrap#41556

Docs: fix scss autorecompile in dev mode by @MaxLardenois in twbs/bootstrap#41574

Fix color-contrast() function for WCAG 2.1 compliance by @julien-deramond in twbs/bootstrap#41585

OSSF Scorecard by @mdo in twbs/bootstrap#41571

Workflows: Use SHA-1 for third-party actions by @julien-deramond in twbs/bootstrap#41595

Docs: unminify downloadable example HTML files by @julien-deramond in twbs/bootstrap#41637

Docs: Add tooltips to buttons when <Example> is used, not just <Code> by @louismaximepiton in twbs/bootstrap#41582

Set cursor pointer on input search cancel button by @mdo in twbs/bootstrap#41639

CSS: Prevent spinner distortion in flex containers with multiline content by @julien-deramond in twbs/bootstrap#41654

Migrate MyGet script to GH actions by @supergibbs in twbs/bootstrap#41583

Revert "Attempt to return focus explicitly to dropdown trigger" by @mdo in twbs/bootstrap#41668

docs: Minor range example code optimization by @coliff in twbs/bootstrap#41665

Remove Themes from docs by @mdo in twbs/bootstrap#41671

Release v5.3.8 by @mdo in twbs/bootstrap#41669

Dependencies

Build(deps-dev): Bump the development-dependencies group with 3 updates by @julien-deramond in twbs/bootstrap#41540

Build(deps-dev): Bump the development-dependencies group with 2 updates by @julien-deramond in twbs/bootstrap#41544

Build(deps-dev): Bump stylelint-config-twbs-bootstrap from 16.0.0 to 16.1.0 by @julien-deramond in twbs/bootstrap#41546

Build(deps-dev): Bump the development-dependencies group with 5 updates by @julien-deramond in twbs/bootstrap#41552

Build(deps-dev): Bump the development-dependencies group with 4 updates by @julien-deramond in twbs/bootstrap#41560

Build(deps-dev): Bump the development-dependencies group with 3 updates by @julien-deramond in twbs/bootstrap#41566

Build(deps): Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot[bot] in twbs/bootstrap#41594

Build(deps-dev): Bump the development-dependencies group with 4 updates by @julien-deramond in twbs/bootstrap#41599

Build(deps-dev): Bump the development-dependencies group with 2 updates by @julien-deramond in twbs/bootstrap#41609

Build(deps): Bump github/codeql-action from 3.29.2 to 3.29.3 by @dependabot[bot] in twbs/bootstrap#41611

Build(deps): Bump streetsidesoftware/cspell-action from 7.1.1 to 7.1.2 by @dependabot[bot] in twbs/bootstrap#41610

Build(deps-dev): Bump the development-dependencies group with 4 updates by @julien-deramond in twbs/bootstrap#41621

Build(deps): Bump streetsidesoftware/cspell-action from 7.1.2 to 7.2.0 by @dependabot[bot] in twbs/bootstrap#41625

Build(deps): Bump actions-cool/issues-helper from 3.6.0 to 3.6.2 by @dependabot[bot] in twbs/bootstrap#41623

Build(deps): Bump github/codeql-action from 3.29.3 to 3.29.4 by @dependabot[bot] in twbs/bootstrap#41624

Build(deps-dev): Bump the development-dependencies group across 1 directory with 3 updates by @dependabot[bot] in twbs/bootstrap#41626

Build(deps): Bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in twbs/bootstrap#41640

Build(deps): Bump tmp from 0.2.3 to 0.2.4 by @dependabot[bot] in twbs/bootstrap#41649

Build(deps): Bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in twbs/bootstrap#41657

Build(deps): Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in twbs/bootstrap#41655

Build(deps): Bump github/codeql-action from 3.29.8 to 3.29.10 by @dependabot[bot] in twbs/bootstrap#41664

New Contributors

@chalin made their first contribution in twbs/bootstrap#41545

Full Changelog: twbs/bootstrap@v5.3.7...v5.3.8

v5.3.7

📚 Documentation

... (truncated)

Commits

25aa8cc Release v5.3.8 (#41669)
122bff5 Remove Themes from docs (#41671)
320f713 docs: Minor range example code optimization (#41665)
ac5f51c Revert "Attempt to return focus explicitly to dropdown trigger (#41365)" (#41...
4bd8b6c Migrate MyGet script to GH actions (#41583)
f50f38b CSS: Fix spinner deformation in flex boxes when content is multiline (#41654)
47c75b8 Set cursor pointer on input search cancel button (#41639)
26c86ba Build(deps): Bump github/codeql-action from 3.29.8 to 3.29.10 (#41664)
099b02b Build(deps-dev): Bump rollup from 4.46.2 to 4.46.3
4b8a2c9 Build(deps-dev): bump dependencies
Additional commits viewable in compare view

Updates dotenv from 16.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

Add a new README section on dotenv’s approach to the agentic future.

Changed

Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

Fixed typescript error definition (#912)

... (truncated)

Commits

f116f70 17.4.2
3a81612 fix visual order of faq
13f55a8 Merge branch 'skill'
4bbbf73 reorganize faq
c3da64b Merge pull request #1009 from motdotla/skill
6f743b1 update source
fc2c624 update skill
972315b Tighten up skill
2795fce reorganize faq
d5495d4 adjust skill
Additional commits viewable in compare view

Updates fastify from 4.19.2 to 5.8.5

Release notes

Sourced from fastify's releases.

v5.8.5

⚠️ Security Release

This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963.

What's Changed

chore: Fix port parsing by @jsumners in fastify/fastify#6603

chore: upgrade to typescript v6.0.2 by @Tony133 in fastify/fastify#6605

fix: restore trustProxy function for number and string types, add null check for socketAddr by @mcollina in fastify/fastify#6613

ci: reduce cron scheduled workflows from daily/weekly to monthly by @Fdawgs in fastify/fastify#6623

chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @dependabot[bot] in fastify/fastify#6629

chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @dependabot[bot] in fastify/fastify#6632

chore: Bump borp from 0.21.0 to 1.0.0 by @dependabot[bot] in fastify/fastify#6633

chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @dependabot[bot] in fastify/fastify#6630

docs(ecosystem): add @pompelmi/fastify-plugin by @SonoTommy in fastify/fastify#6610

New Contributors

@SonoTommy made their first contribution in fastify/fastify#6610

Full Changelog: fastify/fastify@v5.8.4...v5.8.5

v5.8.4

Full Changelog: fastify/fastify@v5.8.3...v5.8.4

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

docs(readme): add @Tony133 to plugin team by @Tony133 in fastify/fastify#6565

Updated Plugins-Guide.md; Changed "fastify" to "instance" during plugin registration to showcase that it's added as a child by @kyrylchenko in fastify/fastify#6566

test: use fastify.test in test case by @climba03003 in fastify/fastify#6568

docs: use fastify.example in documentation by @climba03003 in fastify/fastify#6567

docs: add common performance degradation guidance by @maxpetrusenko in fastify/fastify#6520

docs(server): fix camelCase anchor links in TOC by @Deepvamja in fastify/fastify#6530

ci(link-checker): fix root-relative links resolution by @barba-rossa in fastify/fastify#6535

docs: update syntax markdown, absolute paths and links by @Tony133 in fastify/fastify#6569

docs: clarify content-type parser/schema mismatch is outside threat model by @mcollina in fastify/fastify#6537

docs: fix incorrect code examples in Reply and Request reference by @mahmoodhamdi in fastify/fastify#6582

docs: replace redirected npm.im http-errors link by @mcollina in fastify/fastify#6588

types: Allow port to be null in request type definition by @TristanBarlow in fastify/fastify#6589

docs: update links by @Tony133 in fastify/fastify#6593

ci(lock-threads): use shared lock-threads workflow by @Fdawgs in fastify/fastify#6592

New Contributors

@kyrylchenko made their first contribution in fastify/fastify#6566

@maxpetrusenko made their first contribution in fastify/fastify#6520

@Deepvamja made their first contribution in fastify/fastify#6530

@barba-rossa made their first contribution in fastify/fastify#6535

... (truncated)

Commits

3983cce Bumped v5.8.5
3ce3ae6 Merge commit from fork
b06a196 docs(ecosystem): add @pompelmi/fastify-plugin (#6610)
909c5d5 chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)
4db21a3 chore: Bump borp from 0.21.0 to 1.0.0 (#6633)
0f4e544 chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)
33a2fcd chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)
fd35d82 ci: reduce cron schedules from daily/weekly to monthly (#6623)
8dee9be fix: restore trustProxy function for number and string types, add null check ...
d457aed chore: upgrade to typescript v6.0.2 (#6605)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by climba03003, a new releaser for fastify since your current version.

Updates fastify-cli from 5.7.1 to 8.0.0

Release notes

Sourced from fastify-cli's releases.

v8.0.0

What's Changed

BREAKING: remove dotenv by @ilteoood in fastify/fastify-cli#851

chore(deps-dev): bump glob from 11.1.0 to 13.0.0 by @dependabot[bot] in fastify/fastify-cli#852

chore(deps): bump chokidar from 4.0.3 to 5.0.0 by @dependabot[bot] in fastify/fastify-cli#853

chore(deps-dev): bump @types/node from 24.10.4 to 25.0.3 by @dependabot[bot] in fastify/fastify-cli#856

chore: update readme and others improvements by @Tony133 in fastify/fastify-cli#858

chore: improved comments in eject templates by @Tony133 in fastify/fastify-cli#857

Pass an already imported module in helper by @segevfiner in fastify/fastify-cli#816

test: migrate esm util and helper tests to node:test by @lraveri in fastify/fastify-cli#859

chore(deps-dev): bump c8 from 10.1.3 to 11.0.0 by @dependabot[bot] in fastify/fastify-cli#865

chore(license): standardise license notice by @Fdawgs in fastify/fastify-cli#864

Add CLI option to specify directory or file to watch in watch mode by @gafreax in fastify/fastify-cli#794

add experimental-strip-types in app-ts-esm by @SimoneDevkt in fastify/fastify-cli#798

ci: removed stale.yml by @Tony133 in fastify/fastify-cli#870

test: migrate tap suite to node:test by @mcollina in fastify/fastify-cli#869

chore: removed .taprc file by @Tony133 in fastify/fastify-cli#871

New Contributors

@lraveri made their first contribution in fastify/fastify-cli#859

Full Changelog: fastify/fastify-cli@v7.4.1...v8.0.0

v7.4.1

What's Changed

ci: set permissions at workflow level by @Fdawgs in fastify/fastify-cli#807

ci: restore job level permissions by @Fdawgs in fastify/fastify-cli#808

ci(ci): remove auto merge exclude by @shishir-karanth in fastify/fastify-cli#805

chore(deps-dev): bump sinon from 19.0.5 to 20.0.0 by @dependabot[bot] in fastify/fastify-cli#809

chore(deps): bump @fastify/deepmerge from 2.0.2 to 3.0.0 by @dependabot[bot] in fastify/fastify-cli#810

chore(templates/plugin): update ci example by @Fdawgs in fastify/fastify-cli#811

chore(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @dependabot[bot] in fastify/fastify-cli#813

chore(templates/plugin): update ci example by @Fdawgs in fastify/fastify-cli#814

ci: add node 24 to test matrix by @Fdawgs in fastify/fastify-cli#815

chore(deps): bump yargs-parser from 21.1.1 to 22.0.0 by @dependabot[bot] in fastify/fastify-cli#817

test: migrated generate.test.js from tap to node:test by @Tony133 in fastify/fastify-cli#823

ci: use tags for immutable github actions by @Fdawgs in fastify/fastify-cli#826

chore(license): update date ranges; standardise style by @Fdawgs in fastify/fastify-cli#830

chore(deps-dev): bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in fastify/fastify-cli#832

chore(deps-dev): bump sinon from 20.0.0 to 21.0.0 by @dependabot[bot] in fastify/fastify-cli#833

chore: removed simple get from tests by @ilteoood in fastify/fastify-cli#834

chore(deps-dev): bump cross-env from 7.0.3 to 10.0.0 by @dependabot[bot] in fastify/fastify-cli#837

chore(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in fastify/fastify-cli#838

test: migrated print-routes.test.js to tap to node:test by @Tony133 in fastify/fastify-cli#829

test: migrated print-plugins.test.js to tap to node:test by @Tony133 in fastify/fastify-cli#828

test: migrated eject test from tap to node:test by @Tony133 in fastify/fastify-cli#818

test: migrated generate-plugin.test.js from tap to node:test by @Tony133 in fastify/fastify-cli#820

chore(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in fastify/fastify-cli#839

chore: add .npmrc file by @Fdawgs in fastify/fastify-cli#840

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fastify-cli#842

... (truncated)

Commits

88cbf5b Bumped v8.0.0
5ae8c24 chore: removed .taprc file (#871)
39ea5d4 test: migrate tap suite to node:test (#869)
4fbbb28 ci: removed stale.yml (#870)
a8bf1b0 add experimental-strip-types in app-ts-esm (#798)
1da1ad7 Add CLI option to specify directory or file to watch in watch mode (#794)
c42f1fb chore(license): standardise license notice (#864)
b127fa7 chore(deps-dev): bump c8 from 10.1.3 to 11.0.0 (#865)
bdce68c test: migrate esm util and helper tests to node:test (#859)
08c66cc feat: pass an already imported module in helper (#816)
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

lodash: lodash/lodash@4.18.0-npm...4.18.1-npm

lodash-es: lodash/lodash@4.18.0-es...4.18.1-es

lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd

lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (

Bumps the all-npm-dependencies group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@dnlup/fastify-traps](https://github.com/dnlup/fastify-traps) | `2.0.0` | `3.1.0` | | [@fastify/static](https://github.com/fastify/fastify-static) | `6.10.2` | `9.1.3` | | [@fastify/view](https://github.com/fastify/point-of-view) | `8.0.0` | `11.1.1` | | [bootstrap](https://github.com/twbs/bootstrap) | `5.3.0` | `5.3.8` | | [dotenv](https://github.com/motdotla/dotenv) | `16.3.1` | `17.4.2` | | [fastify](https://github.com/fastify/fastify) | `4.19.2` | `5.8.5` | | [fastify-cli](https://github.com/fastify/fastify-cli) | `5.7.1` | `8.0.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [pug](https://github.com/pugjs/pug) | `3.0.2` | `3.0.4` | | [rollbar](https://github.com/rollbar/rollbar.js) | `2.26.2` | `3.1.0` | | [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `29.6.1` | `30.4.2` | | [npm-check-updates](https://github.com/raineorshine/npm-check-updates) | `16.10.15` | `22.2.0` | | [pino](https://github.com/pinojs/pino) | `8.14.1` | `10.3.1` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `10.0.1` | `13.1.3` | Updates `@dnlup/fastify-traps` from 2.0.0 to 3.1.0 - [Release notes](https://github.com/dnlup/fastify-traps/releases) - [Changelog](https://github.com/dnlup/fastify-traps/blob/next/CHANGELOG.md) - [Commits](dnlup/fastify-traps@v2.0.0...v3.1.0) Updates `@fastify/static` from 6.10.2 to 9.1.3 - [Release notes](https://github.com/fastify/fastify-static/releases) - [Commits](fastify/fastify-static@v6.10.2...v9.1.3) Updates `@fastify/view` from 8.0.0 to 11.1.1 - [Release notes](https://github.com/fastify/point-of-view/releases) - [Commits](fastify/point-of-view@v8.0.0...v11.1.1) Updates `bootstrap` from 5.3.0 to 5.3.8 - [Release notes](https://github.com/twbs/bootstrap/releases) - [Commits](twbs/bootstrap@v5.3.0...v5.3.8) Updates `dotenv` from 16.3.1 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v16.3.1...v17.4.2) Updates `fastify` from 4.19.2 to 5.8.5 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v4.19.2...v5.8.5) Updates `fastify-cli` from 5.7.1 to 8.0.0 - [Release notes](https://github.com/fastify/fastify-cli/releases) - [Commits](fastify/fastify-cli@v5.7.1...v8.0.0) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `pug` from 3.0.2 to 3.0.4 - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug@3.0.2...pug@3.0.4) Updates `rollbar` from 2.26.2 to 3.1.0 - [Release notes](https://github.com/rollbar/rollbar.js/releases) - [Changelog](https://github.com/rollbar/rollbar.js/blob/master/CHANGELOG.md) - [Commits](rollbar/rollbar.js@v2.26.2...v3.1.0) Updates `jest` from 29.6.1 to 30.4.2 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest) Updates `npm-check-updates` from 16.10.15 to 22.2.0 - [Release notes](https://github.com/raineorshine/npm-check-updates/releases) - [Changelog](https://github.com/raineorshine/npm-check-updates/blob/main/CHANGELOG.md) - [Commits](raineorshine/npm-check-updates@v16.10.15...v22.2.0) Updates `pino` from 8.14.1 to 10.3.1 - [Release notes](https://github.com/pinojs/pino/releases) - [Commits](pinojs/pino@v8.14.1...v10.3.1) Updates `pino-pretty` from 10.0.1 to 13.1.3 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v10.0.1...v13.1.3) --- updated-dependencies: - dependency-name: "@dnlup/fastify-traps" dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: "@fastify/static" dependency-version: 9.1.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: "@fastify/view" dependency-version: 11.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: bootstrap dependency-version: 5.3.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-npm-dependencies - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: fastify dependency-version: 5.8.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: fastify-cli dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: lodash dependency-version: 4.18.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-npm-dependencies - dependency-name: pug dependency-version: 3.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-npm-dependencies - dependency-name: rollbar dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: jest dependency-version: 30.4.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: npm-check-updates dependency-version: 22.2.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: pino dependency-version: 10.3.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-npm-dependencies - dependency-name: pino-pretty dependency-version: 13.1.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-npm-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-20T11:29:25Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 20, 2026

dependabot Bot closed this May 20, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/all-npm-dependencies-ef5df70e60 branch May 20, 2026 11:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all-npm-dependencies group across 1 directory with 14 updates#17

Bump the all-npm-dependencies group across 1 directory with 14 updates#17
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-npm-dependencies-ef5df70e60

dependabot Bot commented on behalf of github May 20, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

3.1.0

3.1.0 (2024-11-29)

Features

3.0.2

3.0.2 (2024-01-16)

3.0.1

3.0.1 (2023-12-21)

Bug Fixes

3.0.0

3.0.0 (2023-08-31)

⚠ BREAKING CHANGES

3.1.0 (2024-11-29)

Features

3.0.2 (2024-01-16)

3.0.1 (2023-12-21)

Bug Fixes

3.0.0 (2023-08-31)

⚠ BREAKING CHANGES

Features

Bug Fixes

v9.1.3

What's Changed

v9.1.2

What's Changed

v9.1.1

⚠️ Security Release

What's Changed

v9.1.0

What's Changed

New Contributors

v9.0.0

What's Changed

v11.1.1

What's Changed

New Contributors

v11.1.0

What's Changed

New Contributors

v11.0.0

What's Changed

New Contributors

v10.0.2

What's Changed

v5.3.8

What's Changed

Dependencies

New Contributors

v5.3.7

📚 Documentation

17.4.2 (2026-04-12)

Changed

17.4.1 (2026-04-05)

Changed

17.4.0 (2026-04-01)

Added

Changed

17.3.1 (2026-02-12)

Changed

17.3.0 (2026-02-12)

Added

Changed

17.2.4 (2026-02-05)

Changed

17.2.3 (2025-09-29)

Changed

v5.8.5

⚠️ Security Release

What's Changed

New Contributors

v5.8.4

v5.8.3

⚠️ Security Release

What's Changed

New Contributors

v8.0.0

What's Changed

New Contributors

dependabot Bot commented on behalf of github May 20, 2026 •

edited

Loading