Skip to content

Bump the npm_and_yarn group across 15 directories with 14 updates#18

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-a44c273c89
Closed

Bump the npm_and_yarn group across 15 directories with 14 updates#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-a44c273c89

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 3, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package From To
undici 6.20.1 6.24.0
electron 32.2.1 39.8.4
minimatch 3.1.2 3.1.5
minimatch 9.0.5 9.0.9
minimatch 9.0.3 9.0.9
minimatch 7.4.6 7.4.9
minimatch 10.0.1 10.2.5
@tootallnate/once 3.0.0 3.0.1
brace-expansion 1.1.11 1.1.13
flatted 3.3.1 3.4.2
svgo 3.3.2 3.3.3
svgo 2.8.0 2.8.2

Bumps the npm_and_yarn group with 4 updates in the /build directory: minimatch, brace-expansion, @xmldom/xmldom and fast-xml-parser.
Bumps the npm_and_yarn group with 2 updates in the /build/npm/gyp directory: minimatch and tar.
Bumps the npm_and_yarn group with 1 update in the /extensions/css-language-features directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /extensions/git directory: file-type.
Bumps the npm_and_yarn group with 1 update in the /extensions/html-language-features directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /extensions/json-language-features directory: minimatch.
Bumps the npm_and_yarn group with 3 updates in the /extensions/markdown-language-features directory: minimatch, brace-expansion and dompurify.
Bumps the npm_and_yarn group with 1 update in the /extensions/notebook-renderers directory: @tootallnate/once.
Bumps the npm_and_yarn group with 2 updates in the /extensions/npm directory: minimatch and brace-expansion.
Bumps the npm_and_yarn group with 1 update in the /extensions/vscode-api-tests directory: node-forge.
Bumps the npm_and_yarn group with 2 updates in the /remote directory: undici and @tootallnate/once.
Bumps the npm_and_yarn group with 2 updates in the /test/automation directory: minimatch and brace-expansion.
Bumps the npm_and_yarn group with 2 updates in the /test/integration/browser directory: minimatch and brace-expansion.
Bumps the npm_and_yarn group with 2 updates in the /test/smoke directory: minimatch and brace-expansion.

Updates undici from 6.20.1 to 6.24.0

Release notes

Sourced from undici's releases.

v6.24.0

Undici v6.24.0 Security Release Notes (LTS)

This release backports fixes for security vulnerabilities affecting the v6 line.

Upgrade guidance

All users on v6 should upgrade to v6.24.0 or later.

Fixed advisories

Not applicable to v6

Affected and patched ranges (v6)

References

v6.23.0

⚠️ Security Release

... (truncated)

Commits
  • 8873c94 Bumped v6.24.0
  • 411bd01 test(websocket): use node:assert for Node 18 compatibility
  • 844bf59 test: fix http2 lint regressions in backport
  • a444e4f test: stabilize h2 and tls-cert-leak under current test runner
  • dc032a1 fix: h2 CI (#4395)
  • 4cd3f4b test: increase bitness in test/fixtures/*.pem (#3659)
  • 7df6442 fix: adapt websocket frame-limit handling for v6 parser
  • 4e0179a fix: reject duplicate content-length and host headers
  • 5a97f08 Fix websocket 64-bit length overflow
  • e43e898 fix: validate upgrade header to prevent CRLF injection
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.


Updates electron from 32.2.1 to 39.8.4

Release notes

Sourced from electron's releases.

electron v39.8.4

Release Notes for v39.8.4

Fixes

  • Fixed an issue where nodeIntegrationInWorker overrides in setWindowOpenHandler were not honored for child windows sharing a renderer process with their opener. #50468 (Also in 38, 40, 41)
  • Fixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. #50400 (Also in 40, 41, 42)
  • Fixed improper focus tracking in BaseWindow on MacOS. #50338 (Also in 40, 41, 42)
  • Fixed window freeze when failing to enter/exit fullscreen on macOS. #50341 (Also in 40, 41, 42)

Other Changes

  • Added support for using a proxy during yarn install. #50349 (Also in 40, 41, 42)
  • Backported fix for 485935305. #50440
  • Backported fix for 489381399. #50443
  • Backported fix for chromium:475877320. #50436
  • Backported fixes for 484751092, 487117772. #50461

electron v39.8.3

Release Notes for v39.8.3

Fixes

  • Added additional ASAR support to additional fs copy methods. #50284 (Also in 40, 41, 42)
  • Fixed user resizing of transparent windows on win32 platform. #50300 (Also in 40, 41, 42)

electron v39.8.2

Release Notes for v39.8.2

Other Changes

  • Backported fix for b/491421267. #50230

electron v39.8.1

Release Notes for v39.8.1

Fixes

  • Added validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. #50156 (Also in 38, 40, 41)
  • Fixed an issue on macOS where calling autoUpdater.quitAndInstall() could fail if checkForUpdates() was called again after an update was already downloaded. #50215 (Also in 40, 41)
  • Fixed an issue where Chrome Devtools menus may not appear in certain embedded windows. #50136 (Also in 40, 41)
  • Fixed an issue where additionalData passed to app.requestSingleInstanceLock on Windows could be truncated or fail to deserialize in the primary instance's second-instance event. #50174 (Also in 38, 40, 41)
  • Fixed an issue where screen.getCursorScreenPoint() crashed on Wayland when it was called before a BrowserWindow had been created. #50106 (Also in 40, 41)
  • Fixed an issue where calling setBounds on a WebContentsView could trigger redundant page-favicon-updated events even when the favicon had not changed. #50086 (Also in 40, 41)
  • Fixed an issue where invalid characters in custom protocol or webRequest response header values were not rejected. #50129 (Also in 38, 40, 41)
  • Fixed an issue where permission and device-chooser handlers received the top-level page origin instead of the requesting subframe's origin. #50147 (Also in 38, 40, 41)
  • Fixed an issue where traffic light buttons would flash at position (0,0) when restoring a window with a custom trafficLightPosition from minimization on macOS. #50208 (Also in 40, 41)
  • Fixed bug where opening a message box immediately upon closing a child window may cause the parent window to freeze on Windows. #50190 (Also in 40, 41)
  • Fixed menu bar hiding after a call to win.setFullScreen(false) when not in fullscreen on Linux. #49995 (Also in 40, 41)
  • Fixed shutdown crash on windows when hidden titlebar is enabled. #50054 (Also in 40, 41)
  • Reverted AltGr key fix that caused menu bar to no longer show on Windows. #50109 (Also in 40, 41)

... (truncated)

Commits
  • 7007907 chore: cherry-pick 3 changes from chromium (#50461)
  • 2c8b6ee chore: cherry-pick fbfb27470bf6 from chromium (#50436)
  • 4c64377 chore: cherry-pick 50b057660b4d from chromium (#50440)
  • 0ef0561 fix: read nodeIntegrationInWorker from per-frame WebPreferences (#50122) (#50...
  • 64373df chore: cherry-pick 074d472db745 from chromium (#50443)
  • 13e4407 fix: don't re-parse URL unnecessarily when handling dialogs (#50400)
  • 16a0385 ci: output build cache hit rate as GHA annotation (#50369)
  • 00a492d chore: Respect HTTP(S) proxy env variable for Yarn (#50349)
  • 290a77b fix: correctly track BaseWindow::IsActive() on MacOS (#50338)
  • 87baa17 fix: ensure WebContents::WasShown runs when window is shown (#50341)
  • Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates minimatch from 9.0.5 to 9.0.9

Commits

Updates minimatch from 9.0.3 to 9.0.9

Commits

Updates minimatch from 7.4.6 to 7.4.9

Commits

Updates minimatch from 10.0.1 to 10.2.5

Commits

Updates @tootallnate/once from 3.0.0 to 3.0.1

Release notes

Sourced from @​tootallnate/once's releases.

v3.0.1

Patch Changes

  • 28dbc5d: Fix promise hang when AbortSignal is aborted
Changelog

Sourced from @​tootallnate/once's changelog.

3.0.1

Patch Changes

  • 28dbc5d: Fix promise hang when AbortSignal is aborted
Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​tootallnate/once since your current version.


Updates brace-expansion from 1.1.11 to 1.1.13

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates flatted from 3.3.1 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates svgo from 3.3.2 to 3.3.3

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

  • Migrates from our unsupported fork of sax (@​trysound/sax) to the upstream version of sax (sax).

Bug Fixes

  • No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

v3.3.2 v3.3.3 Delta
svgo.browser.js 910.9 kB 912.9 kB ⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

Updates svgo from 2.8.0 to 2.8.2

Release notes

Sourced from svgo's releases.

v3.3.3

What's Changed

Dependencies

  • Migrates from our unsupported fork of sax (@​trysound/sax) to the upstream version of sax (sax).

Bug Fixes

  • No longer throws error when encountering comments in DTD.

Metrics

Before and after of the browser bundle of each respective version:

v3.3.2 v3.3.3 Delta
svgo.browser.js 910.9 kB 912.9 kB ⬆️ 2 kB

Support

SVGO v3 is not officially supported, please consider upgrading to SVGO v4 instead. We've backported this fix as there are security implications, but there is no commitment to do this for more complex changes in future.

Consider reading our Migration Guide from v3 to v4 which should ease the process.

Commits

Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

  • fix: serialize URL string contents to prevent XSS (#173) f27d65d
  • Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0
  • docs: update readme with URL support (#146) 0d88527
  • chore: update node version and lock file e2a3a91
  • fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

Commits

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates minimatch from 9.0.5 to 9.0.9

Commits

Updates brace-expansion from 1.1.11 to 1.1.13

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates @xmldom/xmldom from 0.8.10 to 0.8.12

Release notes

Sourced from @​xmldom/xmldom's releases.

0.8.12

Commits

Fixed

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @​thesmartshadow, @​stevenobiajulu, for your contributions

xmldom/xmldom#357

0.8.11

0.8.11

Fixed

Thank you, @​shunkica, for your contributions

Changelog

Sourced from @​xmldom/xmldom's changelog.

0.8.12

Fixed

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @​thesmartshadow, @​stevenobiajulu, for your contributions

0.8.11

Fixed

Thank you, @​shunkica, for your contributions

0.9.8

Fixed

Chore

Thank you, @​kboshold, @​Ponynjaa, for your contributions.

0.9.7

Added

Fixed

... (truncated)

Commits
  • 189cb78 0.8.12
  • ed08df7 fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (#968)
  • a5b929b chore: clean up generated test artefacts before running ci-local
  • 4e37a20 ci: run format:check in lint job
  • ac0ac77 chore: ignore generated files when checking formatting
  • 968c893 chore: add local CI script and format:check script
  • ac40424 fix: preserve trailing whitespace in ProcessingInstruction data (#962)
  • cece752 chore: add .nvmrc pointing to node version 18
  • cbf44d9 docs: improve links to changes in most recent release
  • c0f1401 0.8.11
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by karfau, a new releaser for @​xmldom/xmldom<...

Description has been truncated

Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.24.0` |
| [electron](https://github.com/electron/electron) | `32.2.1` | `39.8.4` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |
| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |
| [minimatch](https://github.com/isaacs/minimatch) | `9.0.3` | `9.0.9` |
| [minimatch](https://github.com/isaacs/minimatch) | `7.4.6` | `7.4.9` |
| [minimatch](https://github.com/isaacs/minimatch) | `10.0.1` | `10.2.5` |
| [@tootallnate/once](https://github.com/TooTallNate/once) | `3.0.0` | `3.0.1` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.13` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |
| [svgo](https://github.com/svg/svgo) | `3.3.2` | `3.3.3` |
| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |

Bumps the npm_and_yarn group with 4 updates in the /build directory: [minimatch](https://github.com/isaacs/minimatch), [brace-expansion](https://github.com/juliangruber/brace-expansion), [@xmldom/xmldom](https://github.com/xmldom/xmldom) and [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser).
Bumps the npm_and_yarn group with 2 updates in the /build/npm/gyp directory: [minimatch](https://github.com/isaacs/minimatch) and [tar](https://github.com/isaacs/node-tar).
Bumps the npm_and_yarn group with 1 update in the /extensions/css-language-features directory: [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 1 update in the /extensions/git directory: [file-type](https://github.com/sindresorhus/file-type).
Bumps the npm_and_yarn group with 1 update in the /extensions/html-language-features directory: [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 1 update in the /extensions/json-language-features directory: [minimatch](https://github.com/isaacs/minimatch).
Bumps the npm_and_yarn group with 3 updates in the /extensions/markdown-language-features directory: [minimatch](https://github.com/isaacs/minimatch), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [dompurify](https://github.com/cure53/DOMPurify).
Bumps the npm_and_yarn group with 1 update in the /extensions/notebook-renderers directory: [@tootallnate/once](https://github.com/TooTallNate/once).
Bumps the npm_and_yarn group with 2 updates in the /extensions/npm directory: [minimatch](https://github.com/isaacs/minimatch) and [brace-expansion](https://github.com/juliangruber/brace-expansion).
Bumps the npm_and_yarn group with 1 update in the /extensions/vscode-api-tests directory: [node-forge](https://github.com/digitalbazaar/forge).
Bumps the npm_and_yarn group with 2 updates in the /remote directory: [undici](https://github.com/nodejs/undici) and [@tootallnate/once](https://github.com/TooTallNate/once).
Bumps the npm_and_yarn group with 2 updates in the /test/automation directory: [minimatch](https://github.com/isaacs/minimatch) and [brace-expansion](https://github.com/juliangruber/brace-expansion).
Bumps the npm_and_yarn group with 2 updates in the /test/integration/browser directory: [minimatch](https://github.com/isaacs/minimatch) and [brace-expansion](https://github.com/juliangruber/brace-expansion).
Bumps the npm_and_yarn group with 2 updates in the /test/smoke directory: [minimatch](https://github.com/isaacs/minimatch) and [brace-expansion](https://github.com/juliangruber/brace-expansion).


Updates `undici` from 6.20.1 to 6.24.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.20.1...v6.24.0)

Updates `electron` from 32.2.1 to 39.8.4
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v32.2.1...v39.8.4)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 7.4.6 to 7.4.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 10.0.1 to 10.2.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `@tootallnate/once` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/master/CHANGELOG.md)
- [Commits](TooTallNate/once@3.0.0...v3.0.1)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `flatted` from 3.3.1 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.1...v3.4.2)

Updates `svgo` from 3.3.2 to 3.3.3
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

Updates `svgo` from 2.8.0 to 2.8.2
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.2...v3.3.3)

Updates `serialize-javascript` from 6.0.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `@xmldom/xmldom` from 0.8.10 to 0.8.12
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](xmldom/xmldom@0.8.10...0.8.12)

Updates `fast-xml-parser` from 4.5.0 to 5.5.10
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.0...v5.5.10)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 2.0.1 to 2.0.3
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `tar` from 6.2.1 to 7.5.13
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.1...v7.5.13)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 2.0.1 to 2.0.3
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `file-type` from 16.5.4 to 21.3.2
- [Release notes](https://github.com/sindresorhus/file-type/releases)
- [Commits](sindresorhus/file-type@v16.5.4...v21.3.2)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 2.0.1 to 2.0.3
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 2.0.1 to 2.0.3
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `dompurify` from 3.1.7 to 3.3.2
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.1.7...3.3.2)

Removes `@tootallnate/once`

Updates `minimatch` from 5.1.6 to 5.1.8
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 2.0.1 to 2.0.3
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `undici` from 6.20.1 to 6.24.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.20.1...v6.24.0)

Updates `@tootallnate/once` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/master/CHANGELOG.md)
- [Commits](TooTallNate/once@3.0.0...v3.0.1)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `brace-expansion` from 1.1.11 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.13)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-version: 39.8.4
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 7.4.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 10.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 3.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: svgo
  dependency-version: 3.3.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: svgo
  dependency-version: 2.8.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 6.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@xmldom/xmldom"
  dependency-version: 0.8.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-version: 5.5.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: file-type
  dependency-version: 21.3.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 5.1.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.24.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 3.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 3, 2026
@dependabot @github

dependabot Bot commented on behalf of github Apr 7, 2026

Copy link
Copy Markdown
Author

Superseded by #19.

@dependabot dependabot Bot closed this Apr 7, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-a44c273c89 branch April 7, 2026 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants