Skip to content

chore: bump degit from 2.8.4 to 3.6.1#138

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/degit-3.6.1
Open

chore: bump degit from 2.8.4 to 3.6.1#138
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/degit-3.6.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown

Bumps degit from 2.8.4 to 3.6.1.

Changelog

Sourced from degit's changelog.

3.6.1

  • Load degit.json as JSON instead of an executable module.
  • Fix HTTPS clones with explicit refs throwing a ReferenceError.

3.6.0

  • Add gitlab://host/user/repo syntax for cloning from self-hosted GitLab instances (thanks to @​dnldsht for the original PR #361).

3.5.1

  • Fix GitLab archive URL format and centralize provider templates (thanks to @​satotake for the original PR #335).

3.5.0

  • Add a search_replace action for degit.json (thanks to @​Tythos for the original PR #365).

3.4.7

  • Gate clone error details behind --verbose.

3.4.6

  • Block remove path traversal outside the destination.

3.4.5

  • Stream git ls-remote for SSH ref discovery.

3.4.4

  • Remove the sander dependency in favor of native Node fs helpers.

3.4.3

  • Swap terminal colors to yoctocolors.

3.4.2

  • Fix git-lfs pointer files falling through the tarball path.

3.4.1

  • Fix first-clone hangs during archive downloads.

3.4.0

  • Tarball downloads are now the default, with SSH fallback on failure.
  • Public remotes now prefer HTTPS; explicit SSH sources still use SSH.
  • The JavaScript git backend is bundled for HTTPS ref discovery; SSH/private repos still need system git.

... (truncated)

Commits
  • b23d5f9 chore(release): 3.6.1
  • 1196417 fix(security): parse directives as JSON
  • 5e9052b feat: add agent rules for ponytail (lazy dev mode) and rtk (token optimizer)
  • 194527b fix(git): restore commit hash helper import (#458)
  • a900176 feat: support self-hosted GitLab via gitlab://host/user/repo syntax (#456)
  • 8f3d2f3 fix: update GitLab archive URL and centralize provider templates (#455)
  • 8387b12 chore(test): enforce test guidelines (#454)
  • 5190934 feat: add search_replace directive (#453)
  • c4753ac refactor: remove fs-extra dependency (#452)
  • 5ac7cdc refactor(src): rename src modules into layered layout (#450)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for degit since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 16, 2026
@codecov

codecov Bot commented Jul 16, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.29%. Comparing base (35c3388) to head (6011902).

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #138   +/-   ##
=======================================
  Coverage   79.29%   79.29%           
=======================================
  Files          45       45           
  Lines        3704     3704           
  Branches     1118     1059   -59     
=======================================
  Hits         2937     2937           
  Misses        758      758           
  Partials        9        9           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Bumps [degit](https://github.com/Rich-Harris/degit) from 2.8.4 to 3.6.1.
- [Changelog](https://github.com/Rich-Harris/degit/blob/master/docs/CHANGELOG.md)
- [Commits](Rich-Harris/degit@v2.8.4...v3.6.1)

---
updated-dependencies:
- dependency-name: degit
  dependency-version: 3.6.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title feat: bump degit from 2.8.4 to 3.6.1 chore: bump degit from 2.8.4 to 3.6.1 Jul 17, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/degit-3.6.1 branch from 6011902 to 2cc51a4 Compare July 17, 2026 02:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants