Skip to content

deps: bump the minor-and-patch group across 1 directory with 8 updates#32

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/minor-and-patch-2803225dfc
Closed

deps: bump the minor-and-patch group across 1 directory with 8 updates#32
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/minor-and-patch-2803225dfc

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026
edited
Loading

Bumps the minor-and-patch group with 8 updates in the / directory:

Package From To
@modelcontextprotocol/sdk 1.26.0 1.27.1
fastify 5.7.4 5.8.2
listr2 10.1.0 10.2.1
log-update 7.1.0 7.2.0
simple-git 3.30.0 3.32.3
@biomejs/biome 2.3.15 2.4.6
lint-staged 16.2.7 16.3.2
typedoc 0.28.16 0.28.17

Updates @modelcontextprotocol/sdk from 1.26.0 to 1.27.1

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.27.1

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

Commits
  • 4faa8c8 chore: bump version to 1.27.1 (#1581)
  • 09a85a8 fix: call onerror for silently swallowed transport errors (#1580)
  • e79d14a fix: prevent command injection in example URL opening (v1.x backport) (#1579)
  • 342ea39 docs: comprehensive feature documentation for SEP-1730 Tier 1 (#1548)
  • 2084a22 docs: add governance documentation for SEP-1730 (#1547)
  • f2d2145 feat: implement auth/pre-registration conformance scenario (#1545)
  • 8cbc658 chore: bump version for v1.27.0 (#1541)
  • 5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
  • 97ab379 feat: add url property to RequestInfo interface (#1353)
  • 825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
  • Additional commits viewable in compare view

Updates fastify from 5.7.4 to 5.8.2

Release notes

Sourced from fastify's releases.

v5.8.2

What's Changed

New Contributors

Full Changelog: fastify/fastify@v5.8.1...v5.8.2

v5.8.1

⚠️ Security Release

Fixes "Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation": GHSA-573f-x89g-hqp9.

CVE-2026-3419

Full Changelog: fastify/fastify@v5.8.0...v5.8.1

v5.8.0

What's Changed

... (truncated)

Commits
  • 375e136 Bumped v5.8.2
  • 25a70ff docs: add @​glidemq/fastify to community plugins list (#6560)
  • 4a5304f docs(guides): update codemod links (#6479)
  • c9bcde4 docs: added note on handling of invalid URLs in setNotFoundHandler (#5661)
  • 3b0f769 fix: anchor keyValuePairsReg to prevent quadratic backtracking (#6558)
  • e4474cf docs: add fastify-svelte-view to Ecosystem list (#6453)
  • deaeb40 docs(ecosystem): add fastify-file-router (#6441)
  • 0d3b560 docs: document body validation with custom content type parsers (#6556)
  • cdcc4de Revert "chore: upgrade borp to v1.0.0 (#6510)" (#6564)
  • b61c362 docs(ecosystem): add @​yeliex/fastify-problem-details (#6546)
  • Additional commits viewable in compare view

Updates listr2 from 10.1.0 to 10.2.1

Commits
  • e9f961a chore(release): 10.2.1 [skip ci]
  • 526b5f2 Merge branch 'renovate/node-minor' into 'master'
  • 00b2d66 fix(deps): update node all minor dependency updates
  • d21ceb6 chore(release): 4.2.0 [skip ci]
  • b947722 chore(release): 4.2.0 [skip ci]
  • ae7d8b8 chore(release): 4.2.0 [skip ci]
  • 2cf9208 chore(release): 10.2.0 [skip ci]
  • 54d03df chore: update lock
  • 0733d82 Merge branch 'master' of gitlab.kilic.dev:libraries/listr2
  • 6d71d38 feat(utils): replace colorette with util.styleText (#758)
  • Additional commits viewable in compare view

Updates log-update from 7.1.0 to 7.2.0

Release notes

Sourced from log-update's releases.

v7.2.0

  • Update dependencies 9d12d94

sindresorhus/log-update@v7.1.0...v7.2.0

Commits

Updates simple-git from 3.30.0 to 3.32.3

Release notes

Sourced from simple-git's releases.

simple-git@3.32.3

Patch Changes

  • f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

    Thanks to @​CodeAnt-AI-Security for identifying the issue

simple-git@3.32.2

Patch Changes

  • 8d02097: Enhanced clone unsafe switch detection.

simple-git@3.32.1

Patch Changes

  • 23b070f: Fix regex for detecting unsafe clone options

    Thanks to @​stevenwdv for reporting this issue.

simple-git@3.32.0

Minor Changes

  • 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

    Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

  • d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

simple-git@3.31.1

Patch Changes

  • a44184f: Resolve NPM publish steps
Changelog

Sourced from simple-git's changelog.

3.32.3

Patch Changes

  • f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

    Thanks to @​CodeAnt-AI-Security for identifying the issue

3.32.2

Patch Changes

  • 8d02097: Enhanced clone unsafe switch detection.

3.32.1

Patch Changes

  • 23b070f: Fix regex for detecting unsafe clone options

    Thanks to @​stevenwdv for reporting this issue.

3.32.0

Minor Changes

  • 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

    Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

  • d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

3.31.1

Patch Changes

  • a44184f: Resolve NPM publish steps

3.31.0

Minor Changes

  • 22dc93f: Custom binary plugin should support the use of ~ character, used by Windows to shorten long folder names and folder names that have spaces in them (eg: C:\Program Files might become C:\PROGRA~1).

    Thanks to @​skyshineb for reporting this issue.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for simple-git since your current version.


Updates @biomejs/biome from 2.3.15 to 2.4.6

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.6

2.4.6

Patch Changes

What's Changed

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.6

Patch Changes

2.4.5

Patch Changes

  • #9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

  • #9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

  • #9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

  • #9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

  • #9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

  • #9178 101b3bb Thanks @​Bertie690! - Fixed #9172 and #9168: Biome now considers more constructs as valid test assertions.

    Previously, assert, expectTypeOf and assertType were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

    Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

    import { expectTypeOf, assert, assertType } from "vitest";

... (truncated)

Commits

Updates lint-staged from 16.2.7 to 16.3.2

Release notes

Sourced from lint-staged's releases.

v16.3.2

Patch Changes

  • #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Patch Changes

  • #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

  • #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

  • #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

  • #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.
Changelog

Sourced from lint-staged's changelog.

16.3.2

Patch Changes

  • #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

16.3.1

Patch Changes

  • #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

  • #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

  • #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

  • #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.
Commits
  • dfd6a7a chore(changeset): release
  • 2adaf6c fix(Windows): do not spawn tasks as detached since it opens a cmd window on ...
  • 60957ce docs: add CONTRIBUTING.md
  • 2a74cd2 chore(changeset): release
  • cd5d762 refactor: remove nano-spawn dependency completely
  • e342cab build(deps): move nano-spawn to dev
  • 9aa2cd7 chore(changeset): release
  • 0c387bc test: make long-running task longer because of GitHub Actions slowness
  • 87467aa refactor: detect incorrect brace expansion exhaustively
  • dceabc6 ci: run npm audit in GitHub Actions
  • Additional commits viewable in compare view

Updates typedoc from 0.28.16 to 0.28.17

Release notes

Sourced from typedoc's releases.

v0.28.17

Bug Fixes

  • Improved handling of comments for type aliases which have been declaration merged with functions, #3064.
  • Fixed anchor link generation to members named $, #3065.
  • Corrected typing of the plugin option to permit functions, #3066.
  • Warnings about unused @param tags will now be properly suppressed when they come from declaration files and the suppressCommentWarningsInDeclarationFiles option is enabled, #3070.
  • Fixed conversion of types referencing type parameters on functions, #3071.

Thanks!

Changelog

Sourced from typedoc's changelog.

v0.28.17 (2026-02-13)

Bug Fixes

  • Improved handling of comments for type aliases which have been declaration merged with functions, #3064.
  • Fixed anchor link generation to members named $, #3065.
  • Corrected typing of the plugin option to permit functions, #3066.
  • Warnings about unused @param tags will now be properly suppressed when they come from declaration files and the suppressCommentWarningsInDeclarationFiles option is enabled, #3070.
  • Fixed conversion of types referencing type parameters on functions, #3071.

Thanks!

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the minor-and-patch group across 1 directory with 8 updates
a75f153 
Bumps the minor-and-patch group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.26.0` | `1.27.1` |
| [fastify](https://github.com/fastify/fastify) | `5.7.4` | `5.8.2` |
| [listr2](https://github.com/listr2/listr2) | `10.1.0` | `10.2.1` |
| [log-update](https://github.com/sindresorhus/log-update) | `7.1.0` | `7.2.0` |
| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.30.0` | `3.32.3` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.3.15` | `2.4.6` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.2.7` | `16.3.2` |
| [typedoc](https://github.com/TypeStrong/TypeDoc) | `0.28.16` | `0.28.17` |



Updates `@modelcontextprotocol/sdk` from 1.26.0 to 1.27.1
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.1)

Updates `fastify` from 5.7.4 to 5.8.2
- [Release notes](https://github.com/fastify/fastify/releases)
- [Commits](fastify/fastify@v5.7.4...v5.8.2)

Updates `listr2` from 10.1.0 to 10.2.1
- [Release notes](https://github.com/listr2/listr2/releases)
- [Changelog](https://github.com/listr2/listr2/blob/master/release.config.js)
- [Commits](https://github.com/listr2/listr2/compare/listr2@10.1.0...listr2@10.2.1)

Updates `log-update` from 7.1.0 to 7.2.0
- [Release notes](https://github.com/sindresorhus/log-update/releases)
- [Commits](sindresorhus/log-update@v7.1.0...v7.2.0)

Updates `simple-git` from 3.30.0 to 3.32.3
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.32.3/simple-git)

Updates `@biomejs/biome` from 2.3.15 to 2.4.6
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.6/packages/@biomejs/biome)

Updates `lint-staged` from 16.2.7 to 16.3.2
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.2.7...v16.3.2)

Updates `typedoc` from 0.28.16 to 0.28.17
- [Release notes](https://github.com/TypeStrong/TypeDoc/releases)
- [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md)
- [Commits](TypeStrong/typedoc@v0.28.16...v0.28.17)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: fastify
  dependency-version: 5.8.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: listr2
  dependency-version: 10.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: log-update
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: simple-git
  dependency-version: 3.32.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: lint-staged
  dependency-version: 16.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: typedoc
  dependency-version: 0.28.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 9, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 9, 2026

👻 Specter Analysis

Metric Value
Health Score 0/100 🔴
PR Risk Low 🟢
Files Changed -
Est. Review Time ~5 min

Generated by Specter - Give your codebase a voice

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 14, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 14, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/minor-and-patch-2803225dfc branch March 14, 2026 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants