chore(deps): bump simple-git from 3.32.3 to 3.33.0#301
chore(deps): bump simple-git from 3.32.3 to 3.33.0#301dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) from 3.32.3 to 3.33.0. - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.33.0/simple-git) --- updated-dependencies: - dependency-name: simple-git dependency-version: 3.33.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
✔️ Bundle Size Analysis
Bundle breakdown |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — straightforward Dependabot minor bump of simple-git with security hardening upstream.
Extended reasoning...
Overview
This PR is an automated Dependabot bump of simple-git from 3.32.3 to 3.33.0. The only file changed is pnpm-lock.yaml, updating the resolved version and integrity hashes. A transitive dependency (@sourcegraph/amp) also received a minor hash update in the lockfile.
Security risks
No security risks introduced. The upstream 3.33.0 release actually improves security: it adds pathspec wrappers for remote/local paths in git.clone/git.mirror (preventing unsanitised input issues) and enhances git -c checks in the unsafe plugin. This is a net-positive security change.
Level of scrutiny
This is a lockfile-only, minor-version dependency bump generated by Dependabot. No application source code is touched. The specifier (^3.27.0) already permits this range, so no package.json change is needed. This is the lowest-risk category of PR.
Other factors
No bugs were found. No outstanding reviewer comments exist. No prior reviews from me on this PR. The PR timeline only contains a Dependabot label warning and an unrelated bot comment about Codex limits — neither requires action for merge.
Bumps simple-git from 3.32.3 to 3.33.0.
Release notes
Sourced from simple-git's releases.
Changelog
Sourced from simple-git's changelog.
Commits
8bbbabcVersion Packagesa263635Clone API use pathspec (#1132)e253a0dFix/block unsafe 2603 (#1135)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)