Skip to content

Bump the npm_and_yarn group across 1 directory with 3 updates#58

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-596cc61a49
Open

Bump the npm_and_yarn group across 1 directory with 3 updates#58
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-596cc61a49

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 3 updates in the / directory: flatted, picomatch and undici.

Updates flatted from 3.3.4 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

... (truncated)

Commits

Updates undici from 6.23.0 to 6.26.0

Release notes

Sourced from undici's releases.

v6.26.0

What's Changed

Full Changelog: nodejs/undici@v6.25.0...v6.26.0

v6.25.0

What's Changed

Full Changelog: nodejs/undici@v6.24.1...v6.25.0

v6.24.1

Full Changelog: nodejs/undici@v6.24.0...v6.24.1

v6.24.0

Undici v6.24.0 Security Release Notes (LTS)

This release backports fixes for security vulnerabilities affecting the v6 line.

Upgrade guidance

All users on v6 should upgrade to v6.24.0 or later.

Fixed advisories

Not applicable to v6

Affected and patched ranges (v6)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies changes related to dependencies, or packages javascript Pull requests that update javascript code labels Jun 11, 2026
@dependabot dependabot Bot requested a review from GrantBirki as a code owner June 11, 2026 15:43
@dependabot dependabot Bot added dependencies changes related to dependencies, or packages javascript Pull requests that update javascript code labels Jun 11, 2026
@dependabot
Bump the npm_and_yarn group across 1 directory with 3 updates
15c0aab 
Bumps the npm_and_yarn group with 3 updates in the / directory: [flatted](https://github.com/WebReflection/flatted), [picomatch](https://github.com/micromatch/picomatch) and [undici](https://github.com/nodejs/undici).


Updates `flatted` from 3.3.4 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.4...v3.4.2)

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `undici` from 6.23.0 to 6.26.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.23.0...v6.26.0)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
- dependency-name: undici
  dependency-version: 6.26.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-596cc61a49 branch from dd24358 to 15c0aab Compare June 11, 2026 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GrantBirki GrantBirki Awaiting requested review from GrantBirki GrantBirki is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies changes related to dependencies, or packages javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants