Skip to content

chore(deps): update dependency simple-git to v3.36.0 - autoclosed#277

Closed
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/simple-git-3.x-lockfile
Closed

chore(deps): update dependency simple-git to v3.36.0 - autoclosed#277
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/simple-git-3.x-lockfile

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Aug 8, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
simple-git (source) 3.28.03.36.0 age confidence

Release Notes

steveukx/git-js (simple-git)

v3.36.0

Compare Source

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor.
    Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

v3.35.2

Compare Source

Patch Changes

v3.35.1

Compare Source

Patch Changes

v3.35.0

Compare Source

Minor Changes
Patch Changes

v3.34.0

Compare Source

Minor Changes
  • 2b68331: Revised dependency tree to add helper modules as dependencies in main simple-git
Patch Changes

  • 2e1f51c: Enhances scanning of arguments before passing on to the spawned child_process.

    Caters for -c flags prefixing the git task (used when setting global inline config) and suffixing with either -c, --config or --config-env. Detects git config operations that write to the configuration.

  • Updated dependencies [2e1f51c]

v3.33.0

Compare Source

Minor Changes
  • a263635: Use pathspec wrappers for remote and local paths when running either git.clone or git.mirror to
    avoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.
Patch Changes

v3.32.3

Compare Source

Patch Changes

v3.32.2

Compare Source

Patch Changes
  • 8d02097: Enhanced clone unsafe switch detection.

v3.32.1

Compare Source

Patch Changes

  • 23b070f: Fix regex for detecting unsafe clone options

    Thanks to @​stevenwdv for reporting this issue.

v3.32.0

Compare Source

Minor Changes

  • 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised
    along with other single character options.

    Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes
  • d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

v3.31.1

Compare Source

Patch Changes
  • a44184f: Resolve NPM publish steps

v3.30.0

Compare Source

Minor Changes

  • bc77774: Correctly identify current branch name when using git.status in a cloned empty repo.

    Previously git.status would report the current branch name as No. Thank you to @​MaddyGuthridge for identifying this issue.

v3.29.0

Compare Source

Minor Changes

  • 240ec64: Support for absolute paths on Windows when using git.checkIngore, previously Windows would report
    paths with duplicate separators \\\\ between directories.

    Following this change all paths returned from git.checkIgnore will be normalized through node:path,
    this should have no impact on non-windows users where the git binary doesn't wrap absolute paths with
    quotes.

    Thanks to @​Maxim-Mazurok for reporting this issue.

  • 9872f84: Support the use of git.branch(['--show-current']) to limit the branch list to only the current branch.

    Thanks to @​peterbe for pointing out the use-case.

  • 5736bd8: Change to biome for lint and format

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Aug 8, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate Bot changed the title fix(deps): update dependency simple-git to v3.28.0 chore(deps): update dependency simple-git to v3.28.0 Sep 25, 2025
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from 1438c2c to c898988 Compare September 25, 2025 16:07
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Sep 25, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.28.0 chore(deps): update dependency simple-git to v3.29.0 Oct 30, 2025
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from c898988 to 8f266ea Compare October 30, 2025 12:13
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.29.0 chore(deps): update dependency simple-git to v3.30.0 Nov 2, 2025
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from 8f266ea to b8050dd Compare November 2, 2025 09:32
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from b8050dd to 1a8c032 Compare November 19, 2025 00:50
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Nov 19, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.30.0 chore(deps): update dependency simple-git to v3.31.1 Feb 14, 2026
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from 1a8c032 to bce11b5 Compare February 14, 2026 16:54
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Feb 14, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
3 Security Hotspots

See analysis details on SonarQube Cloud

@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from bce11b5 to c804bb5 Compare February 21, 2026 17:06
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.31.1 chore(deps): update dependency simple-git to v3.32.0 Feb 21, 2026
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from c804bb5 to a11eb8c Compare February 21, 2026 20:25
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.32.0 chore(deps): update dependency simple-git to v3.32.1 Feb 21, 2026
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.32.1 chore(deps): update dependency simple-git to v3.32.2 Feb 23, 2026
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from a11eb8c to 36ee835 Compare February 23, 2026 01:30
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.32.2 chore(deps): update dependency simple-git to v3.32.3 Feb 26, 2026
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from 36ee835 to 9efa6b2 Compare February 26, 2026 10:45
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.32.3 chore(deps): update dependency simple-git to v3.33.0 Mar 10, 2026
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from 9efa6b2 to 16c874f Compare March 10, 2026 18:01
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.33.0 chore(deps): update dependency simple-git to v3.35.0 Apr 6, 2026
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.35.0 chore(deps): update dependency simple-git to v3.35.1 Apr 6, 2026
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from 16c874f to f1d30b1 Compare April 6, 2026 13:22
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.35.1 chore(deps): update dependency simple-git to v3.35.2 Apr 6, 2026
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch 2 times, most recently from 55dfe59 to a8e807e Compare April 12, 2026 08:33
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.35.2 chore(deps): update dependency simple-git to v3.36.0 Apr 12, 2026
@renovate renovate Bot force-pushed the renovate/simple-git-3.x-lockfile branch from a8e807e to 953a152 Compare April 16, 2026 11:37
@renovate renovate Bot changed the title chore(deps): update dependency simple-git to v3.36.0 chore(deps): update dependency simple-git to v3.36.0 - autoclosed Apr 16, 2026
@renovate renovate Bot closed this Apr 16, 2026
@renovate renovate Bot deleted the renovate/simple-git-3.x-lockfile branch April 16, 2026 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants