chore(deps)(deps-dev): bump the development-dependencies group across 1 directory with 10 updates by dependabot[bot] · Pull Request #51 · LLM-Dev-Ops/forge

dependabot · 2026-03-30T09:34:02Z

Bumps the development-dependencies group with 10 updates in the / directory:

Package	From	To
@types/node	`20.19.33`	`20.19.37`
@babel/parser	`7.29.0`	`7.29.2`
brace-expansion	`1.1.12`	`1.1.13`
minimatch	`3.1.3`	`3.1.5`
flatted	`3.3.3`	`3.4.2`
get-tsconfig	`4.13.6`	`4.13.7`
mlly	`1.8.0`	`1.8.2`
picomatch	`2.3.1`	`2.3.2`
postcss	`8.5.6`	`8.5.8`
rollup	`4.59.0`	`4.60.1`

Updates @types/node from 20.19.33 to 20.19.37

Commits

See full diff in compare view

Updates @babel/parser from 7.29.0 to 7.29.2

Release notes

Sourced from @babel/parser's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

babel-parser

#17840 [7.x backport] async x => {} must be in leading pos (@JLHwung)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3

#17805 [7.x backport] fix: Properly handle await in finally (@liuxingbaoyu)

babel-preset-env

#17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@JLHwung)

🏠 Internal

#17813 chore: update eslint peer deps (@JLHwung)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.29.1 (2026-02-04)

🐛 Bug Fix

babel-standalone

#17771 [7.x backport] fix: ensure targets.esmodules is validated (@JLHwung)

babel-generator

#17776 [7.x backport] Fix undefined when 64 indents (@liuxingbaoyu)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

Commits

37d5595 v7.29.2
f030ad3 [7.x backport] async x => {} must be in leading pos (#17840)
See full diff in compare view

Updates brace-expansion from 1.1.12 to 1.1.13

Commits

6c353ca 1.1.13
7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
See full diff in compare view

Updates minimatch from 3.1.3 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
See full diff in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates get-tsconfig from 4.13.6 to 4.13.7

Release notes

Sourced from get-tsconfig's releases.

v4.13.7

4.13.7 (2026-03-22)

Bug Fixes

parse-tsconfig: preserve files when include is also present (#128) (b09052c)

Commits

b09052c fix(parse-tsconfig): preserve files when include is also present (#128)
e64637d ci: add beta branch and simplify release trigger
07b4bd4 test(extends): add regression test for include path normalization (#74)
See full diff in compare view

Updates mlly from 1.8.0 to 1.8.2

Release notes

Sourced from mlly's releases.

v1.8.2

compare changes

🩹 Fixes

Generic angle bracket parsing (#341)

📖 Documentation

Fix typo (#333)

❤️ Contributors

Florian Heuberger (@Flo0806)

AngelHdz (@angelhdzmultimedia)

v1.8.1

compare changes

🩹 Fixes

Extract variable names ignoring function calls (#336)

❤️ Contributors

Daniel Roe (@danielroe)

Changelog

Sourced from mlly's changelog.

v1.8.2

compare changes

🩹 Fixes

Extract variable names ignoring function calls (#336)

Generic angle bracket parsing (#341)

📖 Documentation

Fix typo (#333)

🏡 Chore

Update deps (12913db)

Lint (33495f9)

release: V1.8.1 (ed17783)

Update deps (1b09363)

❤️ Contributors

Florian Heuberger (@Flo0806)

Pooya Parsa (@pi0)

AngelHdz angel.hernandez.12@live.com

Daniel Roe (@danielroe)

v1.8.1

compare changes

🩹 Fixes

Extract variable names ignoring function calls (#336)

🏡 Chore

Update deps (12913db)

Lint (33495f9)

❤️ Contributors

Pooya Parsa (@pi0)

Daniel Roe (@danielroe)

Commits

c5ce4e5 chore(release): v1.8.2
abef19c fix: generic angle bracket parsing (#341)
1b09363 chore: update deps
ed17783 chore(release): v1.8.1
3f4c751 docs: fix typo (#333)
24bd871 chore(deps): update autofix-ci/action digest to 7a166d7 (#334)
938cf7e chore(deps): update actions/setup-node action to v6 (#328)
915dd32 chore(deps): update actions/checkout action to v6 (#332)
33495f9 chore: lint
12913db chore: update deps
Additional commits viewable in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

fix: exception when glob pattern contains constructor by @Jason3S in micromatch/picomatch#144

Fix for CVE-2026-33671

Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

Fix bad text values in parse #126, thanks to @connor4312

Changed

Remove process global to work outside of node #129, thanks to @styfle

Add sideEffects to package.json #128, thanks to @frandiox

Removed os, make compatible browser environment. See #124, thanks to @gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

81cba8d Publish 2.3.2
fc1f6b6 Merge commit from fork
eec17ae Merge commit from fork
78f8ca4 Merge pull request #156 from micromatch/backport-144
3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
See full diff in compare view

Updates postcss from 8.5.6 to 8.5.8

Release notes

Sourced from postcss's releases.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

65de537 Release 8.5.8 version
b2c6d97 Run git hook register
0ae0a49 Update Processor#version
6ee9f14 Release 8.5.7 version
3fbc951 Fix uvu Node.js 25 support
52db53e Update dependencies
497daef Speed up source map annotation cleaning by moving from RegExp
41e739a Remove banner
1329142 chore: speed up space-only string check in lib/parser.js (#2064)
23beff9 Update dependencies
Additional commits viewable in compare view

Updates rollup from 4.59.0 to 4.60.1

Release notes

Sourced from rollup's releases.

v4.60.1

4.60.1

2026-03-30

Bug Fixes

Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

#6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274) (@littlegrayss, @TrickyPi)

#6317: chore(deps): pin dependencies (@renovate[bot], @lukastaegert)

#6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@renovate[bot], @lukastaegert)

#6319: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6320: chore(deps): pin dependency typescript to v5 (@renovate[bot], @lukastaegert)

#6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@renovate[bot], @lukastaegert)

#6322: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6323: chore(deps): lock file maintenance (@renovate[bot])

#6324: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

v4.60.0

4.60.0

2026-03-22

Features

Support source phase imports as long as they are external (#6279)

Pull Requests

#6279: feat: external only Source Phase imports support (@guybedford, @lukastaegert)

v4.59.1

4.59.1

2026-03-21

Bug Fixes

Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

#6281: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6282: chore(deps): update github artifact actions (major) (@renovate[bot], @lukastaegert)

#6283: chore(deps): update dependency nyc to v18 (@renovate[bot], @lukastaegert)

#6284: fix(deps): update swc monorepo (major) (@renovate[bot])

#6285: chore(deps): lock file maintenance (@renovate[bot])

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.1

2026-03-30

Bug Fixes

Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

#6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274) (@littlegrayss, @TrickyPi)

#6317: chore(deps): pin dependencies (@renovate[bot], @lukastaegert)

#6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@renovate[bot], @lukastaegert)

#6319: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6320: chore(deps): pin dependency typescript to v5 (@renovate[bot], @lukastaegert)

#6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@renovate[bot], @lukastaegert)

#6322: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#6323: chore(deps): lock file maintenance (@renovate[bot])

#6324: chore(deps): lock file maintenance (@renovate[bot], @lukastaegert)

4.60.0

2026-03-22

Features

Support source phase imports as long as they are external (#6279)

Pull Requests

#6279: feat: external only Source Phase imports support (@guybedford, @lukastaegert)

4.59.1

2026-03-21

Bug Fixes

Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

#6281: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6282: chore(deps): update github artifact actions (major) (@renovate[bot], @lukastaegert)

#6283: chore(deps): update dependency nyc to v18 (@renovate[bot], @lukastaegert)

#6284: fix(deps): update swc monorepo (major) (@renovate[bot])

#6285: chore(deps): lock file maintenance (@renovate[bot])

#6290: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6291: chore(deps): update dependency @shikijs/vitepress-twoslash to v4 (@renovate[bot])

#6292: chore(deps): lock file maintenance (@renovate[bot])

... (truncated)

Commits

ae871d7 4.60.1
51f8f60 fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274)...
ca55406 chore(deps): pin dependency typescript to v5 (#6320)
fe50d86 chore(deps): pin dependencies (#6317)
42785ff chore(deps): update minor/patch updates (#6319)
65e82a9 chore(deps): update msys2/setup-msys2 digest to cafece8 (#6318)
c336205 chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (#6321)
b25d25e fix(deps): update swc monorepo (major) (#6322)
119abdb chore(deps): lock file maintenance (#6324)
5598a66 chore(deps): lock file maintenance (#6323)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… 1 directory with 10 updates Bumps the development-dependencies group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.33` | `20.19.37` | | [@babel/parser](https://github.com/babel/babel/tree/HEAD/packages/babel-parser) | `7.29.0` | `7.29.2` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.13` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.3` | `3.1.5` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [get-tsconfig](https://github.com/privatenumber/get-tsconfig) | `4.13.6` | `4.13.7` | | [mlly](https://github.com/unjs/mlly) | `1.8.0` | `1.8.2` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.8` | | [rollup](https://github.com/rollup/rollup) | `4.59.0` | `4.60.1` | Updates `@types/node` from 20.19.33 to 20.19.37 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@babel/parser` from 7.29.0 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-parser) Updates `brace-expansion` from 1.1.12 to 1.1.13 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.13) Updates `minimatch` from 3.1.3 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.3...v3.1.5) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `get-tsconfig` from 4.13.6 to 4.13.7 - [Release notes](https://github.com/privatenumber/get-tsconfig/releases) - [Commits](privatenumber/get-tsconfig@v4.13.6...v4.13.7) Updates `mlly` from 1.8.0 to 1.8.2 - [Release notes](https://github.com/unjs/mlly/releases) - [Changelog](https://github.com/unjs/mlly/blob/main/CHANGELOG.md) - [Commits](unjs/mlly@v1.8.0...v1.8.2) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `postcss` from 8.5.6 to 8.5.8 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.8) Updates `rollup` from 4.59.0 to 4.60.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.59.0...v4.60.1) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 20.19.37 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@babel/parser" dependency-version: 7.29.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: brace-expansion dependency-version: 1.1.13 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: get-tsconfig dependency-version: 4.13.7 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: mlly dependency-version: 1.8.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: postcss dependency-version: 8.5.8 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: rollup dependency-version: 4.60.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-30T09:34:03Z

Assignees

The following users could not be added as assignees: llm-dev-ops/maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-03-30T09:35:46Z

🔒 Security Scan Results

Scan Type	Status
Dependency Scan	⚠️ failure
CodeQL Analysis	✅ success
Secret Scan	✅ success
License Check	⚠️ failure
SAST	⚠️ failure

⚠️ Some security scans have warnings or failed. Please review the details.

Automated security scanning by GitHub Actions

dependabot · 2026-04-06T09:24:10Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot closed this Apr 6, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/development-dependencies-acb391e3bb branch April 6, 2026 09:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps)(deps-dev): bump the development-dependencies group across 1 directory with 10 updates#51

chore(deps)(deps-dev): bump the development-dependencies group across 1 directory with 10 updates#51
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-acb391e3bb

dependabot Bot commented on behalf of github Mar 30, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Mar 30, 2026

Uh oh!

github-actions Bot commented Mar 30, 2026

Uh oh!

dependabot Bot commented on behalf of github Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v7.29.2 (2026-03-16)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v4.13.7

4.13.7 (2026-03-22)

Bug Fixes

v1.8.2

🩹 Fixes

📖 Documentation

❤️ Contributors

v1.8.1

🩹 Fixes

❤️ Contributors

v1.8.2

🩹 Fixes

📖 Documentation

🏡 Chore

❤️ Contributors

v1.8.1

🩹 Fixes

🏡 Chore

❤️ Contributors

2.3.2

What's Changed

Release history

4.0.0 (2024-02-07)

Fixes

Changed

3.0.1

Fixes

8.5.8

8.5.7

8.5.8

8.5.7

v4.60.1

4.60.1

Bug Fixes

Pull Requests

v4.60.0

4.60.0

Features

Pull Requests

v4.59.1

4.59.1

Bug Fixes

Pull Requests

4.60.1

Bug Fixes

Pull Requests

4.60.0

Features

Pull Requests

4.59.1

Bug Fixes

Pull Requests

Uh oh!

dependabot Bot commented on behalf of github Mar 30, 2026

Assignees

Labels

Uh oh!

github-actions Bot commented Mar 30, 2026

🔒 Security Scan Results

Uh oh!

dependabot Bot commented on behalf of github Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

dependabot Bot commented on behalf of github Mar 30, 2026 •

edited

Loading