Skip to content

chore(deps): bump the npm-patches group across 1 directory with 3 updates#16

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-patches-e8e92af35c
Open

chore(deps): bump the npm-patches group across 1 directory with 3 updates#16
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-patches-e8e92af35c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-patches group with 3 updates in the / directory: picomatch, @electron/rebuild and ts-proto.

Updates picomatch from 4.0.4 to 4.0.5

Release notes

Sourced from picomatch's releases.

4.0.5

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.4...4.0.5

Commits
  • 4f41a8e 4.0.5
  • 02cfc1b Update .verb.md and run verb to generate README documentation
  • cc52ff6 Only run the upload code coverage step for 1 matrix permutation
  • 6d426d7 Allow workflow to continue if the code coverage step to fails
  • a00b954 Merge branch 'codeql-coverage'
  • 9680381 Merge pull request #183 from MerlijnW70/fix/matchbase-windows-basename
  • 648b4f2 Merge pull request #182 from MerlijnW70/fix/repeated-extglob-drops-branches
  • 70e6485 Configure code coverage upload for CodeQL
  • ab8bc4d fix: honor the windows option when matching basenames
  • 6289307 fix: preserve all branches when rewriting risky repeated extglobs
  • Additional commits viewable in compare view

Updates @electron/rebuild from 4.0.4 to 4.0.6

Release notes

Sourced from @​electron/rebuild's releases.

v4.0.6

4.0.6 (2026-06-28)

Bug Fixes

v4.0.5

4.0.5 (2026-06-27)

Bug Fixes

Commits
  • 8bc2a49 fix: honor explicit empty --prebuild-tag-prefix (#1284)
  • 3e73e57 fix: add --platform CLI argument (#1285)
  • da49ce1 chore(deps): bump tar from 7.5.13 to 7.5.16 in /test/fixture/napi-build-versi...
  • d3f0aea chore(deps): bump undici from 6.25.0 to 6.27.0 (#1282)
  • 7b74c30 chore(deps): bump undici from 6.26.0 to 6.27.0 in /test/fixture/workspace-tes...
  • b7c52f6 chore(deps): bump tar from 7.5.13 to 7.5.16 in /test/fixture/native-app1 (#1280)
  • c8edfa1 chore(deps): bump tar from 7.5.13 to 7.5.16 (#1279)
  • fc8ab3f chore(deps): bump vite from 8.0.5 to 8.0.16 (#1276)
  • 8ddca96 chore(deps): bump markdown-it from 14.1.1 to 14.2.0 (#1277)
  • 79b3554 test: bump fixture node-gyp versions to 12.3.0 (#1278)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates ts-proto from 2.11.8 to 2.11.10

Release notes

Sourced from ts-proto's releases.

v2.11.10

2.11.10 (2026-06-30)

Bug Fixes

v2.11.9

2.11.9 (2026-06-27)

Bug Fixes

  • prevent code injection via string option/extension values in out… (#1261) (af15aff)
Changelog

Sourced from ts-proto's changelog.

2.11.10 (2026-06-30)

Bug Fixes

2.11.9 (2026-06-27)

Bug Fixes

  • prevent code injection via string option/extension values in out… (#1261) (af15aff)
Commits
  • faaba11 chore(release): 2.11.10 [skip ci]
  • 6ae3e40 fix: incorrect codegen when grpc-js & outputSchema is used (#1262)
  • 1799765 fix: Update js map check to include forceLong=bigInt as well (#1263)
  • 898251b chore(release): 2.11.9 [skip ci]
  • af15aff fix: prevent code injection via string option/extension values in out… (#1261)
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Dependency updates security Security labels Jul 2, 2026
@dependabot dependabot Bot requested a review from CardSorting as a code owner July 2, 2026 19:54
@dependabot dependabot Bot added security Security dependencies Dependency updates labels Jul 2, 2026
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Thanks for your first pull request to LUMI!

Please read CONTRIBUTING.md and ensure:

  • PR title uses Conventional Commits (feat:, fix:, docs:, …) — Dependabot PRs are exempt
  • CI is green (Tests, E2E, CodeQL)
  • Governed-execution changes preserve projection invariants (see PR template)

@github-actions github-actions Bot enabled auto-merge (squash) July 2, 2026 19:54
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-patches-e8e92af35c branch 3 times, most recently from ea9e928 to 25ca357 Compare July 9, 2026 22:34
…ates

Bumps the npm-patches group with 3 updates in the / directory: [picomatch](https://github.com/micromatch/picomatch), [@electron/rebuild](https://github.com/electron/rebuild) and [ts-proto](https://github.com/stephenh/ts-proto).


Updates `picomatch` from 4.0.4 to 4.0.5
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.4...4.0.5)

Updates `@electron/rebuild` from 4.0.4 to 4.0.6
- [Release notes](https://github.com/electron/rebuild/releases)
- [Commits](electron/rebuild@v4.0.4...v4.0.6)

Updates `ts-proto` from 2.11.8 to 2.11.10
- [Release notes](https://github.com/stephenh/ts-proto/releases)
- [Changelog](https://github.com/stephenh/ts-proto/blob/main/CHANGELOG.md)
- [Commits](stephenh/ts-proto@v2.11.8...v2.11.10)

---
updated-dependencies:
- dependency-name: "@electron/rebuild"
  dependency-version: 4.0.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-patches
- dependency-name: picomatch
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-patches
- dependency-name: ts-proto
  dependency-version: 2.11.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-patches
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-patches-e8e92af35c branch from 25ca357 to 1c68df6 Compare July 9, 2026 23:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates security Security size/size/S

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants