search

sigstore / sigstore-js

Code-signing for npm packages
Apache License 2.0
156 stars 23 forks source link

Bump the prod-deps group with 4 updates #1297

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 3 weeks ago

Bumps the prod-deps group with 4 updates: @oclif/core, @oclif/plugin-help, make-fetch-happen and jose.

Updates @oclif/core from 4.0.28 to 4.0.29

Release notes

Sourced from @​oclif/core's releases.

4.0.29

Bug Fixes

  • improve solution for handling circular json (#1222) (9073052)
Changelog

Sourced from @​oclif/core's changelog.

4.0.29 (2024-10-15)

Bug Fixes

  • improve solution for handling circular json (#1222) (9073052)
Commits
  • 7f5eb9f chore(release): 4.0.29 [skip ci]
  • 9073052 fix: improve solution for handling circular json (#1222)
  • daa1f33 chore(dev-deps): bump typescript from 5.6.2 to 5.6.3 (#1221)
  • 7cf6992 chore(dev-deps): bump @​oclif/plugin-help from 6.2.13 to 6.2.14 (#1219)
  • c01dd91 chore(dev-deps): bump @​oclif/plugin-plugins from 5.4.12 to 5.4.15 (#1217)
  • 7dbc2fe Merge pull request #1220 from oclif/dependabot-npm_and_yarn-types-node-18.19.55
  • cb017f1 chore(dev-deps): bump @​types/node from 18.19.54 to 18.19.55
  • 428255a Merge pull request #1218 from oclif/dependabot-npm_and_yarn-types-mocha-10.0.9
  • 90f97cc chore(dev-deps): bump @​types/mocha from 10.0.8 to 10.0.9
  • See full diff in compare view


Updates @oclif/plugin-help from 6.2.15 to 6.2.16

Release notes

Sourced from @​oclif/plugin-help's releases.

6.2.16

Bug Fixes

  • deps: bump @​oclif/core from 4.0.28 to 4.0.29 (#828) (c564720)
Changelog

Sourced from @​oclif/plugin-help's changelog.

6.2.16 (2024-10-20)

Bug Fixes

  • deps: bump @​oclif/core from 4.0.28 to 4.0.29 (#828) (c564720)
Commits
  • 798ad63 chore(release): 6.2.16 [skip ci]
  • c564720 fix(deps): bump @​oclif/core from 4.0.28 to 4.0.29 (#828)
  • 6c13461 chore(dev-deps): bump @​oclif/test from 4.0.9 to 4.1.0 (#829)
  • 93defc9 chore(dev-deps): bump oclif from 4.15.2 to 4.15.6 (#820)
  • See full diff in compare view


Updates make-fetch-happen from 14.0.1 to 14.0.2

Release notes

Sourced from make-fetch-happen's releases.

v14.0.2

14.0.2 (2024-10-16)

Bug Fixes

Chores

Changelog

Sourced from make-fetch-happen's changelog.

14.0.2 (2024-10-16)

Bug Fixes

Chores

Commits


Updates jose from 5.9.4 to 5.9.6

Release notes

Sourced from jose's releases.

v5.9.6

Reverts

  • Revert "refactor(build): simplify package exports" (2ef3a52)
Changelog

Sourced from jose's changelog.

5.9.6 (2024-10-20)

Reverts

  • Revert "refactor(build): simplify package exports" (2ef3a52)

5.9.5 (2024-10-20)

Refactor

  • build: simplify package exports (4783f7f)
Commits
  • 27d26a4 chore(release): 5.9.6
  • 2ef3a52 Revert "refactor(build): simplify package exports"
  • 460a959 chore(release): 5.9.5
  • 4783f7f refactor(build): simplify package exports
  • 7521425 docs: resolve remaining conflict
  • 30365fd ci: use default CodeQL
  • ea5f212 chore: bump dev deps
  • ffad408 docs: update docs building dependencies
  • e2f737d test: temporary workaround chrome 130 and testcafe
  • 43c4bcc test: browser logs are polled
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
changeset-bot[bot] commented 3 weeks ago

⚠️ No Changeset found

Latest commit: f8043d3fc066c15597f7a57a49c3109229bcb9e3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

bdehamer commented 3 weeks ago

@dependabot rebase