build(deps): bump the npm_and_yarn group across 3 directories with 4 updates#910
Merged
Dargon789 merged 51 commits intoMay 13, 2026
Conversation
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
Circleci project setup
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
Snyk has created this PR to upgrade c8 from 9.1.0 to 10.1.3. See this package in npm: c8 See this project in Snyk: https://app.snyk.io/org/dargon789/project/68a3328a-d2b6-4975-b7db-af96a29fc4ac?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade c8 from 9.1.0 to 10.1.3. See this package in npm: c8 See this project in Snyk: https://app.snyk.io/org/dargon789/project/e2757016-0d48-429d-8c99-bffba0039c3a?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
…ce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
* Create build-attested-image.yml CI: Introduce a build-attested-image workflow that builds and pushes a Docker image to GitHub Container Registry and generates build provenance attestations. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/workflows/build-attested-image.yml Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
…to reduce vulnerabilities (#214) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…ce vulnerabilities (#213) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
… reduce vulnerabilities (#212) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…e vulnerabilities (#211) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…dates Bumps the npm_and_yarn group with 2 updates in the / directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [js-yaml](https://github.com/nodeca/js-yaml). Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
CI: Introduce a CircleCI job that runs cargo fmt and cargo test using a Rust Docker image with caching for dependencies and build artifacts. https://github.com/apps/gemini-code-assist Highlights New CircleCI Configuration: A new CircleCI configuration file, .circleci/cargo.yml, has been added to the repository. Rust Build and Test Workflow: The new configuration defines a build-and-test job specifically for Rust projects, utilizing the cimg/rust:1.88.0 Docker image. Automated Code Quality Checks: The workflow includes steps to automatically check code formatting using cargo fmt -- --check and run all tests with cargo test. Dependency Caching: Caching mechanisms for Cargo dependencies are implemented to speed up subsequent CI runs by restoring and saving ~/.cargo and target directories. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
CI: Introduce a CircleCI 2.1 configuration file defining a custom Docker executor and a minimal workflow that checks out the repository and runs a placeholder command. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
…lnerabilities (#209) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…ce vulnerabilities (#208) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
CI: Introduce a GitHub Actions workflow that builds the Jekyll site and deploys it to GitHub Pages using preinstalled dependencies. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
CI: Simplify CircleCI configuration to a single Docker job that checks out the repo and echoes a greeting, orchestrated by a basic workflow. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
…to reduce vulnerabilities (#207) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…n to reduce vulnerabilities (#206) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…o reduce vulnerabilities (#205) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…ulnerabilities (#203) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…on to reduce vulnerabilities (#228) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MOCHA-2863123 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607 - https://snyk.io/vuln/SNYK-JS-NANOID-2332193 - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…rabilities (#36) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…erabilities (#227) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MOCHA-2863123 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607 - https://snyk.io/vuln/SNYK-JS-NANOID-2332193 - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…duce vulnerabilities (#204) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…ulnerabilities (#202) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
…ac96d72ad60 [Snyk] Security upgrade mocha from 8.4.0 to 10.6.0
…lnerabilities (#200) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com>
A new `OFFLINE` state has been added to the `Zone.State` enum. This state indicates that the zone is temporarily not operational, for example, while undergoing maintenance or repair PiperOrigin-RevId: 879057351 Source-Link: googleapis/googleapis@40a49dc Source-Link: https://github.com/googleapis/googleapis-gen/commit/77daef772d6cb525e73509d99da77c54c86cb597 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLWdkY2hhcmR3YXJlbWFuYWdlbWVudC8uT3dsQm90LnlhbWwiLCJoIjoiNzdkYWVmNzcyZDZjYjUyNWU3MzUwOWQ5OWRhNzdjNTRjODZjYjU5NyJ9
…t' of https://github.com/googleapis/google-cloud-node into owl-bot-copy-packages-google-cloud-gdchardwaremanagement
…updates Bumps the npm_and_yarn group with 3 updates in the /core/generator/gapic-generator-typescript directory: [protobufjs](https://github.com/protobufjs/protobuf.js), [protobufjs-cli](https://github.com/protobufjs/protobuf.js) and [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder). Bumps the npm_and_yarn group with 1 update in the /core/packages/gax/test/test-application directory: [@grpc/grpc-js](https://github.com/grpc/grpc-node). Bumps the npm_and_yarn group with 1 update in the /handwritten/cloud-profiler directory: [protobufjs](https://github.com/protobufjs/protobuf.js). Updates `protobufjs` from 7.5.5 to 7.5.6 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.6) Updates `protobufjs-cli` from 1.2.0 to 1.2.2 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.2.0...protobufjs-cli-v1.2.2) Updates `fast-xml-builder` from 1.1.5 to 1.2.0 - [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-builder@v1.1.5...v1.2.0) Updates `protobufjs` from 7.5.5 to 7.5.6 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.6) Updates `protobufjs` from 7.5.5 to 7.5.6 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.6) Updates `protobufjs` from 7.5.5 to 7.5.6 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.6) Updates `@grpc/grpc-js` from 1.6.12 to 1.14.3 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.6.12...@grpc/grpc-js@1.14.3) Updates `protobufjs` from 7.4.0 to 8.2.0 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.6) --- updated-dependencies: - dependency-name: protobufjs dependency-version: 7.5.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: protobufjs-cli dependency-version: 1.2.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fast-xml-builder dependency-version: 1.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 7.5.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 7.5.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 7.5.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-version: 1.14.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 8.2.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Dargon789
deleted the
dependabot/npm_and_yarn/core/generator/gapic-generator-typescript/npm_and_yarn-f2c51a6943
branch
Dargon789
restored the
dependabot/npm_and_yarn/core/generator/gapic-generator-typescript/npm_and_yarn-f2c51a6943
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 3 updates in the /core/generator/gapic-generator-typescript directory: protobufjs, protobufjs-cli and fast-xml-builder.
Bumps the npm_and_yarn group with 1 update in the /core/packages/gax/test/test-application directory: @grpc/grpc-js.
Bumps the npm_and_yarn group with 1 update in the /handwritten/cloud-profiler directory: protobufjs.
Updates
protobufjsfrom 7.5.5 to 7.5.6Release notes
Sourced from protobufjs's releases.
Changelog
Sourced from protobufjs's changelog.
... (truncated)
Commits
2189e5bchore: release protobufjs-v7.x (#2174)75392eafix: Backport input hardening and CLI fixes to 7.x (#2173)8af8d7cchore(ci): Fix 7.x release please configuration (#2169)e92ca42chore(ci): Enable release-please for 7.x (#2166)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.
Updates
protobufjs-clifrom 1.2.0 to 1.2.2Release notes
Sourced from protobufjs-cli's releases.
Commits
3abc9b5chore: release protobufjs-v7.x (#2190)a0bf2dffix: Update CLI peer dependency (7.x) (#2189)2189e5bchore: release protobufjs-v7.x (#2174)75392eafix: Backport input hardening and CLI fixes to 7.x (#2173)8af8d7cchore(ci): Fix 7.x release please configuration (#2169)e92ca42chore(ci): Enable release-please for 7.x (#2166)b7bdfafchore: release 7.5.5ff7b2affix: filter invalid characters from the type name (#2127)086b19dfix: do not allow setting proto in Message constructor (#2126)827ff8echore: release master (#2093)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for protobufjs-cli since your current version.
Updates
fast-xml-builderfrom 1.1.5 to 1.2.0Changelog
Sourced from fast-xml-builder's changelog.
Commits
a9a905bfor release42680e8support name sanitization8b00185release info8a08f17allow indentation to be empty string7fc5decupdate docsc241b6aimprove documentation15d5668update for release9877485fix: skip text property for PI tags311a221fix #5 typing import issuese8fc5b1update for releastUpdates
protobufjsfrom 7.5.5 to 7.5.6Release notes
Sourced from protobufjs's releases.
Changelog
Sourced from protobufjs's changelog.
... (truncated)
Commits
2189e5bchore: release protobufjs-v7.x (#2174)75392eafix: Backport input hardening and CLI fixes to 7.x (#2173)8af8d7cchore(ci): Fix 7.x release please configuration (#2169)e92ca42chore(ci): Enable release-please for 7.x (#2166)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.
Updates
protobufjsfrom 7.5.5 to 7.5.6Release notes
Sourced from protobufjs's releases.
Changelog
Sourced from protobufjs's changelog.
... (truncated)
Commits
2189e5bchore: release protobufjs-v7.x (#2174)75392eafix: Backport input hardening and CLI fixes to 7.x (#2173)8af8d7cchore(ci): Fix 7.x release please configuration (#2169)e92ca42chore(ci): Enable release-please for 7.x (#2166)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.
Updates
protobufjsfrom 7.5.5 to 7.5.6Release notes
Sourced from protobufjs's releases.
Changelog
Sourced from protobufjs's changelog.
... (truncated)
Commits
2189e5bchore: release protobufjs-v7.x (#2174)75392eafix: Backport input hardening and CLI fixes to 7.x (#2173)8af8d7cchore(ci): Fix 7.x release please configuration (#2169)e92ca42chore(ci): Enable release-please for 7.x (#2166)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.
Updates
@grpc/grpc-jsfrom 1.6.12 to 1.14.3Release notes
Sourced from @grpc/grpc-js's releases.
... (truncated)
Commits
ccd29b2Merge pull request #3032 from murgatroid99/grpc-js_retry_half_close_1.149ea15cegrpc-js: Bump version to 1.14.34d387d4Use nextMessageToSend for early half-close88a083dremove halfCloseSent fieldf6895cbSend halfClose immediately after messages to prevent late halfClose issues wi...37f2817revert changes4e26a27half close right after writebf0dc8fMerge pull request #3029 from murgatroid99/grpc-js_keepalive_fix_backport235474egrpc-js: Bump to 1.14.22f090c6grpc-js: Fix server keep alive timeout not properly destroying connectionsInstall script changes
This version modifies
preparescript that runs during installation. Review the package contents before updating.Updates
protobufjsfrom 7.4.0 to 8.2.0Release notes
Sourced from protobufjs's releases.
Changelog
Sourced from protobufjs's changelog.
... (truncated)
Commits
2189e5bchore: release protobufjs-v7.x (#2174)75392eafix: Backport input hardening and CLI fixes to 7.x (#2173)8af8d7cchore(ci): Fix 7.x release please configuration (#2169)e92ca42chore(ci): Enable release-please for 7.x (#2166)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.