chore(deps): bump diff3 from 0.0.3 to 0.0.4

[dependabot]

Bumps diff3 from 0.0.3 to 0.0.4.

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by gk-dev, a new releaser for diff3 since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Greptile Summary

Bumps the diff3 dependency in packages/agent/package.json from 0.0.3 to 0.0.4, with the corresponding bun.lock update.

• The lockfile correctly records both the new diff3@0.0.4 entry (for the direct dependency) and a new nested isomorphic-git/diff3 entry pinned at 0.0.3, reflecting that isomorphic-git still resolves the old version as its own transitive dependency — this is expected bun behavior with dual-version resolution.
• No source code changes are included; this is purely a dependency version bump.

Confidence Score: 5/5

This is a straightforward lockfile + manifest update with no logic changes; the dual-version resolution in bun.lock is correct and expected.

The change touches only diff3 version strings and integrity hashes. The bun.lock correctly adds a nested isomorphic-git/diff3 entry for the old 0.0.3 version that isomorphic-git still requires — this is normal bun deduplication behavior, not an error.

No files require special attention.

Important Files Changed

Filename	Overview
packages/agent/package.json	Bumps diff3 dependency from 0.0.3 to 0.0.4; single-line change with no other modifications.
bun.lock	Lockfile updated: top-level diff3 entry now points to 0.0.4 with new integrity hash, and a nested isomorphic-git/diff3 entry is added pinning 0.0.3 for the transitive dependency from isomorphic-git.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["packages/agent/package.json\ndiff3: 0.0.3 → 0.0.4"] --> B["bun.lock updated"]
    B --> C["diff3@0.0.4\n(direct dep, new hash)"]
    B --> D["isomorphic-git/diff3 → diff3@0.0.3\n(transitive dep, pinned at old version)"]

Loading

_{Reviews (6): Last reviewed commit: "Merge branch 'develop' into dependabot/n..." | Re-trigger Greptile}

[greptile-apps]

New npm publisher for diff3

The Dependabot description notes this release was pushed by gk-dev, an account not previously associated with the diff3 package. A publisher change on a low-traffic utility is a recognized supply-chain attack pattern (e.g., typosquatting or account takeover). Before merging, it is worth confirming on npmjs.com/package/diff3 or the axosoft/diff3 GitHub repo that 0.0.4 was intentionally released by the legitimate maintainers.

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.