chore(deps): bump the npm_and_yarn group across 22 directories with 8 updates by dependabot[bot] · Pull Request #8054 · garden-io/garden

dependabot · 2026-05-04T08:11:44Z

Bumps the npm_and_yarn group with 1 update in the /core directory: uuid.
Bumps the npm_and_yarn group with 1 update in the /e2e/projects/code-synchronization-modules/node-service directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /e2e/projects/tasks-modules/hello directory: minimatch.
Bumps the npm_and_yarn group with 2 updates in the /e2e/projects/vote-helm-modules/vote-image directory: ajv and axios.
Bumps the npm_and_yarn group with 2 updates in the /e2e/projects/vote-modules/vote directory: ajv and axios.
Bumps the npm_and_yarn group with 3 updates in the /examples/argocd/web directory: ajv, axios and pbkdf2.
Bumps the npm_and_yarn group with 3 updates in the /examples/cert-manager-ext-dns/frontend directory: ajv, minimatch and rollup.
Bumps the npm_and_yarn group with 1 update in the /examples/code-synchronization/node-service directory: minimatch.
Bumps the npm_and_yarn group with 2 updates in the /examples/gatsby-code-sync directory: minimatch and postcss.
Bumps the npm_and_yarn group with 2 updates in the /examples/k8s-deploy-config-templates/web directory: axios and pbkdf2.
Bumps the npm_and_yarn group with 2 updates in the /examples/k8s-deploy-patch-resources/web directory: axios and pbkdf2.
Bumps the npm_and_yarn group with 2 updates in the /examples/k8s-deploy-shared-manifests/web directory: axios and pbkdf2.
Bumps the npm_and_yarn group with 1 update in the /examples/pulumi/k8s-deployment directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /examples/pulumi/k8s-namespace directory: minimatch.
Bumps the npm_and_yarn group with 2 updates in the /examples/vote-helm/vote-image directory: ajv and axios.
Bumps the npm_and_yarn group with 3 updates in the /examples/vote/vote directory: ajv, axios and pbkdf2.
Bumps the npm_and_yarn group with 1 update in the /plugins/pulumi/test/test-project-k8s/k8s-deployment directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /plugins/pulumi/test/test-project-k8s/k8s-namespace directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /plugins/pulumi/test/test-project-k8s/k8s-namespace-new directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /plugins/pulumi/test/test-project-k8s/k8s-namespace-new-module directory: minimatch.
Bumps the npm_and_yarn group with 2 updates in the /plugins/pulumi/test/test-project-local-script/deploy-a directory: minimatch and tar.
Bumps the npm_and_yarn group with 2 updates in the /plugins/pulumi/test/test-project-local-script/deploy-b directory: minimatch and tar.

Updates uuid from 11.1.1 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

expect crypto to be global everywhere (requires node@20+) (#935)

drop node@18 support (#934)

Features

drop node@18 support (#934) (dc4ddb8)

Bug Fixes

expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)

Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

make browser exports the default (#901)

Bug Fixes

make browser exports the default (#901) (bce9d72)

v12.0.1

12.0.1 (2026-04-29)

Bug Fixes

backport fix for GHSA-w5hq-g745-h8pq (3d61d6a)

v12.0.0

12.0.0 (2025-09-05)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

crypto is now expected to be globally defined (requires node@20+) (#935)

drop node@18 support (#934)

upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

make browser exports the default (#901)

Bug Fixes

make browser exports the default (#901) (bce9d72)

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

update to typescript@5.2 (#887)

remove CommonJS support (#886)

drop node@16 support (#883)

Features

add node@24 to ci matrix (#879) (42b6178)

drop node@16 support (#883) (0f38cf1)

remove CommonJS support (#886) (ae786e2)

update to typescript@5.2 (#887) (c7ee405)

Bug Fixes

improve v4() performance (#894) (5fd974c)

restore node: prefix (#889) (e1f42a3)

11.1.0 (2025-02-19)

... (truncated)

Commits

7c1ea08 chore(main): release 14.0.0 (#926)
3d2c5b0 Merge commit from fork
f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
529ef08 chore: upgrade TypeScript and fixup types (#927)
086fd79 chore: update dependencies (#933)
dc4ddb8 feat!: drop node@18 support (#934)
0f1f9c9 chore: switch to Biome for parsing and linting (#932)
e2879e6 chore: use maintained version of npm-run-all (#930)
ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
0423d49 docs: remove obsolete v1 option notes (#915)
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 9.0.9

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.15.0

Commits

184bc32 6.15.0
fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates axios from 0.30.2 to 0.31.0

Release notes

Sourced from axios's releases.

v0.31.0

This release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and zizmor scanning, resolves TypeScript typing issues in AxiosInstance, and fixes a performance regression in isEmptyObject().

🔒 Security Fixes

Header Injection & Proxy Bypass: Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper NO_PROXY/no_proxy enforcement covering wildcards, explicit ports, loopback aliases (localhost, 127.0.0.1, ::1), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and parsed.host is used for correct port and IPv6 handling. (#10688)

CI Security: SHA-pins all actions and disables credential persistence in v0.x CI, introduces zizmor security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required npm-publish GitHub Environment with configurable reviewer protections. (#10638, #10639, #10667)

🐛 Bug Fixes

TypeScript — AxiosInstance Return Types: Fixes return types in AxiosInstance methods to correctly resolve to Promise<R> (matching AxiosPromise<T> semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (#6253, #7328)

Performance: Fixes a performance regression in isEmptyObject() that caused excessive computation when the argument was a large string. (#6484)

🔧 Maintenance & Chores

Versioning & CI Workflow: Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (#10690, #10691, #10692)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@nakataki17 (#6253)

@gmasclet (#6484)

@shaanmajid (#10638, #10639, #10667)

@ivan-churakov (#7328)

Full Changelog

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

Backport: Fix DoS via proto key in merge config

Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

CI Infrastructure Update

Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @jasonsaayman in [PR #7407](axios/axios#7407)

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

... (truncated)

Commits

5073eca chore: release v0.31.0 (#10697)
b57eb1a ci: update branch name (#10692)
00ab2af refactor: change name to have a unified workflow (#10691)
9a66c09 chore: added a versioning flow (#10690)
03cdfc9 fix: backport the fixes from the v1 branch (#10688)
71be4e5 fix: return types in AxiosInstance methods should be Promise<R> (#6253)
62610f6 fix: fixed performance issue in isEmptyObject() (#6484)
68f97f7 ci: require npm-publish environment for releases (#10667)
58a6043 ci: add zizmor and harden v0.x CI (#10638)
b560d41 ci: add OIDC publish workflow for v0.x (#10639)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Updates ajv from 6.12.6 to 6.15.0

Commits

184bc32 6.15.0
fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates axios from 0.30.0 to 0.31.0

Release notes

Sourced from axios's releases.

v0.31.0

This release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and zizmor scanning, resolves TypeScript typing issues in AxiosInstance, and fixes a performance regression in isEmptyObject().

🔒 Security Fixes

Header Injection & Proxy Bypass: Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper NO_PROXY/no_proxy enforcement covering wildcards, explicit ports, loopback aliases (localhost, 127.0.0.1, ::1), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and parsed.host is used for correct port and IPv6 handling. (#10688)

CI Security: SHA-pins all actions and disables credential persistence in v0.x CI, introduces zizmor security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required npm-publish GitHub Environment with configurable reviewer protections. (#10638, #10639, #10667)

🐛 Bug Fixes

TypeScript — AxiosInstance Return Types: Fixes return types in AxiosInstance methods to correctly resolve to Promise<R> (matching AxiosPromise<T> semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (#6253, #7328)

Performance: Fixes a performance regression in isEmptyObject() that caused excessive computation when the argument was a large string. (#6484)

🔧 Maintenance & Chores

Versioning & CI Workflow: Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (#10690, #10691, #10692)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@nakataki17 (#6253)

@gmasclet (#6484)

@shaanmajid (#10638, #10639, #10667)

@ivan-churakov (#7328)

Full Changelog

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

Backport: Fix DoS via proto key in merge config

Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

CI Infrastructure Update

Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @jasonsaayman in [PR #7407](axios/axios#7407)

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

... (truncated)

Commits

5073eca chore: release v0.31.0 (#10697)
b57eb1a ci: update branch name (#10692)
00ab2af refactor: change name to have a unified workflow (#10691)
9a66c09 chore: added a versioning flow (#10690)
03cdfc9 fix: backport the fixes from the v1 branch (#10688)
71be4e5 fix: return types in AxiosInstance methods should be Promise<R> (#6253)
62610f6 fix: fixed performance issue in isEmptyObject() (#6484)
68f97f7 ci: require npm-publish environment for releases (#10667)
58a6043 ci: add zizmor and harden v0.x CI (#10638)
b560d41 ci: add OIDC publish workflow for v0.x (#10639)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Updates ajv from 6.12.6 to 6.15.0

Commits

184bc32 6.15.0
fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates axios from 0.30.2 to 0.31.0

Release notes

Sourced from axios's releases.

v0.31.0

This release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and zizmor scanning, resolves TypeScript typing issues in AxiosInstance, and fixes a performance regression in isEmptyObject().

🔒 Security Fixes

Header Injection & Proxy Bypass: Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper NO_PROXY/no_proxy enforcement covering wildcards, explicit ports, loopback aliases (localhost, 127.0.0.1, ::1), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and parsed.host is used for correct port and IPv6 handling. (#10688)

CI Security: SHA-pins all actions and disables credential persistence in v0.x CI, introduces zizmor security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required npm-publish GitHub Environment with configurable reviewer protections. (#10638, #10639, #10667)

🐛 Bug Fixes

TypeScript — AxiosInstance Return Types: Fixes return types in AxiosInstance methods to correctly resolve to Promise<R> (matching AxiosPromise<T> semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (#6253, #7328)

Performance: Fixes a performance regression in isEmptyObject() that caused excessive computation when the argument was a large string. (#6484)

🔧 Maintenance & Chores

Versioning & CI Workflow: Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (#10690, #10691, #10692)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@nakataki17 (#6253)

@gmasclet (#6484)

@shaanmajid (#10638, #10639, #10667)

@ivan-churakov (#7328)

Full Changelog

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

Backport: Fix DoS via proto key in merge config

Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

CI Infrastructure Update

Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @jasonsaayman in [PR #7407](axios/axios#7407)

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

... (truncated)

Commits

5073eca chore: release v0.31.0 (#10697)
b57eb1a ci: update branch name (#10692)
00ab2af refactor: change name to have a unified workflow (#10691)
9a66c09 chore: added a versioning flow (#10690)
03cdfc9 fix: backport the fixes from the v1 branch (#10688)
71be4e5 fix: return types in AxiosInstance methods should be Promise<R> (#6253)
62610f6 fix: fixed performance issue in isEmptyObject() (#6484)
68f97f7 ci: require npm-publish environment for releases (#10667)
58a6043 ci: add zizmor and harden v0.x CI (#10638)
b560d41 ci: add OIDC publish workflow for v0.x (#10639)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Updates pbkdf2 from 3.0.17 to 3.1.5

Changelog

Sourced from pbkdf2's changelog.

v3.1.5 - 2025-09-23

Commits

[Fix] only allow finite iterations 67bd94d

[Fix] restore node 0.10 support 8f59d96

[Fix] check parameters before the "no Promise" bailout d2dc5f0

v3.1.4 - 2025-09-22

Commits

[Deps] update create-hash, ripemd160, sha.js, to-buffer 8dbf49b

[meta] update repo URLs d15bc35

[Dev Deps] update @ljharb/eslint-config aaf870b

v3.1.3 - 2025-06-20

Commits

Only apps should have lockfiles 8b06730

[lint] fix whitespace 9a76e2f

[lint] fix parens/curlies/semis/etc 6fd84bf

[meta] add auto-changelog 796c38d

[Tests] fix tests in node 17 3661fb0

Revert "[Tests] fix tests in node < 3" 7431b57

[Tests] fix tests in node < 3 eb9f97a

[Fix] ensure unknown algorithms throw + known ones match node 26d4fd3

[Tests] add GHA, always run nyc 513906a

[lint] fix a few more rules ab04da8

[lint] switch to eslint 89694cf

[Tests] add coverage d0d534b

[Refactor] use to-buffer e3102a8

[readme] improve badges fca0c9d

[Tests] remove unused travis file a2c7d93

[meta] switch from files to npmignore 7f31fbc

[Tests] use .nycrc 8d628e8

[Refactor] minor tweaks fc61005

[Deps] update create-hmac, safe-buffer, sha.js ae2a7d0

[Fix] pin create-hash, ripemd160 due to breaking changes e079968

[Tests] fix tests in node 3 45fbcf3

[meta] skip publishing benchmarks 19ea57b

[Dev Deps] add missing peer dep 645e252

v3.1.2 - 2021-04-09

Commits

handle nextTick 36457b9

Check for process before accessing 449e510

... (truncated)

Commits

3687905 v3.1.5
67bd94d [Fix] only allow finite iterations
8f59d96 [Fix] restore node 0.10 support
d2dc5f0 [Fix] check parameters before the "no Promise" bailout
b2ad615 v3.1.4
8dbf49b [Deps] update create-hash, ripemd160, sha.js, to-buffer
aaf870b [Dev Deps] update @ljharb/eslint-config
d15bc35 [meta] update repo URLs
3e40827 v3.1.3
e3102a8 [Refactor] use to-buffer
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for pbkdf2 since your current version.

Updates ajv from 6.12.6 to 6.15.0

Commits

184bc32 6.15.0
fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates ajv from 8.12.0 to 8.20.0

Commits

184bc32 6.15.0
fea46af test/fix prototype pollution via $data ref with format keyword (#2606)
e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates minimatch from 5.1.6 to 5.1.9

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates rollup from 2.79.2 to 2.80.0

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

#6277: Validate bundle stays within output dir (@lukastaegert)

Commits

… updates Bumps the npm_and_yarn group with 1 update in the /core directory: [uuid](https://github.com/uuidjs/uuid). Bumps the npm_and_yarn group with 1 update in the /e2e/projects/code-synchronization-modules/node-service directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /e2e/projects/tasks-modules/hello directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 2 updates in the /e2e/projects/vote-helm-modules/vote-image directory: [ajv](https://github.com/ajv-validator/ajv) and [axios](https://github.com/axios/axios). Bumps the npm_and_yarn group with 2 updates in the /e2e/projects/vote-modules/vote directory: [ajv](https://github.com/ajv-validator/ajv) and [axios](https://github.com/axios/axios). Bumps the npm_and_yarn group with 3 updates in the /examples/argocd/web directory: [ajv](https://github.com/ajv-validator/ajv), [axios](https://github.com/axios/axios) and [pbkdf2](https://github.com/browserify/pbkdf2). Bumps the npm_and_yarn group with 3 updates in the /examples/cert-manager-ext-dns/frontend directory: [ajv](https://github.com/ajv-validator/ajv), [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 1 update in the /examples/code-synchronization/node-service directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 2 updates in the /examples/gatsby-code-sync directory: [minimatch](https://github.com/isaacs/minimatch) and [postcss](https://github.com/postcss/postcss). Bumps the npm_and_yarn group with 2 updates in the /examples/k8s-deploy-config-templates/web directory: [axios](https://github.com/axios/axios) and [pbkdf2](https://github.com/browserify/pbkdf2). Bumps the npm_and_yarn group with 2 updates in the /examples/k8s-deploy-patch-resources/web directory: [axios](https://github.com/axios/axios) and [pbkdf2](https://github.com/browserify/pbkdf2). Bumps the npm_and_yarn group with 2 updates in the /examples/k8s-deploy-shared-manifests/web directory: [axios](https://github.com/axios/axios) and [pbkdf2](https://github.com/browserify/pbkdf2). Bumps the npm_and_yarn group with 1 update in the /examples/pulumi/k8s-deployment directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /examples/pulumi/k8s-namespace directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 2 updates in the /examples/vote-helm/vote-image directory: [ajv](https://github.com/ajv-validator/ajv) and [axios](https://github.com/axios/axios). Bumps the npm_and_yarn group with 3 updates in the /examples/vote/vote directory: [ajv](https://github.com/ajv-validator/ajv), [axios](https://github.com/axios/axios) and [pbkdf2](https://github.com/browserify/pbkdf2). Bumps the npm_and_yarn group with 1 update in the /plugins/pulumi/test/test-project-k8s/k8s-deployment directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /plugins/pulumi/test/test-project-k8s/k8s-namespace directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /plugins/pulumi/test/test-project-k8s/k8s-namespace-new directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /plugins/pulumi/test/test-project-k8s/k8s-namespace-new-module directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 2 updates in the /plugins/pulumi/test/test-project-local-script/deploy-a directory: [minimatch](https://github.com/isaacs/minimatch) and [tar](https://github.com/isaacs/node-tar). Bumps the npm_and_yarn group with 2 updates in the /plugins/pulumi/test/test-project-local-script/deploy-b directory: [minimatch](https://github.com/isaacs/minimatch) and [tar](https://github.com/isaacs/node-tar). Updates `uuid` from 11.1.1 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v11.1.1...v14.0.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.0.4 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `ajv` from 6.12.6 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `axios` from 0.30.2 to 0.31.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.30.2...v0.31.0) Updates `ajv` from 6.12.6 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `axios` from 0.30.0 to 0.31.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.30.2...v0.31.0) Updates `ajv` from 6.12.6 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `axios` from 0.30.2 to 0.31.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.30.2...v0.31.0) Updates `pbkdf2` from 3.0.17 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.17...v3.1.5) Updates `ajv` from 6.12.6 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `ajv` from 8.12.0 to 8.20.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.2...v2.80.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `postcss` from 8.4.31 to 8.5.13 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.31...8.5.13) Updates `axios` from 0.30.0 to 0.31.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.30.2...v0.31.0) Updates `pbkdf2` from 3.0.17 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.17...v3.1.5) Updates `axios` from 0.30.0 to 0.31.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.30.2...v0.31.0) Updates `pbkdf2` from 3.0.17 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.17...v3.1.5) Updates `axios` from 0.30.2 to 0.31.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.30.2...v0.31.0) Updates `pbkdf2` from 3.0.17 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.17...v3.1.5) Updates `minimatch` from 3.0.5 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.0.5 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `ajv` from 6.12.6 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `axios` from 0.30.2 to 0.31.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.30.2...v0.31.0) Updates `ajv` from 6.12.6 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `axios` from 0.30.0 to 0.31.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.30.2...v0.31.0) Updates `pbkdf2` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.17...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `tar` from 6.2.1 to 7.5.13 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.1...v7.5.13) Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `tar` from 6.2.1 to 7.5.13 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.1...v7.5.13) --- updated-dependencies: - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.31.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.31.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.31.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.20.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.31.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.31.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.31.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.31.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.31.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.13 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 4, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 22 directories with 8 updates#8054

chore(deps): bump the npm_and_yarn group across 22 directories with 8 updates#8054
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/core/npm_and_yarn-296fb4e7ca

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 4, 2026

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

Features

Bug Fixes

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

Bug Fixes

v12.0.1

12.0.1 (2026-04-29)

Bug Fixes

v12.0.0

12.0.0 (2025-09-05)

14.0.0 (2026-04-19)

Security

⚠ BREAKING CHANGES

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

Bug Fixes

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

Features

Bug Fixes

11.1.0 (2025-02-19)

v0.31.0

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

Release notes - v0.30.3

🛡️ Security Fixes

⚙️ Maintenance & CI

⚠️ Breaking Changes

v0.31.0

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

Release notes - v0.30.3

🛡️ Security Fixes

⚙️ Maintenance & CI

⚠️ Breaking Changes

v0.31.0

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

Release notes - v0.30.3

🛡️ Security Fixes

⚙️ Maintenance & CI

⚠️ Breaking Changes

v3.1.5 - 2025-09-23

Commits

v3.1.4 - 2025-09-22

Commits

v3.1.3 - 2025-06-20

Commits

v3.1.2 - 2021-04-09

Commits

2.80.0

Features

Pull Requests

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants