build(deps): bump the npm-dependencies group across 1 directory with 15 updates by dependabot[bot] · Pull Request #426 · guacsec/trustify-da-javascript-client

dependabot · 2026-03-24T06:46:32Z

Bumps the npm-dependencies group with 15 updates in the / directory:

Package	From	To
@cyclonedx/cyclonedx-library	`6.13.1`	`10.0.0`
fast-xml-parser	`5.3.4`	`5.5.9`
https-proxy-agent	`7.0.6`	`8.0.0`
packageurl-js	`1.0.2`	`2.0.1`
smol-toml	`1.6.0`	`1.6.1`
web-tree-sitter	`0.26.6`	`0.26.7`
@types/node	`20.19.31`	`25.5.0`
chai	`4.5.0`	`6.2.2`
eslint	`8.57.1`	`10.1.0`
mocha	`10.8.2`	`11.7.5`
msw	`2.12.7`	`2.12.14`
sinon	`15.2.0`	`21.0.3`
sinon-chai	`3.7.0`	`4.0.1`
typescript	`5.9.3`	`6.0.2`
which	`5.0.0`	`6.0.1`

Updates @cyclonedx/cyclonedx-library from 6.13.1 to 10.0.0

Release notes

Sourced from @cyclonedx/cyclonedx-library's releases.

10.0.0

BREAKING changes

Removed deprecated symbols

Removed PackageUrl factories

No longer use external standards' implementations directly

Removed

Entrypoint Builders (via #1377)

Entrypoint Factories (via #1377)

Entrypoint Utils (via #1377)

Entrypoint Contrib/PackageUrl (via #1378)

Deprecated symbol Builders (#1346 via #1377)

Deprecated symbol Builders.FromNodePackageJson (#1346 via #1377)

Deprecated symbol Builders.FromNodePackageJson.ToolBuilder (#1346 via #1377)
Use Contrib.FromNodePackageJson.Builders.ToolBuilder instead.

Deprecated symbol Builders.FromNodePackageJson.ComponentBuilder (#1346 via #1377)
Use Contrib.FromNodePackageJson.Builders.ComponentBuilder instead.

Deprecated symbol Factories (#1346 via #1377)

Deprecated symbol Factories.FromNodePackageJson (#1346 via #1377)

Deprecated symbol Factories.FromNodePackageJson.ExternalReferenceFactory (#1346 via #1377)
Use Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory instead.

Deprecated symbol Factories.FromNodePackageJson.PackageUrlFactory (#1346 via #1377)
Use packageurl-js downstream.

Deprecated symbol Factories.LicenseFactory (#1346, #1348 via #1377, #1378)
Use Contrib.License.Factories.LicenseFactory instead.

Deprecated symbol Factories.PackageUrlFactory (#1346 via #1377)
Use packageurl-js downstream.

Deprecated symbol Types.NodePackageJson (#1346, #1348 via #1377, #1378)
Use Contrib.FromNodePackageJson.Types.NodePackageJson instead.

Deprecated symbol Types.assertNodePackageJson (#1346 via #1377)
Use Contrib.FromNodePackageJson.Types.assertNodePackageJson instead.

Deprecated symbol Types.isNodePackageJson (#1346 via #1377)
Use Contrib.FromNodePackageJson.Types.isNodePackageJson instead.

Deprecated symbol Utils (#1346 via #1377)

Deprecated symbol Utils.BomUtility (#1346 via #1377)

Deprecated symbol Utils.BomUtility.randomSerialNumber (#1346 via #1377)
Use Contrib.Bom.Utils.randomSerialNumber instead.

Deprecated symbol Utils.LicenseUtility (#1346 via #1377)

Deprecated symbol Utils.LicenseUtility.FsUtils (#1346 via #1377)
Use Contrib.License.Utils.FsUtils instead.

Deprecated symbol Utils.LicenseUtility.PathUtils (#1346 via #1377)

Use Contrib.License.Utils.PathUtils instead.

Deprecated symbol Utils.LicenseUtility.FileAttachment (#1346 via #1377)
Use Contrib.License.Utils.FileAttachment instead.

Deprecated symbol Utils.LicenseUtility.ErrorReporter (#1346 via #1377)
Use Contrib.License.Utils.ErrorReporter instead.

Deprecated symbol Utils.LicenseUtility.LicenseEvidenceGatherer (#1346 via #1377)
Use Contrib.License.Utils.LicenseEvidenceGatherer instead.

Deprecated symbol Utils.NpmjsUtility (#1346 via #1377)

Deprecated symbol Utils.NpmjsUtility.parsePackageIntegrity (#1346 via #1377)
Use Contrib.FromNodePackageJson.Utils.parsePackageIntegrity instead.

... (truncated)

Changelog

Sourced from @cyclonedx/cyclonedx-library's changelog.

10.0.0 -- 2026-03-03

BREAKING changes

Removed deprecated symbols

Removed PackageUrl factories

No longer use external standards' implementations directly

Removed

Entrypoint Builders (via #1377)

Entrypoint Factories (via #1377)

Entrypoint Utils (via #1377)

Entrypoint Contrib/PackageUrl (via #1378)

Deprecated symbol Builders (#1346 via #1377)

Deprecated symbol Builders.FromNodePackageJson (#1346 via #1377)

Deprecated symbol Builders.FromNodePackageJson.ToolBuilder (#1346 via #1377)
Use Contrib.FromNodePackageJson.Builders.ToolBuilder instead.

Deprecated symbol Builders.FromNodePackageJson.ComponentBuilder (#1346 via #1377)
Use Contrib.FromNodePackageJson.Builders.ComponentBuilder instead.

Deprecated symbol Factories (#1346 via #1377)

Deprecated symbol Factories.FromNodePackageJson (#1346 via #1377)

Deprecated symbol Factories.FromNodePackageJson.ExternalReferenceFactory (#1346 via #1377)
Use Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory instead.

Deprecated symbol Factories.FromNodePackageJson.PackageUrlFactory (#1346 via #1377)
Use packageurl-js downstream.

Deprecated symbol Factories.LicenseFactory (#1346, #1348 via #1377, #1378)
Use Contrib.License.Factories.LicenseFactory instead.

Deprecated symbol Factories.PackageUrlFactory (#1346 via #1377)
Use packageurl-js downstream.

Deprecated symbol Types.NodePackageJson (#1346, #1348 via #1377, #1378)
Use Contrib.FromNodePackageJson.Types.NodePackageJson instead.

Deprecated symbol Types.assertNodePackageJson (#1346 via #1377)
Use Contrib.FromNodePackageJson.Types.assertNodePackageJson instead.

Deprecated symbol Types.isNodePackageJson (#1346 via #1377)
Use Contrib.FromNodePackageJson.Types.isNodePackageJson instead.

Deprecated symbol Utils (#1346 via #1377)

Deprecated symbol Utils.BomUtility (#1346 via #1377)

Deprecated symbol Utils.BomUtility.randomSerialNumber (#1346 via #1377)
Use Contrib.Bom.Utils.randomSerialNumber instead.

Deprecated symbol Utils.LicenseUtility (#1346 via #1377)

Deprecated symbol Utils.LicenseUtility.FsUtils (#1346 via #1377)
Use Contrib.License.Utils.FsUtils instead.

Deprecated symbol Utils.LicenseUtility.PathUtils (#1346 via #1377)

Use Contrib.License.Utils.PathUtils instead.

Deprecated symbol Utils.LicenseUtility.FileAttachment (#1346 via #1377)
Use Contrib.License.Utils.FileAttachment instead.

Deprecated symbol Utils.LicenseUtility.ErrorReporter (#1346 via #1377)
Use Contrib.License.Utils.ErrorReporter instead.

Deprecated symbol Utils.LicenseUtility.LicenseEvidenceGatherer (#1346 via #1377)
Use Contrib.License.Utils.LicenseEvidenceGatherer instead.

Deprecated symbol Utils.NpmjsUtility (#1346 via #1377)

Deprecated symbol Utils.NpmjsUtility.parsePackageIntegrity (#1346 via #1377)

... (truncated)

Commits

b47c069 10.0.0
869c416 chore: prep v10.0.0
2fecf38 docs
d533341 feat: harden schema validators (#1396)
aa8ddb1 feat: pulled SPDX license IDs v1.0-3.28.0 (#1395)
2a75d8f chore(deps): bump knip from 5.83.1 to 5.85.0 in /tools/test-dependencies (#1392)
397ab83 v10.0.0 (#1376)
21e9cf8 style: typed import extra
f1a09d8 Merge remote-tracking branch 'origin/main' into feat/10.0.0-dev
d0cab76 9.5.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @cyclonedx/cyclonedx-library since your current version.

Updates fast-xml-parser from 5.3.4 to 5.5.9

Release notes

Sourced from fast-xml-parser's releases.

fix entity expansion and incorrect replacement and performance

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.5...v5.5.6

support onDangerousProperty

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.3...v5.5.5

update dependecies to fix typings

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.1...v5.5.2

integrate path-expression-matcher

support path-expression-matcher

fix: stopNode should not be parsed

performance improvement for stopNode checking

Separate Builder

XML Builder was the part of fast-xml-parser for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.

Migration

To migrate to fast-xml-builder;

From
import { XMLBuilder } from "fast-xml-parser";
To
import  XMLBuilder  from "fast-xml-builder";
XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.

support strictReservedNames

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.9...v5.3.9

handle non-array input for XML builder && support maxNestedTags

support maxNestedTags

handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)

save use of js properies Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.7...v5.3.8

CJS typing fix

What's Changed

Unexport X2jOptions at declaration site by @Drarig29 in NaturalIntelligence/fast-xml-parser#787

New Contributors

@Drarig29 made their first contribution in NaturalIntelligence/fast-xml-parser#787

... (truncated)

Commits

See full diff in compare view

Updates https-proxy-agent from 7.0.6 to 8.0.0

Release notes

Sourced from https-proxy-agent's releases.

https-proxy-agent@8.0.0

Major Changes

9c92c09: Convert to ESM. All packages now use "type": "module" and compile to ESM output instead of CommonJS.

Patch Changes

Updated dependencies [9c92c09]

agent-base@8.0.0

Changelog

Sourced from https-proxy-agent's changelog.

8.0.0

Major Changes

9c92c09: Convert to ESM. All packages now use "type": "module" and compile to ESM output instead of CommonJS.

Patch Changes

Updated dependencies [9c92c09]

agent-base@8.0.0

Commits

8dcdac8 Version Packages (#395)
5d3f71a Use pnpm catalog: for shared dependencies
77da068 Use workspace:* for inter-repo dependencies
f70a9dc Fix CI failures: update Node.js matrix and test configuration
9c92c09 Convert all packages to ESM with type: module
0b77ac7 Migrate from Jest to Vitest
ed00d30 Re-generate self-signed cert for tests
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for https-proxy-agent since your current version.

Updates packageurl-js from 1.0.2 to 2.0.1

Changelog

Sourced from packageurl-js's changelog.

2.0.1

Bug Fix

Fix decoding problems around the % character #75 (fix contributed by @jdalton)

2.0.0

Significant refactor based on code from @jdalton

Numerous bug fixes and improvements the community was asking for

See closed issues and PRs for details (too many to list here)

1.2.1

Bug Fixes

purls with + in versions are now valid #52 (contributed by @satanshiro)

purl names staring with : are now accepted #45 (contributed by @aniruth37)

1.2.0

Features

Add pub parsing for Dart and Flutter packages (contributed by @topaztee)

1.1.1

Bug Fix

publish errors

1.1.0

Features

Verify entire version string is properly encoded (contributed by @mcombuechen, @topaztee)

Commits

cd1eb4b chore: bump to v2.0.1 (#77)
f7dccd6 fix: error on decode with meaningful message
07b818b fix: only decode in parseString
c2f576f bump to v2.0.0 (#74)
b5660a5 Merge pull request #73 from package-url/jdalton/sync
400de0c Merge pull request #72 from package-url/dependabot/npm_and_yarn/braces-3.0.3
b6c8ce8 fix: correct package-url.d.ts readonly type casing
96822af fix: correct param name typos
f81a6be fix: use encodeQualifierValue for qualifierKey and qualifierValue
ff590d2 feat: encode qualifiers with URLSearchParams
Additional commits viewable in compare view

Updates smol-toml from 1.6.0 to 1.6.1

Release notes

Sourced from smol-toml's releases.

v1.6.1

This release addresses a minor security vulnerability where an attacker-controlled TOML document can exploit an unrestricted recustion and cause a stack overflow error with a document that contains thousands of sucessive commented lines. Security advisory: GHSA-v3rj-xjv7-4jmq

Commits

072b64f chore: version bump
19a5dc7 chore: upgrade dependencies and actions
f286f87 fix: don't use recursion in skipVoid
See full diff in compare view

Updates web-tree-sitter from 0.26.6 to 0.26.7

Release notes

Sourced from web-tree-sitter's releases.

v0.26.7

Notable Changes

A regression in v0.26.6 with quantified alternations was fixed.

Release artifacts for the tree-sitter CLI are now published as zip archives (in addition to gzipped executables, which are planned for removal in a future minor release).

What's Changed

fix: skip missing Makefile in version command by @tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5386

fix(wasm): pass target triple to clang (#5385) by @clason in tree-sitter/tree-sitter#5390

chore(parser): return NULL, not false, for incomplete parse by @tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5398

fix(loader): link with libc on OpenBSD to compile parser by @tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5399

refactor(query): remove alternative_is_immediate by @tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5412

fix(query): don't add copies for quantifier steps outside alternations by @tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5414

revert allowing dashes in parser name by @tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5433

ci(release): publish zip archives by @clason in tree-sitter/tree-sitter#5434

release v0.26.7 by @clason in tree-sitter/tree-sitter#5435

Full Changelog: tree-sitter/tree-sitter@v0.26.6...v0.26.7

Commits

6f2e8a6 release v0.26.7
See full diff in compare view

Updates @types/node from 20.19.31 to 25.5.0

Commits

See full diff in compare view

Updates chai from 4.5.0 to 6.2.2

Release notes

Sourced from chai's releases.

v6.2.2

What's Changed

build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in chaijs/chai#1745

chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 by @renovate[bot] in chaijs/chai#1746

build(deps): bump glob from 10.4.5 to 10.5.0 by @dependabot[bot] in chaijs/chai#1747

chore(deps): update actions/checkout action to v6 by @renovate[bot] in chaijs/chai#1749

fix: avoid BigInt literal in closeTo for runtime compat by @bheemreddy-samsara in chaijs/chai#1748

chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 by @renovate[bot] in chaijs/chai#1751

chore(deps): update dependency prettier to v3.7.3 by @renovate[bot] in chaijs/chai#1754

chore(deps): update dependencies by @renovate[bot] in chaijs/chai#1755

chore(deps): update dependencies to v9.39.2 by @renovate[bot] in chaijs/chai#1757

chore: add --legal-comments=none option by @hyperz111 in chaijs/chai#1756

chore(deps): update dependency esbuild to v0.27.2 by @renovate[bot] in chaijs/chai#1759

New Contributors

@bheemreddy-samsara made their first contribution in chaijs/chai#1748

@hyperz111 made their first contribution in chaijs/chai#1756

Full Changelog: chaijs/chai@v6.2.1...v6.2.2

v6.2.1

What's Changed

chore: add renovate config by @43081j in chaijs/chai#1709

chore: use new renovate schema by @43081j in chaijs/chai#1713

chore(deps): update actions/setup-node action to v5 (main) by @renovate[bot] in chaijs/chai#1711

chore(deps): update actions/checkout action to v5 (main) by @renovate[bot] in chaijs/chai#1710

chore(deps): update dependency eslint to v9 (main) by @renovate[bot] in chaijs/chai#1715

chore(deps): update dependency @rollup/plugin-commonjs to v28 (main) by @renovate[bot] in chaijs/chai#1714

chore(deps): update dependency mocha to v11 (main) by @renovate[bot] in chaijs/chai#1717

chore(deps): update dependency eslint-plugin-jsdoc to v60 (main) by @renovate[bot] in chaijs/chai#1716

chore: disable renovate for 4.x.x by @43081j in chaijs/chai#1722

chore(deps): update dependency eslint-plugin-jsdoc to v61 by @renovate[bot] in chaijs/chai#1727

chore(deps): update actions/setup-node action to v6 by @renovate[bot] in chaijs/chai#1729

chore(deps): update dependencies by @renovate[bot] in chaijs/chai#1726

chore(deps): update dependencies by @renovate[bot] in chaijs/chai#1730

chore(deps): update dependency node to v24 by @renovate[bot] in chaijs/chai#1731

chore(deps): update dependency @rollup/plugin-commonjs to v29 by @renovate[bot] in chaijs/chai#1732

chore(deps): update dependencies by @renovate[bot] in chaijs/chai#1734

build(deps): bump koa from 2.14.2 to 2.16.1 by @dependabot[bot] in chaijs/chai#1683

docs: update browser usage by @43081j in chaijs/chai#1736

chore(deps): update dependencies by @renovate[bot] in chaijs/chai#1740

docs: add comprehensive documentation for containSubset assertion by @Aashish-Jha-11 in chaijs/chai#1739

Set esbuild target to es2021 to support Safari < 16.4 by @larabr in chaijs/chai#1737

New Contributors

@renovate[bot] made their first contribution in chaijs/chai#1711

@Aashish-Jha-11 made their first contribution in chaijs/chai#1739

@larabr made their first contribution in chaijs/chai#1737

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

... (truncated)

Commits

814172d chore(deps): update dependency esbuild to v0.27.2 (#1759)
b38c22b chore: add legal-comments=none option (#1756)
180d4cc chore(deps): update dependencies to v9.39.2 (#1757)
678cd00 chore(deps): update dependencies (#1755)
c8fb100 chore(deps): update dependency prettier to v3.7.3 (#1754)
d63c74e chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 (#1751)
243bf86 fix: avoid BigInt literal in closeTo for runtime compat (#1748)
d8b0395 chore(deps): update actions/checkout action to v6 (#1749)
7e1e247 build(deps): bump glob from 10.4.5 to 10.5.0 (#1747)
b25e5d8 chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 (#1746)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chai since your current version.

Updates eslint from 8.57.1 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)

0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)

e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)

58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)

7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)

035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)

e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)

7f10d84 docs: Update README (GitHub Actions Bot)

aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)

a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)

1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)

c0a6f4a chore: update dependency @eslint/json to ^1.2.0 (#20652) (renovate[bot])

cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])

2ce4635 chore: update dependency @eslint/json to v1 (#20649) (renovate[bot])

f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])

dbb4c95 chore: remove trunk (#20478) (sethamus)

c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)

c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])

07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)

079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)

5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)

f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])

v10.0.3

Bug Fixes

e511b58 fix: update eslint (#20595) (renovate[bot])

f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)

ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

9fc31b0 docs: Update README (GitHub Actions Bot)

4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)

23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)

80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)

9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)

e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)

... (truncated)

Commits

8351ec7 10.1.0
3270bc1 Build: changelog update for 10.1.0
a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584)
1f42bd7 chore: update prettier to 3.8.1 (#20651)
c0a6f4a chore: update dependency @eslint/json to ^1.2.0 (#20652)
cc43f79 chore: update dependency c8 to v11 (#20650)
2ce4635 chore: update dependency @eslint/json to v1 (#20649)
f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646)
dbb4c95 chore: remove trunk (#20478)
ff4382b feat: apply fix for no-var in TSModuleBlock (#20638)
Additional commits viewable in compare view

Updates mocha from 10.8.2 to 11.7.5

Release notes

Sourced from mocha's releases.

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

run tests on PRs for and pushes to v11.x (#5525) (8b21b38)

setup release-please for v11 (#5522) (663fff4)

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

remove trailing spaces (#5475) (7f68e5c)

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

add security escalation policy (#5466) (4122c7d)

fix duplicate global leak documentation (#5461) (1164b9d)

migrate third party UIs wiki page to docs (#5434) (6654704)

update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

... (truncated)

Details

Description has been truncated

…15 updates Bumps the npm-dependencies group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@cyclonedx/cyclonedx-library](https://github.com/CycloneDX/cyclonedx-javascript-library) | `6.13.1` | `10.0.0` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.3.4` | `5.5.9` | | [https-proxy-agent](https://github.com/TooTallNate/proxy-agents/tree/HEAD/packages/https-proxy-agent) | `7.0.6` | `8.0.0` | | [packageurl-js](https://github.com/package-url/packageurl-js) | `1.0.2` | `2.0.1` | | [smol-toml](https://github.com/squirrelchat/smol-toml) | `1.6.0` | `1.6.1` | | [web-tree-sitter](https://github.com/tree-sitter/tree-sitter/tree/HEAD/lib/binding_web) | `0.26.6` | `0.26.7` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.31` | `25.5.0` | | [chai](https://github.com/chaijs/chai) | `4.5.0` | `6.2.2` | | [eslint](https://github.com/eslint/eslint) | `8.57.1` | `10.1.0` | | [mocha](https://github.com/mochajs/mocha) | `10.8.2` | `11.7.5` | | [msw](https://github.com/mswjs/msw) | `2.12.7` | `2.12.14` | | [sinon](https://github.com/sinonjs/sinon) | `15.2.0` | `21.0.3` | | [sinon-chai](https://github.com/chaijs/sinon-chai) | `3.7.0` | `4.0.1` | | [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.2` | | [which](https://github.com/npm/node-which) | `5.0.0` | `6.0.1` | Updates `@cyclonedx/cyclonedx-library` from 6.13.1 to 10.0.0 - [Release notes](https://github.com/CycloneDX/cyclonedx-javascript-library/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/HISTORY.md) - [Commits](CycloneDX/cyclonedx-javascript-library@v6.13.1...v10.0.0) Updates `fast-xml-parser` from 5.3.4 to 5.5.9 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/commits) Updates `https-proxy-agent` from 7.0.6 to 8.0.0 - [Release notes](https://github.com/TooTallNate/proxy-agents/releases) - [Changelog](https://github.com/TooTallNate/proxy-agents/blob/main/packages/https-proxy-agent/CHANGELOG.md) - [Commits](https://github.com/TooTallNate/proxy-agents/commits/https-proxy-agent@8.0.0/packages/https-proxy-agent) Updates `packageurl-js` from 1.0.2 to 2.0.1 - [Changelog](https://github.com/package-url/packageurl-js/blob/master/CHANGELOG.md) - [Commits](package-url/packageurl-js@v1.0.2...v2.0.1) Updates `smol-toml` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/squirrelchat/smol-toml/releases) - [Commits](squirrelchat/smol-toml@v1.6.0...v1.6.1) Updates `web-tree-sitter` from 0.26.6 to 0.26.7 - [Release notes](https://github.com/tree-sitter/tree-sitter/releases) - [Commits](https://github.com/tree-sitter/tree-sitter/commits/v0.26.7/lib/binding_web) Updates `@types/node` from 20.19.31 to 25.5.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `chai` from 4.5.0 to 6.2.2 - [Release notes](https://github.com/chaijs/chai/releases) - [Changelog](https://github.com/chaijs/chai/blob/main/History.md) - [Commits](chaijs/chai@v4.5.0...v6.2.2) Updates `eslint` from 8.57.1 to 10.1.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v8.57.1...v10.1.0) Updates `mocha` from 10.8.2 to 11.7.5 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/v11.7.5/CHANGELOG.md) - [Commits](mochajs/mocha@v10.8.2...v11.7.5) Updates `msw` from 2.12.7 to 2.12.14 - [Release notes](https://github.com/mswjs/msw/releases) - [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md) - [Commits](mswjs/msw@v2.12.7...v2.12.14) Updates `sinon` from 15.2.0 to 21.0.3 - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v15.2.0...v21.0.3) Updates `sinon-chai` from 3.7.0 to 4.0.1 - [Release notes](https://github.com/chaijs/sinon-chai/releases) - [Changelog](https://github.com/chaijs/sinon-chai/blob/master/CHANGELOG.md) - [Commits](chaijs/sinon-chai@3.7.0...4.0.1) Updates `typescript` from 5.9.3 to 6.0.2 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.2) Updates `which` from 5.0.0 to 6.0.1 - [Release notes](https://github.com/npm/node-which/releases) - [Changelog](https://github.com/npm/node-which/blob/main/CHANGELOG.md) - [Commits](npm/node-which@v5.0.0...v6.0.1) --- updated-dependencies: - dependency-name: "@cyclonedx/cyclonedx-library" dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: fast-xml-parser dependency-version: 5.5.9 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-dependencies - dependency-name: https-proxy-agent dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: packageurl-js dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: smol-toml dependency-version: 1.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: web-tree-sitter dependency-version: 0.26.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: "@types/node" dependency-version: 25.5.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: chai dependency-version: 6.2.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: eslint dependency-version: 10.1.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: mocha dependency-version: 11.7.5 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: msw dependency-version: 2.12.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-dependencies - dependency-name: sinon dependency-version: 21.0.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: sinon-chai dependency-version: 4.0.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: typescript dependency-version: 6.0.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-dependencies - dependency-name: which dependency-version: 6.0.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-24T13:08:01Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 24, 2026

dependabot bot closed this Mar 24, 2026

dependabot bot deleted the dependabot/npm_and_yarn/npm-dependencies-e13b79d645 branch March 24, 2026 13:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm-dependencies group across 1 directory with 15 updates#426

build(deps): bump the npm-dependencies group across 1 directory with 15 updates#426
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-dependencies-e13b79d645

dependabot bot commented on behalf of github Mar 24, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

10.0.0

BREAKING changes

Removed

10.0.0 -- 2026-03-03

fix entity expansion and incorrect replacement and performance

support onDangerousProperty

update dependecies to fix typings

integrate path-expression-matcher

Separate Builder

Migration

support strictReservedNames

handle non-array input for XML builder && support maxNestedTags

CJS typing fix

What's Changed

New Contributors

https-proxy-agent@8.0.0

Major Changes

Patch Changes

8.0.0

Major Changes

Patch Changes

2.0.1

Bug Fix

2.0.0

1.2.1

Bug Fixes

1.2.0

Features

1.1.1

Bug Fix

1.1.0

Features

v1.6.1

v0.26.7

Notable Changes

What's Changed

v6.2.2

What's Changed

New Contributors

v6.2.1

What's Changed

New Contributors

v10.1.0

Features

Bug Fixes

Documentation

Chores

v10.0.3

Bug Fixes

Documentation

Chores

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

🧹 Chores

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

📚 Documentation

🧹 Chores

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

📚 Documentation

🤖 Automation

Uh oh!

dependabot bot commented on behalf of github Mar 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 24, 2026 •

edited

Loading