build(deps): bump the patches group across 1 directory with 14 updates by dependabot[bot] · Pull Request #12700 · Agoric/agoric-sdk

dependabot · 2026-06-03T10:47:24Z

Bumps the patches group with 14 updates in the / directory:

Package	From	To
execa	`9.6.0`	`9.6.1`
prettier	`3.8.1`	`3.8.3`
prettier-plugin-jsdoc	`1.8.0`	`1.8.1`
prettier-plugin-sh	`0.18.0`	`0.18.1`
@endo/init	`1.1.12`	`1.1.13`
tmp	`0.2.3`	`0.2.7`
@endo/lockdown	`1.0.18`	`1.0.19`
@opentelemetry/api	`1.9.0`	`1.9.1`
tinyspy	`4.0.3`	`4.0.4`
tsup	`8.5.0`	`8.5.1`
source-map	`0.7.4`	`0.7.6`
@google-cloud/secret-manager	`6.1.0`	`6.1.3`
chain-registry	`2.0.44`	`2.0.213`
nodemon	`3.1.10`	`3.1.14`

Updates execa from 9.6.0 to 9.6.1

Release notes

Sourced from execa's releases.

v9.6.1

Fix VerboseOption type not being properly exported (#1215) 7891c39

sindresorhus/execa@v9.6.0...v9.6.1

Commits

84e1f36 9.6.1
7891c39 Fix VerboseOption type not being properly exported (#1215)
103095f Meta tweaks
23ec6f0 Fix CI tests related to .kill(0) (#1212)
9a2cb79 Meta tweaks
e7cafeb [docs] TTY control is lost only on the FD that uses mixed inherit. (#1209)
5587ae1 Fix CI tests (#1207)
3e8fa32 [docs] A process is not a TTY usually, just connected to one. (#1208)
c468672 [docs] Transforms: Summary: Fix example command and output. (#1206)
See full diff in compare view

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @kovsu)

🔗 Changelog

3.8.2

Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in `if()` function (#18471 by `@kovsu`)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by `@fisker`)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@switch (foo) {
@case (1) {}
@default never;
}

arrow function and instanceof expressions.

</tr></table>

... (truncated)

Commits

d7108a7 Release 3.8.3
177f908 Prevent trailing comma in SCSS if() function (#18471)
1cd4066 Release @prettier/plugin-oxc@0.1.4
a8700e2 Update oxc-parser to v0.125.0
752157c Fix tests
053fd41 Bump Prettier dependency to 3.8.2
904c636 Clean changelog_unreleased
dc1f7fc Update dependents count
b31557c Release 3.8.2
96bbaed Support Angular v21.2 (#18722)
Additional commits viewable in compare view

Updates prettier-plugin-jsdoc from 1.8.0 to 1.8.1

Changelog

Sourced from prettier-plugin-jsdoc's changelog.

1.8.1 (2026-05-26)

Bug Fixes

handle parser re-entry from chaining plugins (#262) (a8b84fe), closes #254

improve plugin search logic to prevent infinite recursion (#255) (7699758)

respecting quote style in type imports (#257) (c930e0d)

Commits

See full diff in compare view

Updates prettier-plugin-sh from 0.18.0 to 0.18.1

Release notes

Sourced from prettier-plugin-sh's releases.

prettier-plugin-sh@0.18.1

Patch Changes

#507 52a4625 Thanks @reteps! - chore: bump @reteps/dockerfmt to v0.5.1

Commits

8c819f4 chore: release package(s)
52a4625 chore: bump @reteps/dockerfmt to v0.5.1
f5e0bb6 chore: release package(s)
081806b chore(deps): update dependency serialize-javascript to v7.0.5 [security] (#504)
9e065b9 fix(prettier-plugin-pkg): group default lifecycle script hooks together (#503)
d759b19 ci: enable OIDC trusted publishing
6d198f4 chore: release package(s) (#501)
6fd2656 chore(deps): update dependency serialize-javascript to v7 [security] (#499)
2059ba0 feat(prettier-plugin-sql): add support for clickhouse sql formatting (#496)
041b9e5 feat(prettier-plugin-pkg): Sort pre/post scripts around the base script (...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for prettier-plugin-sh since your current version.

Updates @endo/init from 1.1.12 to 1.1.13

Release notes

Sourced from @endo/init's releases.

@endo/init@1.1.13

Patch Changes

#3085 b8b52ce Thanks @copilot-swe-agent! - Move async_hooks patch to dedicated entrypoint for Node.js 24 compatibility

The async_hooks patch was originally added in #1115 to address debugger issues (#1105) for local debugging of Node.js processes in lockdown mode. However, the patch is breaking in Node.js 24, and it's unclear whether it's still necessary in Node.js 20+.

To maintain backward compatibility while fixing the Node.js 24 breakage, the patch has been moved from the default import path to a new dedicated entrypoint @endo/init/debug-async-hooks.js. This allows users who need the async_hooks patch for debugging in older Node.js versions to opt-in explicitly, while preventing breakage for users on Node.js 24+.

If you were relying on the async_hooks patch, import @endo/init/debug-async-hooks.js instead of @endo/init/debug.js. Note that this entrypoint may not work correctly in Node.js 24+.

Updated dependencies [029dcc4, d83b1ab]:

@endo/harden@1.1.0

@endo/eventual-send@1.4.0

@endo/promise-kit@1.2.0

Changelog

Sourced from @endo/init's changelog.

1.1.13

Patch Changes

#3085 b8b52ce Thanks @copilot-swe-agent! - Move async_hooks patch to dedicated entrypoint for Node.js 24 compatibility

The async_hooks patch was originally added in #1115 to address debugger issues (#1105) for local debugging of Node.js processes in lockdown mode. However, the patch is breaking in Node.js 24, and it's unclear whether it's still necessary in Node.js 20+.

To maintain backward compatibility while fixing the Node.js 24 breakage, the patch has been moved from the default import path to a new dedicated entrypoint @endo/init/debug-async-hooks.js. This allows users who need the async_hooks patch for debugging in older Node.js versions to opt-in explicitly, while preventing breakage for users on Node.js 24+.

If you were relying on the async_hooks patch, import @endo/init/debug-async-hooks.js instead of @endo/init/debug.js. Note that this entrypoint may not work correctly in Node.js 24+.

Updated dependencies [029dcc4, d83b1ab]:

@endo/harden@1.1.0

@endo/eventual-send@1.4.0

@endo/promise-kit@1.2.0

Commits

88d9223 Version Packages
8acfaab fix(init): Eliminate sensitivity to isExtensible which lies under unsafe hard...
dff151b test(compartment-mapper,init): Move init bundling test up the dependency DAG
e56bf00 feat: Adopt @endo/harden
b8b52ce refactor: async_hooks patch to opt-in entrypoint, remove from default load pa...
9942e52 chore: consolidate & reformat CHANGELOG.md/NEWS.md files
dd24b13 docs: Increase docs.endojs.org coverage (#3016)
341b952 chore: Fix linting deps uniformly
603769a refactor: Rename to dev catalog, remove superfluous prettier eslint-babel
333b2f7 chore: Yarn catalog to ease consistent versions (#2966)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by boneskull, a new releaser for @endo/init since your current version.

Updates tmp from 0.2.3 to 0.2.7

Commits

8ea1f37 Bump up the version
8f24f78 Merge commit from fork
ce787f3 Reject non-string prefix, postfix, template
41f7159 Bump up the version
efa4a06 Merge commit from fork
7ef2728 Check for relative values
3d2fe38 Bump up the version
e162828 Merge pull request #309 from fflorent/fix-tmp-dir-with-dir
b847d2f Fix use of tmp.dir() with dir option
08fa3ab Update version
Additional commits viewable in compare view

Updates @endo/lockdown from 1.0.18 to 1.0.19

Release notes

Sourced from @endo/lockdown's releases.

@endo/lockdown@1.0.19

Patch Changes

Updated dependencies [e619205, a675d8e]:

ses@2.0.0

Changelog

Sourced from @endo/lockdown's changelog.

1.0.19

Patch Changes

Updated dependencies [e619205, a675d8e]:

ses@2.0.0

Commits

17f2ad1 Version Packages
fdf7d49 style: format typedoc.json
81f74ed build: stop deleting workspace links in postpack
9942e52 chore: consolidate & reformat CHANGELOG.md/NEWS.md files
dd24b13 docs: Increase docs.endojs.org coverage (#3016)
341b952 chore: Fix linting deps uniformly
See full diff in compare view

Maintainer changes

This version was pushed to npm by turadga, a new releaser for @endo/lockdown since your current version.

Updates @opentelemetry/api from 1.9.0 to 1.9.1

Release notes

Sourced from @opentelemetry/api's releases.

api/v1.9.1

1.9.1

🐛 (Bug Fix)

fix(api): prioritize esnext export condition as it is more specific #5458

fix(api): update diag consoleLogger to use original console methods to prevent infinite loop when a console instrumentation is present #6395

fix(api): use Attributes instead of deprecated SpanAttributes in SpanOptions #6478 @overbalance

fix(diag): change types in DiagComponentLogger from any to unknown#5478 @loganrosen

fix(api): re-introduce fallback chain for global utils #6523 @pichlermarc

🏠 (Internal)

refactor(api): refactor to avoid circular deps by merging observable types into Metric.ts #6441 @pichlermarc

refactor(api): remove "export *" in favor of explicit named exports #4880 @robbkidd

chore: enable tsconfig isolatedModules #5697 @legendecas

chore: disallow constructor parameter property syntax #6187 @legendecas

refactor(api): remove platform-specific globalThis, use globalThis directly #6208 @overbalance

chore(api): mark ProxyTracerProvider as deprecated #6328 @cjihrig

chore: enforce import type for type-only imports via ESLint #6467 @overbalance

perf(api): improve isValidSpanId, isValidTraceId performance #5714 @seemk

Changelog

Sourced from @opentelemetry/api's changelog.

1.9.1

🐛 (Bug Fix)

fix: avoid grpc types dependency #3551 @flarna

fix(otlp-proto-exporter-base): Match Accept header with Content-Type in the proto exporter #3562 @scheler

fix: include tracestate in export #3569 @flarna

🏠 (Internal)

chore: fix cross project links and missing implicitly exported types #3533 @legendecas

feat(sdk-metrics): add exponential histogram mapping functions #3504 @mwear

Commits

279458e Release 1.9.1 / 0.35.1 (#3573)
4978743 fix(http): remove outgoing headers normalization (#3557)
d1f9594 chore(deps): update dependency rimraf to v4 (#3532)
e0abcc0 fix: remove JSON syntax error and regenerate tsconfig files (#3566)
a90c558 fix(sdk-node): register instrumentations early (#3502)
5b070b8 fix: include TraceState in trace exports (#3569)
dcb09b7 chore(deps): update dependency gh-pages to v5 (#3571)
3bc93a9 feat: exponential histogram - part 1 - mapping functions (#3504)
3670071 fix: avoid grpc types dependency (#3551)
b5ef0e4 chore: fix proto generation (#3567)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @opentelemetry/api since your current version.

Updates tinyspy from 4.0.3 to 4.0.4

Release notes

Sourced from tinyspy's releases.

v4.0.4

No significant changes

View changes on GitHub

Commits

1068d5b chore: release v4.0.4
7610a52 fix: add permissions
82deb48 build: fix environment name
3b81bb6 chore: release v4.0.4
eccec64 build: add publish workflow
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tinyspy since your current version.

Updates tsup from 8.5.0 to 8.5.1

Release notes

Sourced from tsup's releases.

v8.5.1

🐞 Bug Fixes

Add script tag validation - by @benhoad in egoist/tsup#1314 (df736)

Update esbuild to fix sourcemap source issue - by @ArcherGu and @sxzz in egoist/tsup#1316 (fb8ae)

View changes on GitHub

Commits

1ecb6a5 chore: release v8.5.1
e92ba64 chore: upgrade esbuild
fb8ae7d fix: update esbuild to fix sourcemap source issue (#1316)
db7cfaa chore: upgrade pnpm
df7360b fix: add script tag validation (#1314)
65e8547 chore: bump source-map to 0.7.6 (#1358)
f127e57 ci: switch to trusted publisher
8b6907d chore: add maintenance info in README (#1332)
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsup since your current version.

Updates source-map from 0.7.4 to 0.7.6

Release notes

Sourced from source-map's releases.

0.7.6

Full Changelog: mozilla/source-map@0.7.5...0.7.6

0.7.5

What's Changed

Pass through the implementation of more index map operations. by @loganfsmyth in mozilla/source-map#364

Remove the bundled dist/ directory? by @loganfsmyth in mozilla/source-map#362

Split up wasm loading based on compilation target. by @loganfsmyth in mozilla/source-map#363

Use WHATWG's URL to implement all of source-map's URL operations. by @loganfsmyth in mozilla/source-map#371

Fix typo by @GianlucaGuarini in mozilla/source-map#378

Add Mozilla Code of Conduct in mozilla/source-map#384

Remove unused fromVLQSigned function by @jridgewell in mozilla/source-map#402

Add lastGeneratedColumn to typing for MappingItem by @samccone in mozilla/source-map#374

addMapping(): ensure that originalLine and originalColumn are null when original argument was undefined/null by @GerHobbelt in mozilla/source-map#395

fix crash in url util function due to undefined root value by @GerHobbelt in mozilla/source-map#394

minor binary-search code/comment fixes by @GerHobbelt in mozilla/source-map#393

use Travis CI svg badge by @fscherwi in mozilla/source-map#407

add prettier task for standardized code formatting => easier cross-branch/fork code comparison and merging by @GerHobbelt in mozilla/source-map#397

Syntax highlight README HTML sample by @brettz9 in mozilla/source-map#415

Add function to SourceMapConsumer TS interface by @andersonvom in mozilla/source-map#439

Include types file extension in package.json by @amcasey in mozilla/source-map#448

Require Node.js 12 or later & switch CI to GitHub Actions by @eemeli in mozilla/source-map#464

Skip updating coveralls.io coverage by @eemeli in mozilla/source-map#466

Update WASM binary and Land WASM rust sources in this repository by @ochameau in mozilla/source-map#465

Update ESLint & Prettier to latest by @eemeli in mozilla/source-map#463

Adopt & enforce the mozilla-central Prettier config by @eemeli in mozilla/source-map#467

Simplify coverage tooling by @eemeli in mozilla/source-map#468

Update to doctoc v2 & simplify call pattern by @eemeli in mozilla/source-map#469

Filter out unnecessary rust tasks by @eemeli in mozilla/source-map#470

Improve coverage by @eemeli in mozilla/source-map#471

Include package-lock.json in repo by @eemeli in mozilla/source-map#472

fix: convert result of allocate_mappings from signed to unsigned by @nornagon in mozilla/source-map#473

Add support for the sourcemaps ignorelist by @bomsy in mozilla/source-map#481

Remove .DS_Store by @ledenis in mozilla/source-map#485

Fix reference to LICENSE file by @AyanSinhaMahapatra in mozilla/source-map#488

Fix an off-by-1 error in section lookup by @takikawa in mozilla/source-map#507

Add source map spec tests by @takikawa in mozilla/source-map#505

Remove whatwg-url module by @nchevobbe in mozilla/source-map#517

New Contributors

@GianlucaGuarini made their first contribution in mozilla/source-map#378

@jridgewell made their first contribution in mozilla/source-map#402

@GerHobbelt made their first contribution in mozilla/source-map#395

@fscherwi made their first contribution in mozilla/source-map#407

@brettz9 made their first contribution in mozilla/source-map#415

@andersonvom made their first contribution in mozilla/source-map#439

@amcasey made their first contribution in mozilla/source-map#448

@eemeli made their first contribution in mozilla/source-map#464

@nornagon made their first contribution in mozilla/source-map#473

@bomsy made their first contribution in mozilla/source-map#481

... (truncated)

Changelog

Sourced from source-map's changelog.

0.7.6

Bump package to 0.7.6 and remove publishConfig property in package.json (801be934007c3ed0ef66c620641b1668e92c891d)

0.7.5

#364 - Pass through the implementation of more index map operations.

#362 - Remove the bundled dist/ directory?

#363 - Split up wasm loading based on compilation target.

#371 - Use WHATWG's URL to implement all of source-map's URL operations.

#378 - Fix typo

#384 - Add Mozilla Code of Conduct in

#402 - Remove unused fromVLQSigned function

#374 - Add lastGeneratedColumn to typing for MappingItem

#395 - addMapping(): ensure that originalLine and originalColumn are null when original argument was undefined/null

#394 - fix crash in url util function due to undefined root value

#393 - minor binary-search code/comment fixes

#407 - use Travis CI svg badge

#397 - add prettier task for standardized code formatting => easier cross-branch/fork code comparison and merging

#415 - Syntax highlight README HTML sample

#439 - Add function to SourceMapConsumer TS interface

#448 - Include types file extension in package.json

#464 - Require Node.js 12 or later & switch CI to GitHub Actions

#466 - Skip updating coveralls.io coverage

#465 - Update WASM binary and Land WASM rust sources in this repository

#463 - Update ESLint & Prettier to latest

#467 - Adopt & enforce the mozilla-central Prettier config

#468 - Simplify coverage tooling

... (truncated)

Commits

801be93 Bump package to 0.7.6 and remove publishConfig
f459a64 Bump package version to 0.7.5
13e54a3 Merge pull request #517 from mozilla/rm-whatwg-url
e034115 run prettier
66d3424 Remove whatwg-url module
3cb92cc Merge pull request #505 from takikawa/add-spec-tests
d243a04 Update test/test-spec-tests.js
64050e6 Updates to satisfy linter
8afce96 Address PR feedback
3a33cd7 Update skipped tests for ignoreList tests
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nchevobbe, a new releaser for source-map since your current version.

Updates @google-cloud/secret-manager from 6.1.0 to 6.1.3

Release notes

Sourced from @google-cloud/secret-manager's releases.

secret-manager: v6.1.3

6.1.3 (2026-06-01)

Bug Fixes

deps: Remove vulnerable dependency uuid (#8120) (3ec901e)

service-directory: v6.1.3

6.1.3 (2026-06-01)

Bug Fixes

deps: Remove vulnerable dependency uuid (#8120) (3ec901e)

Changelog

Sourced from @google-cloud/secret-manager's changelog.

6.1.3 (2026-06-01)

Bug Fixes

deps: Remove vulnerable dependency uuid (#8120) (3ec901e)

6.1.2 (2026-05-01)

Bug Fixes

Change the copyright year for files in the packages folder (#8109) (c1a03fe)

Do not publish the protos to npm (#8079) (816216b)

Revert "fix: Do not publish the protos to npm" (#8096) (ac0fbb6)

6.1.1 (2025-10-13)

Bug Fixes

[gkeconnect-gateway] remove unused GatewayServiceClient (#6775) (41c2ff2)

Remove unmaintained modules (#6789) (5540190)

Commits

2b23ba2 chore: release main (#8367)
3ec901e fix(deps): remove vulnerable dependency uuid (#8120)
ea7ec63 chore: [Many APIs] update generator version to newest release v4.11.14 (#8276)
4aa32f5 chore: consolidate eslint rules (#8155)
4572246 chore: release main (#8148)
59f445d fix: sync legacy 0.1.0 snippet metadata versions across monorepo (#8144)
c1a03fe fix: change the copyright year for files in the packages folder (#8109)
a47507c chore: consolidate prettierignore and prettierrc files: autogen (#8082)
ac0fbb6 fix: Revert "fix: Do not publish the protos to npm" (#8096)
816216b fix: Do not publish the protos to npm (#8079)
Additional commits viewable in compare view

Updates chain-registry from 2.0.44 to 2.0.213

Commits

9a05c02 chore(release): publish
12d576f build 🛠 build-20260606-031546
1bab273 chore(release): publish
484e468 build 🛠 build-20260606-014641
7f305d4 chore(release): publish
0b1f64a build 🛠 build-20260605-031910
7c8af0a chore(release): publish
d4759c4 build 🛠 build-20260605-015119
cbb023a chore(release): publish
e8b4a2c build 🛠 build-20260604-031954
Additional commits viewable in compare view

Updates nodemon from 3.1.10 to 3.1.14

Release notes

Sourced from nodemon's releases.

v3.1.14

3.1.14 (2026-02-20)

Bug Fixes

get watch working on windows (cfebe2f), closes #2270

v3.1.13

3.1.13 (2026-02-19)

Bug Fixes

TypeScript definition for 'restart' args (5c03715), closes #2265

v3.1.12

3.1.12 (2026-02-19)

Bug Fixes

bump minimatch (9376af3), closes #2267

v3.1.11

3.1.11 (2025-11-11)

Bug Fixes

script.start with missing file (8d927f1), closes #2258

Commits

cfebe2f fix: get watch working on windows
f34bfa9 chore: fix release to run after tests
5c03715 fix: TypeScript definition for 'restart' args
28de4b7 chore: semver-release wanted 22-24 🤦
6217164 chore: move release workflow to node 20
2c458de chore: bump semver-release + update workflow
9376af3 fix: bump minimatch

socket-security · 2026-06-03T10:49:15Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		License policy violation: npm `@chain-registry/types` under SEE LICENSE IN LICENSE License: SEE LICENSE IN LICENSE - This license classifier is not allowed by the applicable policy (package/package.json) From: `?` → `npm/@chain-registry/client@1.47.4` → `npm/@chain-registry/types@0.50.194` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@chain-registry/types@0.50.194`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm `@chain-registry/utils` under SEE LICENSE IN LICENSE License: SEE LICENSE IN LICENSE - This license classifier is not allowed by the applicable policy (package/package.json) From: `?` → `npm/@chain-registry/client@1.47.4` → `npm/@chain-registry/utils@1.51.194` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@chain-registry/utils@1.51.194`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm `typescript` under CC-BY-4.0 License: CC-BY-4.0 - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) License: MIT-Khronos-old - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) From: `?` → `npm/@endo/bundle-source@4.1.2` → `npm/typescript@5.7.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/typescript@5.7.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm `typescript` under CC-BY-4.0 License: CC-BY-4.0 - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) License: MIT-Khronos-old - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) From: `?` → `npm/@endo/eslint-plugin@2.4.0` → `npm/typescript@5.8.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/typescript@5.8.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Bumps the patches group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [execa](https://github.com/sindresorhus/execa) | `9.6.0` | `9.6.1` | | [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` | | [prettier-plugin-jsdoc](https://github.com/hosseinmd/prettier-plugin-jsdoc) | `1.8.0` | `1.8.1` | | [prettier-plugin-sh](https://github.com/un-ts/prettier) | `0.18.0` | `0.18.1` | | [@endo/init](https://github.com/endojs/endo/tree/HEAD/packages/init) | `1.1.12` | `1.1.13` | | [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.7` | | [@endo/lockdown](https://github.com/endojs/endo/tree/HEAD/packages/lockdown) | `1.0.18` | `1.0.19` | | [@opentelemetry/api](https://github.com/open-telemetry/opentelemetry-js) | `1.9.0` | `1.9.1` | | [tinyspy](https://github.com/tinylibs/tinyspy) | `4.0.3` | `4.0.4` | | [tsup](https://github.com/egoist/tsup) | `8.5.0` | `8.5.1` | | [source-map](https://github.com/mozilla/source-map) | `0.7.4` | `0.7.6` | | [@google-cloud/secret-manager](https://github.com/googleapis/google-cloud-node/tree/HEAD/packages/google-cloud-secretmanager) | `6.1.0` | `6.1.3` | | [chain-registry](https://github.com/hyperweb-io/chain-registry) | `2.0.44` | `2.0.213` | | [nodemon](https://github.com/remy/nodemon) | `3.1.10` | `3.1.14` | Updates `execa` from 9.6.0 to 9.6.1 - [Release notes](https://github.com/sindresorhus/execa/releases) - [Commits](sindresorhus/execa@v9.6.0...v9.6.1) Updates `prettier` from 3.8.1 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.1...3.8.3) Updates `prettier-plugin-jsdoc` from 1.8.0 to 1.8.1 - [Release notes](https://github.com/hosseinmd/prettier-plugin-jsdoc/releases) - [Changelog](https://github.com/fardad-dev/prettier-plugin-jsdoc/blob/master/CHANGELOG.md) - [Commits](https://github.com/hosseinmd/prettier-plugin-jsdoc/commits) Updates `prettier-plugin-sh` from 0.18.0 to 0.18.1 - [Release notes](https://github.com/un-ts/prettier/releases) - [Changelog](https://github.com/un-ts/prettier/blob/master/CHANGELOG.md) - [Commits](https://github.com/un-ts/prettier/compare/prettier-plugin-sh@0.18.0...prettier-plugin-sh@0.18.1) Updates `@endo/init` from 1.1.12 to 1.1.13 - [Release notes](https://github.com/endojs/endo/releases) - [Changelog](https://github.com/endojs/endo/blob/master/packages/init/CHANGELOG.md) - [Commits](https://github.com/endojs/endo/commits/@endo/init@1.1.13/packages/init) Updates `tmp` from 0.2.3 to 0.2.7 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.3...v0.2.7) Updates `@endo/lockdown` from 1.0.18 to 1.0.19 - [Release notes](https://github.com/endojs/endo/releases) - [Changelog](https://github.com/endojs/endo/blob/master/packages/lockdown/CHANGELOG.md) - [Commits](https://github.com/endojs/endo/commits/@endo/lockdown@1.0.19/packages/lockdown) Updates `@opentelemetry/api` from 1.9.0 to 1.9.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-js@v1.9.0...v1.9.1) Updates `tinyspy` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/tinylibs/tinyspy/releases) - [Commits](tinylibs/tinyspy@v4.0.3...v4.0.4) Updates `tsup` from 8.5.0 to 8.5.1 - [Release notes](https://github.com/egoist/tsup/releases) - [Commits](egoist/tsup@v8.5.0...v8.5.1) Updates `source-map` from 0.7.4 to 0.7.6 - [Release notes](https://github.com/mozilla/source-map/releases) - [Changelog](https://github.com/mozilla/source-map/blob/master/CHANGELOG.md) - [Commits](mozilla/source-map@v0.7.4...0.7.6) Updates `@google-cloud/secret-manager` from 6.1.0 to 6.1.3 - [Release notes](https://github.com/googleapis/google-cloud-node/releases) - [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-secretmanager/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-cloud-node/commits/secret-manager-v6.1.3/packages/google-cloud-secretmanager) Updates `chain-registry` from 2.0.44 to 2.0.213 - [Commits](https://github.com/hyperweb-io/chain-registry/compare/chain-registry@2.0.44...chain-registry@2.0.213) Updates `nodemon` from 3.1.10 to 3.1.14 - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](remy/nodemon@v3.1.10...v3.1.14) --- updated-dependencies: - dependency-name: "@endo/init" dependency-version: 1.1.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: "@endo/lockdown" dependency-version: 1.0.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: "@google-cloud/secret-manager" dependency-version: 6.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: "@opentelemetry/api" dependency-version: 1.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: chain-registry dependency-version: 2.0.210 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: execa dependency-version: 9.6.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patches - dependency-name: nodemon dependency-version: 3.1.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patches - dependency-name: prettier dependency-version: 3.8.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patches - dependency-name: prettier-plugin-jsdoc dependency-version: 1.8.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patches - dependency-name: prettier-plugin-sh dependency-version: 0.18.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patches - dependency-name: source-map dependency-version: 0.7.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patches - dependency-name: tinyspy dependency-version: 4.0.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patches - dependency-name: tmp dependency-version: 0.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patches - dependency-name: tsup dependency-version: 8.5.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patches ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 3, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/patches-771e8c006d branch from beaef18 to 92d5f9f Compare June 8, 2026 22:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the patches group across 1 directory with 14 updates#12700

build(deps): bump the patches group across 1 directory with 14 updates#12700
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/patches-771e8c006d

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Jun 3, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v9.6.1

3.8.3

3.8.2

3.8.3

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

3.8.2

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

1.8.1 (2026-05-26)

Bug Fixes

prettier-plugin-sh@0.18.1

Patch Changes

@​endo/init@​1.1.13

Patch Changes

1.1.13

Patch Changes

@​endo/lockdown@​1.0.19

Patch Changes

1.0.19

Patch Changes

api/v1.9.1

1.9.1

🐛 (Bug Fix)

🏠 (Internal)

1.9.1

🐛 (Bug Fix)

🏠 (Internal)

v4.0.4

View changes on GitHub

v8.5.1

🐞 Bug Fixes

View changes on GitHub

0.7.6

0.7.5

What's Changed

New Contributors

0.7.6

0.7.5

secret-manager: v6.1.3

6.1.3 (2026-06-01)

Bug Fixes

service-directory: v6.1.3

6.1.3 (2026-06-01)

Bug Fixes

6.1.3 (2026-06-01)

Bug Fixes

6.1.2 (2026-05-01)

Bug Fixes

6.1.1 (2025-10-13)

Bug Fixes

v3.1.14

3.1.14 (2026-02-20)

Bug Fixes

v3.1.13

3.1.13 (2026-02-19)

Bug Fixes

v3.1.12

3.1.12 (2026-02-19)

Bug Fixes

v3.1.11

3.1.11 (2025-11-11)

Bug Fixes

Uh oh!

socket-security Bot commented Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading

SCSS: Prevent trailing comma in `if()` function (#18471 by `@kovsu`)

Angular: Support Angular v21.2 (#18722, #19034 by `@fisker`)

`@endo/init@1`.1.13

`@endo/lockdown@1`.0.19

socket-security Bot commented Jun 3, 2026 •

edited

Loading