chore(deps): bump the dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
@nodesecure/js-x-ray	7.3.0	8.1.0
pacote	18.0.6	21.0.0
semver	7.6.3	7.7.1
@types/semver	7.5.8	7.7.0
@npmcli/arborist	7.5.4	9.0.1
itertools	2.3.2	2.4.1
npm-pick-manifest	9.1.0	10.0.0
cacache	18.0.4	19.0.1
type-fest	4.24.0	4.38.0

Updates @nodesecure/js-x-ray from 7.3.0 to 8.1.0

Release notes

Sourced from @​nodesecure/js-x-ray's releases.

v8.1.0

Full Changelog: NodeSecure/js-x-ray@v8.1.0...v8.1.0

What's Changed

• chore(deps): bump meriyah from 5.0.0 to 6.0.0 in the dependencies group by @​dependabot in NodeSecure/js-x-ray#301
• Update Node.js versions to v20 and v22 by @​fabnguess in NodeSecure/js-x-ray#305
• fix: implement isESMExport probe to consider export stmts as dependencies by @​fraxken in NodeSecure/js-x-ray#307
• Update copyright by @​fabnguess in NodeSecure/js-x-ray#308
• fix(SourceFile): ignore try/finally statements for inTryStatement by @​fraxken in NodeSecure/js-x-ray#313

Full Changelog: NodeSecure/js-x-ray@v8.0.0...v8.1.0

v8.0.0

What's Changed

• chore(deps): bump meriyah from 4.5.0 to 5.0.0 in the dependencies group by @​dependabot in NodeSecure/js-x-ray#285
• chore(deps-dev): bump @​types/node from 20.14.13 to 22.0.0 in the development-dependencies group by @​dependabot in NodeSecure/js-x-ray#286
• fix: type issues in api.d.ts by @​fraxken in NodeSecure/js-x-ray#287
• chore(deps): bump the github-actions group with 5 updates by @​dependabot in NodeSecure/js-x-ray#288
• chore(deps): bump @​typescript-eslint/typescript-estree from 7.18.0 to 8.0.0 in the dependencies group by @​dependabot in NodeSecure/js-x-ray#289
• fix(EntryFilesAnalyser): add missing options and patch some minors issues by @​fraxken in NodeSecure/js-x-ray#291
• refactor: fix deprecation in tests & update eslint by @​fraxken in NodeSecure/js-x-ray#292
• feat(EntryFilesAnalyser): implement digraph-js by @​fraxken in NodeSecure/js-x-ray#293
• feat: trace process.getBuiltinModule by @​fraxken in NodeSecure/js-x-ray#294
• fix(Deobfuscator): return if Node is null in extractCounterIdentifiers by @​fraxken in NodeSecure/js-x-ray#296
• Prepare major 8 by @​fraxken in NodeSecure/js-x-ray#297

Full Changelog: NodeSecure/js-x-ray@v7.3.0...v8.0.0

Commits

• 546033a 8.1.0
• dcb991b fix(SourceFile): ignore try/finally statements for inTryStatement (#313)
• e208aba chore(deps): bump the github-actions group with 5 updates (#311)
• 9479f0b chore(deps-dev): bump @​openally/config.eslint (#310)
• 4dbb67b chore(deps): bump the github-actions group with 5 updates (#309)
• fae3db1 chore: update copyright (#308)
• 6097324 fix: implement isESMExport probe to consider export stmts as dependencies (#307)
• d3052b4 chore: update Node.js versions to v20 and v22 (#305)
• 40249c5 chore(deps): bump the github-actions group with 3 updates (#306)
• d2f1ffb chore(deps): bump the github-actions group with 3 updates (#304)
• Additional commits viewable in compare view

Updates pacote from 18.0.6 to 21.0.0

Release notes

Sourced from pacote's releases.

v21.0.0

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing
• this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

• 844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@​wraithgar)

Dependencies

• 2cb6fa7 #415 [email protected] (#415)
• 47b928c #412 replace node builtin rmSync with rimraf (#412) (@​mbtools)

Chores

• b6f35a2 #402 bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@​dependabot[bot])
• 1ef54ba #408 support tests on win32 (#408) (@​mbtools)
• 555b000 #401 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@​dependabot[bot], @​npm-cli-bot)

v20.0.0

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

• honors ignoreScripts property within options

Bug Fixes

• f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@​reggi)

v19.0.1

19.0.1 (2024-10-15)

Bug Fixes

• cbf94e8 #389 prepare script respects scriptshell config (#389) (@​milaninfy)
• 2b2948f #403 log tarball retrieval from cache (#403) (@​mbtools, @​wraithgar)

Dependencies

• a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@​bdehamer)

v19.0.0

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

• pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 03b31ca #392 align to npm 10 node engine range (@​reggi)

Dependencies

• f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@​dependabot[bot])
• 932b9ab #396 bump @​npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@​dependabot[bot])
• a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@​dependabot[bot])
• c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@​dependabot[bot])
• 6d59022 #399 bump @​npmcli/git from 5.0.8 to 6.0.0 (#399)
• 21ea2d4 #400 bump @​npmcli/run-script from 8.1.0 to 9.0.0 (#400)
• eddbc01 #392 [email protected]
• 6c672e9 #392 [email protected]
• 03ba2a2 #392 [email protected]
• 2710286 #392 [email protected]
• aa0bd4a #392 @npmcli/[email protected]
• df23343 #392 @npmcli/[email protected]

Chores

... (truncated)

Changelog

Sourced from pacote's changelog.

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing
• this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

• 844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@​wraithgar)

Dependencies

• 2cb6fa7 #415 [email protected] (#415)
• 47b928c #412 replace node builtin rmSync with rimraf (#412) (@​mbtools)

Chores

• b6f35a2 #402 bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@​dependabot[bot])
• 1ef54ba #408 support tests on win32 (#408) (@​mbtools)
• 555b000 #401 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@​dependabot[bot], @​npm-cli-bot)

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

• honors ignoreScripts property within options

Bug Fixes

• f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@​reggi)

19.0.1 (2024-10-15)

Bug Fixes

• cbf94e8 #389 prepare script respects scriptshell config (#389) (@​milaninfy)
• 2b2948f #403 log tarball retrieval from cache (#403) (@​mbtools, @​wraithgar)

Dependencies

• a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@​bdehamer)

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

• pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 03b31ca #392 align to npm 10 node engine range (@​reggi)

Dependencies

• f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@​dependabot[bot])
• 932b9ab #396 bump @​npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@​dependabot[bot])
• a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@​dependabot[bot])
• c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@​dependabot[bot])
• 6d59022 #399 bump @​npmcli/git from 5.0.8 to 6.0.0 (#399)
• 21ea2d4 #400 bump @​npmcli/run-script from 8.1.0 to 9.0.0 (#400)
• eddbc01 #392 [email protected]
• 6c672e9 #392 [email protected]
• 03ba2a2 #392 [email protected]
• 2710286 #392 [email protected]
• aa0bd4a #392 @npmcli/[email protected]
• df23343 #392 @npmcli/[email protected]

Chores

• e4ed5cd #392 bump hosted-git-info ^7.0.0 to ^8.0.0 (@​reggi)
• 2871f56 #392 run template-oss-apply (@​reggi)
• 39643f1 #382 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 7e33c82 #383 postinstall for dependabot template-oss PR (@​hashtagchris)

... (truncated)

Commits

• bf1f60f chore: release 21.0.0 (#413)
• 2cb6fa7 deps!: [email protected] (#415)
• b6f35a2 chore: bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402)
• 844dc08 fix!: update node engines to ^20.17.0 || >=22.9.0 (#414)
• 555b000 chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401)
• 47b928c deps: replace node builtin rmSync with rimraf (#412)
• 1ef54ba chore: support tests on win32 (#408)
• d606b58 chore: release 20.0.0 (#410)
• f27af63 fix!: honors ignoreScripts option to prevent prepare lifecycle script
• a854c79 chore: release 19.0.1 (#406)
• Additional commits viewable in compare view

Updates semver from 7.6.3 to 7.7.1

Release notes

Sourced from semver's releases.

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Changelog

Sourced from semver's changelog.

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Commits

• 30c438b chore: release 7.7.1 (#765)
• af761c0 fix(inc): fully capture prerelease identifier (#764)
• 2cfcbb5 chore: release 7.7.0 (#750)
• d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
• 753e02b chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747)
• 8a34bde fix: add identifier validation to inc() (#754)
• 0864b3c feat: add "release" inc type (#753)
• 67e5478 docs(readme): added missing period for consistency (#756)
• 868d4bb docs: clarify comment about obsolete prefixes (#749)
• 145c554 chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0
• Additional commits viewable in compare view

Updates @types/semver from 7.5.8 to 7.7.0

Commits

• See full diff in compare view

Updates @npmcli/arborist from 7.5.4 to 9.0.1

Release notes

Sourced from @​npmcli/arborist's releases.

arborist: v9.0.1

9.0.1 (2025-03-05)

Bug Fixes

• b9225e5 #8089 resolve override conflicts and apply correct versions (#8089) (@​owlstronaut)
• d586f3b #8117 remove duplicate var (#8117) (@​TrevorBurnham)
• 811ca29 #8115 stop working around bug fixed in [email protected] (@​TrevorBurnham)

libnpmpack: v9.0.1

Dependencies

• workspace: @npmcli/[email protected]

config: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• @npmcli/config now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• f846ad3 #7803 align @​npmcli/config to npm 10 node engine range (@​reggi)

Dependencies

• f6909a0 #7803 update [email protected]
• 105fa2b #7803 update [email protected]
• f54b155 #7803 update [email protected]
• 2076368 #7803 update @npmcli/[email protected]
• feac87c #7803 update @npmcli/[email protected]

Chores

• 2072705 #7803 update @npmcli/[email protected] (@​reggi)
• 8035725 #7756 @npmcli/[email protected] (@​wraithgar)

libnpmaccess: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• libnpmaccess now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 73068d6 #7803 align libnpmaccess to npm 10 node engine range (@​reggi)

Dependencies

• d13a20b #7803 update [email protected]
• 50a7bc8 #7803 update [email protected]

Chores

• 2072705 #7803 update @npmcli/[email protected] (@​reggi)
• 8035725 #7756 @npmcli/[email protected] (@​wraithgar)

libnpmexec: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• libnpmexec now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• a2c8016 #7803 align libnpmexec to npm 10 node engine range (@​reggi)

Dependencies

• 99ccae3 #7803 update [email protected]
• 9cd6603 #7803 update [email protected]

... (truncated)

Changelog

Sourced from @​npmcli/arborist's changelog.

9.0.1 (2025-03-05)

Bug Fixes

• b9225e5 #8089 resolve override conflicts and apply correct versions (#8089) (@​owlstronaut)
• d586f3b #8117 remove duplicate var (#8117) (@​TrevorBurnham)
• 811ca29 #8115 stop working around bug fixed in [email protected] (@​TrevorBurnham)

9.0.0 (2024-12-16)

Features

• a7bfc6d #7972 trigger release process (#7972) (@​wraithgar)

Chores

• a07f4e0 #7976 @npmcli/[email protected] (@​wraithgar)

9.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.
• bun.lockb files are now included in the strict ignore list during packing

Features

• f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@​reggi, @​ljharb)

Dependencies

• c0bcc2a #7955 [email protected]
• 4bf1901 #7945 @npmcli/[email protected]
• ca84b22 #7945 [email protected]

9.0.0-pre.0 (2024-11-26)

⚠️ BREAKING CHANGES

• --ignore-scripts now applies to all lifecycle scripts, include prepare
• npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.
• @​npmcli/arborist now supports node ^20.17.0 || >=22.9.0

Features

• 6995303 #7850 adds --ignore-scripts flag to pack (@​reggi)

Bug Fixes

• 080a0f2 #7911 remove old audit fallback request (@​wraithgar)
• 3ffc08b #7831 for @​npmcli/arborist sets node engine range to ^20.17.0 || >=22.9.0 (@​reggi)

Dependencies

• 7dbef6f #7850 [email protected]
• 75a3f12 #7859 remove unused deps (#7859)

Chores

• 6edfe2f #7937 @npmcli/[email protected] (@​wraithgar)

8.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• @npmcli/arborist now supports node ^18.17.0 || >=20.5.0

Features

• 4d57928 #7766 devEngines (#7766) (@​reggi)

Bug Fixes

• 365580a #7803 align @​npmcli/arborist to npm 10 node engine range (@​reggi)

Dependencies

• 5795987 #7803 update [email protected]
• 99ccae3 #7803 update [email protected]
• 75786ad #7803 update @npmcli/[email protected]

... (truncated)

Commits

• ca93f3e chore: release 9.0.1
• de6618e deps: @​npmcli/promise-spawn@​5.0.0 (#5757)
• 3dd8d68 feat: sort and quote yarn lock keys according to yarn rules (#5751)
• bc5ec05 chore: release 9.0.0
• 2929899 chore: release 9.0.0-pre.6
• 88137a3 deps: [email protected]
• e2e7622 chore: update arborist snapshot from hosted-git-info changes
• 5aa0c2d chore: @​npmcli/template-oss@​4.6.2
• 2008ea6 deps: [email protected], [email protected]
• 1afe5ba fix: account for new npm-package-arg behavior
• Additional commits viewable in compare view

Updates itertools from 2.3.2 to 2.4.1

Release notes

Sourced from itertools's releases.

v2.4.1

• Use bundler module resolution setting (recommended setting for libraries that use a bundler)
• Upgrade dev dependencies

v2.4.0

• Add second param index to all predicates. This will make operations like partitioning a list based on the element position as easy as partitioning based on the element value, for example:

  const items = [1, 2, 3, 4, 5, 6, 7, 8, 9];
  const [thirds, rest] = partition(items, (item, index) => index % 3 === 0);
  console.log(thirds); // [1, 4, 7]
  console.log(rest); // [2, 3, 5, 6, 8, 9]

• Officially drop Node 16 support (it may still work)

Changelog

Sourced from itertools's changelog.

[2.4.1] - 2025-02-25

• Use bundler module resolution setting (recommended setting for libraries that use a bundler)
• Upgrade dev dependencies

[2.4.0] - 2025-02-19

• Add second param index to all predicates. This will make operations like partitioning a list based on the element position as easy as partitioning based on the element value, for example:

  const items = [1, 2, 3, 4, 5, 6, 7, 8, 9];
  const [thirds, rest] = partition(items, (item, index) => index % 3 === 0);
  console.log(thirds); // [1, 4, 7]
  console.log(rest); // [2, 3, 5, 6, 8, 9]

• Officially drop Node 16 support (it may still work)

Commits

• c4229e3 Release 2.4.1
• f1dec5c Upgrade dependencies
• 444a7a3 More tsconfig tweaks
• 8f83cab Use bundler module resolution
• a280c0d Update publint
• cb1c0f9 Use recommended TS settings for libraries (#1136)
• 9b596d0 Release 2.4.0
• 1afd944 Upgrade more dependencies
• 1f6756c Upgrade attw and publint
• 6fcb3e4 Upgrade Vitest to v3 (#1135)
• Additional commits viewable in compare view

Updates npm-pick-manifest from 9.1.0 to 10.0.0

Release notes

Sourced from npm-pick-manifest's releases.

v10.0.0

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

• npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• dd83a53 #145 align to npm 10 node engine range (@​reggi)

Dependencies

• 6b4df8d #145 [email protected]
• c2ae5b7 #145 [email protected]
• e948cef #145 [email protected]

Chores

• 2e1fdb4 #145 run template-oss-apply (@​reggi)
• 7891f6b #140 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• ae2ffc5 #138 postinstall for dependabot template-oss PR (@​hashtagchris)
• 7744312 #138 bump @​npmcli/template-oss from 4.22.0 to 4.23.3 (@​dependabot[bot])

Changelog

Sourced from npm-pick-manifest's changelog.

10.0.0 (2024-09-26)

⚠️ BREAKING CHANGES

• npm-pick-manifest now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• dd83a53 #145 align to npm 10 node engine range (@​reggi)

Dependencies