Bump the npm_and_yarn group across 2 directories with 7 updates by dependabot[bot] · Pull Request #250 · khulnasoft/openapi-parser

dependabot · 2026-02-20T07:22:32Z

Bumps the npm_and_yarn group with 2 updates in the / directory: lodash and tmp.
Bumps the npm_and_yarn group with 1 update in the /packages/openapi-parser directory: glob.

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates glob from 11.0.1 to 11.1.0

Changelog

Sourced from glob's changelog.

changeglob

13

Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)

Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.

Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

Drop support for node before v20

10.4

Add includeChildMatches: false option

Export the Ignore class

10.3

Add --default -p flag to provide a default pattern

exclude symbolic links to directories when follow and nodir are both set

10.2

Add glob cli

10.1

Return '.' instead of the empty string '' when the current working directory is returned as a match.

Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

2b03cca 12.0.0
d56203d prettier config
bb521e5 Remove --shell option where unsafe to use
2551fb5 11.1.0
47473c0 bin: Do not expose filenames to shell expansion
bc33fe1 skip tilde test on systems that lack tilde expansion
59bf9ca fix notes
dde4fa6 docs(README): add #anchor and improve notes
0559b0e docs: add better links to path-scurry docs
c9773c2 fix: correct typos in README.md
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @babel/runtime from 7.26.9 to 7.26.10

Release notes

Sourced from @babel/runtime's releases.

v7.26.10 (2025-03-11)

Thanks @jordan-choi and @mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

babel-parser

#17159 Disallow decorator in array pattern (@JLHwung)

🐛 Bug Fix

babel-parser, babel-template

#17164 Fix: always initialize ExportDeclaration attributes (@JLHwung)

babel-core

#17142 fix: "Map maximum size exceeded" in deepClone (@liuxingbaoyu)

babel-parser, babel-plugin-transform-typescript

#17154 Update typescript parser tests (@JLHwung)

babel-traverse

#17151 fix: Should not evaluate vars in child scope (@liuxingbaoyu)

babel-generator

#17153 fix: Correctly generate abstract override (@liuxingbaoyu)

babel-parser

#17107 Fix source type detection when parsing TypeScript (@JLHwung)

babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

#17173 Fix processing of replacement pattern with named capture groups (@mmmsssttt404)

💅 Polish

babel-standalone

#17158 Avoid warnings when re-bundling @babel/standalone with webpack (@liuxingbaoyu)

🏠 Internal

babel-parser

#17160 Left-value parsing cleanup (@JLHwung)

Committers: 6

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Yunyoung Jordan Choi (@jordan-choi)

@liuxingbaoyu

@mmmsssttt404

Commits

e1ce99d v7.26.10
d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
See full diff in compare view

Updates brace-expansion from 1.1.11 to 2.0.1

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

b9c0e57 2.0.1
4d96d7d switch to fork of matcha that works on node>12
bc482fb Ignore only blocks that begins with $ (#49)
7b31e5c Adds travis jobs on ppc64le (#48)
0b6a022 2.0.0
63c58b8 Remove concat-map dependency (#47)
25e9042 Update travis to supported node.js versions (#46)
da3fa44 Remove useless identity function (#44)
ffa773c add patreon to FUNDING.yml
4ed5a8d docs: add SECURITY
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Removes tmp

Updates glob from 10.3.10 to 12.0.0

Changelog

Sourced from glob's changelog.

changeglob

13

Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)

Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.

Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

Drop support for node before v20

10.4

Add includeChildMatches: false option

Export the Ignore class

10.3

Add --default -p flag to provide a default pattern

exclude symbolic links to directories when follow and nodir are both set

10.2

Add glob cli

10.1

Return '.' instead of the empty string '' when the current working directory is returned as a match.

Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

2b03cca 12.0.0
d56203d prettier config
bb521e5 Remove --shell option where unsafe to use
2551fb5 11.1.0
47473c0 bin: Do not expose filenames to shell expansion
bc33fe1 skip tilde test on systems that lack tilde expansion
59bf9ca fix notes
dde4fa6 docs(README): add #anchor and improve notes
0559b0e docs: add better links to path-scurry docs
c9773c2 fix: correct typos in README.md
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 2 updates in the / directory: [lodash](https://github.com/lodash/lodash) and [tmp](https://github.com/raszi/node-tmp). Bumps the npm_and_yarn group with 1 update in the /packages/openapi-parser directory: [glob](https://github.com/isaacs/node-glob). Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `glob` from 11.0.1 to 11.1.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.3.10...v12.0.0) Updates `@babel/runtime` from 7.26.9 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) Updates `brace-expansion` from 1.1.11 to 2.0.1 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v2.0.1) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Removes `tmp` Updates `glob` from 10.3.10 to 12.0.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.3.10...v12.0.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 11.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.26.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 2.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 12.0.0 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Bump the npm_and_yarn group across 2 directories with 7 updates#250

Bump the npm_and_yarn group across 2 directories with 7 updates#250
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-e45a3b524c

dependabot bot commented on behalf of github Feb 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 20, 2026

v8.18.0

What's Changed

New Contributors

[4.1.1] - 2025-11-12

Security

changeglob

13

12

11.1

11.0

10.4

10.3

10.2

10.1

v7.26.10 (2025-03-11)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

Committers: 6

v1.1.12

changeglob

13

12

11.1

11.0

10.4

10.3

10.2

10.1

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants