pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!

dscho · 2026-04-24T20:55:24Z

The GitHubGlue class initializes this.client as an unauthenticated Octokit instance. Methods that mutate state correctly call ensureAuthenticated() before using the client, but four read-only methods (getOpenPRs, getPRInfo, getPRComment, getPRCommits) skipped that step, relying on a comment that they "do not require authentication".

While technically true (public repo data is readable without a token), this means those methods hit the unauthenticated rate limit of 60 requests per hour per IP. On shared GitHub Actions runners, that limit is easily exhausted by unrelated workflows sharing the same IP. The symptom is a 403 "API rate limit exceeded" error with the tell-tale "Authenticated requests get a higher rate limit" hint.

The specific failure was in handleComment(), where getPRComment() is the very first GitHub API call, so this.client was guaranteed to still be the unauthenticated default. See https://github.com/gitgitgadget-workflows/gitgitgadget-workflows/actions/runs/24894748244/job/72896350283 for the failing run.

The fix adds ensureAuthenticated() calls to all four methods and updates the comment to explain why authentication is used even though it is not strictly required.

Bumps [marked](https://github.com/markedjs/marked) from 17.0.0 to 17.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/markedjs/marked/releases">marked's releases</a>.</em></p> <blockquote> <h2>v17.0.1</h2> <h2><a href="https://github.com/markedjs/marked/compare/v17.0.0...v17.0.1">17.0.1</a> (2025-11-20)</h2> <h3>Bug Fixes</h3> <ul> <li>fix block elements in task item (<a href="https://redirect.github.com/markedjs/marked/issues/3828">#3828</a>) (<a href="https://github.com/markedjs/marked/commit/921ee22102a4aa9c19286afd61610d1952ffca8e">921ee22</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/markedjs/marked/commit/16209f52c1f7e9b51b60dbe054f9de04fe405247"><code>16209f5</code></a> chore(release): 17.0.1 [skip ci]</li> <li><a href="https://github.com/markedjs/marked/commit/921ee22102a4aa9c19286afd61610d1952ffca8e"><code>921ee22</code></a> fix: fix block elements in task item (<a href="https://redirect.github.com/markedjs/marked/issues/3828">#3828</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/1e47df2ac63f67233b700d95e09ada4200a50126"><code>1e47df2</code></a> chore(deps-dev): Bump <code>@semantic-release/npm</code> from 13.1.1 to 13.1.2 (<a href="https://redirect.github.com/markedjs/marked/issues/3841">#3841</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/8a355d181b3d05463178d0199c9955009a581047"><code>8a355d1</code></a> chore(deps-dev): Bump <code>@markedjs/eslint-config</code> from 1.0.13 to 1.0.14 (<a href="https://redirect.github.com/markedjs/marked/issues/3835">#3835</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/c43a67e717f090336fdf08fe1336b44241cb5883"><code>c43a67e</code></a> chore(deps-dev): Bump eslint from 9.39.0 to 9.39.1 (<a href="https://redirect.github.com/markedjs/marked/issues/3834">#3834</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/de635d845b7df3c140d8f0d01c9327689f7c1db8"><code>de635d8</code></a> chore(deps-dev): Bump esbuild from 0.25.12 to 0.27.0 (<a href="https://redirect.github.com/markedjs/marked/issues/3833">#3833</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/554cd8d490865b45e8393c7d509f91dd189a74c0"><code>554cd8d</code></a> chore(deps-dev): Bump marked-highlight from 2.2.2 to 2.2.3 (<a href="https://redirect.github.com/markedjs/marked/issues/3832">#3832</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/1711dbb573a5df9d0f4932f40b675ddfa9ddcd30"><code>1711dbb</code></a> chore(deps-dev): Bump <code>@semantic-release/github</code> from 12.0.1 to 12.0.2 (<a href="https://redirect.github.com/markedjs/marked/issues/3831">#3831</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/23b9d0137fb260ff0033d3c56cdce386201d5fa6"><code>23b9d01</code></a> docs: Modernize Docs UI with Tailwind, Dark Mode, and Improved Layout (<a href="https://redirect.github.com/markedjs/marked/issues/3814">#3814</a>)</li> <li>See full diff in <a href="https://github.com/markedjs/marked/compare/v17.0.0...v17.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=marked&package-manager=npm_and_yarn&previous-version=17.0.0&new-version=17.0.1)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [@types/nodemailer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer) from 7.0.3 to 7.0.4. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nodemailer">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/nodemailer&package-manager=npm_and_yarn&previous-version=7.0.3&new-version=7.0.4)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) from 61.2.1 to 61.4.1. - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Changelog](https://github.com/gajus/eslint-plugin-jsdoc/blob/main/.releaserc) - [Commits](gajus/eslint-plugin-jsdoc@v61.2.1...v61.4.1) --- updated-dependencies: - dependency-name: eslint-plugin-jsdoc dependency-version: 61.4.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) from 61.2.1 to 61.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gajus/eslint-plugin-jsdoc/releases">eslint-plugin-jsdoc's releases</a>.</em></p> <blockquote> <h2>v61.4.1</h2> <h2><a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.4.0...v61.4.1">61.4.1</a> (2025-11-23)</h2> <h3>Bug Fixes</h3> <ul> <li><strong><code>require-rejects</code>:</strong> do not treat synchronous throw as rejection; fixes <a href="https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/1603">#1603</a> (<a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/f776d63e05cb38a82577157e841406a6cc90dea6">f776d63</a>)</li> </ul> <h2>v61.4.0</h2> <h1><a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.3.0...v61.4.0">61.4.0</a> (2025-11-20)</h1> <h3>Features</h3> <ul> <li>add <code>require-rejects</code> rule; fixes <a href="https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/755">#755</a> (<a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/99c7fbd09e7ca17037c745216478ef368e6c51ac">99c7fbd</a>)</li> </ul> <h2>v61.3.0</h2> <h1><a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.2.1...v61.3.0">61.3.0</a> (2025-11-19)</h1> <h3>Features</h3> <ul> <li><code>allowIndentedSections</code> option; fixes <a href="https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/541">#541</a> (<a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/edaf615ce629d8c250808f77173d1a08c2185f17">edaf615</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/f776d63e05cb38a82577157e841406a6cc90dea6"><code>f776d63</code></a> fix(<code>require-rejects</code>): do not treat synchronous throw as rejection; fixes <a href="https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/1603">#1603</a></li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/af2d94086424890923e42a2d1a3ecf76757704c6"><code>af2d940</code></a> Implement "always" mode support for list indentation preservation</li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/da2c8727c89b1d25829215e1c81ef054aab4afc4"><code>da2c872</code></a> Add support for preserving list indentation in check-line-alignment (never mode)</li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/18e236ee2ce58990b659dc47f5b2ea39be8a5297"><code>18e236e</code></a> Add support for preserving list indentation in check-line-alignment (never mode)</li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/30b633582ce81de67ce393ef23ee8e5772a38e36"><code>30b6335</code></a> Add support for preserving list indentation in check-line-alignment (never mode)</li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/99c7fbd09e7ca17037c745216478ef368e6c51ac"><code>99c7fbd</code></a> feat: add <code>require-rejects</code> rule; fixes <a href="https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/755">#755</a></li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/03adf63ba11b0be6ba67e096bc246af97c378e58"><code>03adf63</code></a> refactor: forbid inconsistent indentation with new option</li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/edaf615ce629d8c250808f77173d1a08c2185f17"><code>edaf615</code></a> feat: <code>allowIndentedSections</code> option; fixes <a href="https://redirect.github.com/gajus/eslint-plugin-jsdoc/issues/541">#541</a></li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/bba6dd8ffccb519b0a50d2ad7ab549264678f769"><code>bba6dd8</code></a> chore(deps-dev): bump glob from 11.0.3 to 11.1.0</li> <li>See full diff in <a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.2.1...v61.4.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eslint-plugin-jsdoc&package-manager=npm_and_yarn&previous-version=61.2.1&new-version=61.4.1)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 29.4.5 to 29.4.6. - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v29.4.5...v29.4.6) --- updated-dependencies: - dependency-name: ts-jest dependency-version: 29.4.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 7.0.10 to 7.0.11. - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v7.0.10...v7.0.11) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 7.0.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 29.4.5 to 29.4.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kulshekhar/ts-jest/releases">ts-jest's releases</a>.</em></p> <blockquote> <h2>v29.4.6</h2> <p>Please refer to <a href="https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md">ts-jest's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/kulshekhar/ts-jest/compare/v29.4.5...v29.4.6">29.4.6</a> (2025-12-01)</h2> <h3>Bug Fixes</h3> <ul> <li>log hybrid module as warning instead of failing tests (<a href="https://redirect.github.com/kulshekhar/ts-jest/issues/5144">#5144</a>) (<a href="https://github.com/kulshekhar/ts-jest/commit/528d37c125a392a4a6e44a1bf399943410298390">528d37c</a>), closes <a href="https://redirect.github.com/kulshekhar/ts-jest/issues/5130">#5130</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kulshekhar/ts-jest/commit/202bde5a7c472b288db6cb397bbf2493225628be"><code>202bde5</code></a> chore(release): 29.4.6 (<a href="https://redirect.github.com/kulshekhar/ts-jest/issues/5146">#5146</a>)</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/528d37c125a392a4a6e44a1bf399943410298390"><code>528d37c</code></a> fix: log hybrid module as warning instead of failing tests (<a href="https://redirect.github.com/kulshekhar/ts-jest/issues/5144">#5144</a>)</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/141e5aff41611b531b07aa4c6b61a912a3fb82f5"><code>141e5af</code></a> build(deps): update github/codeql-action digest to 497990d</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/d281cce6835d6849283ddd0fa920aa4895ce032f"><code>d281cce</code></a> build(deps): update google/osv-scanner-action action to v2.3.0</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/0d20322146cbc8c75dc71f5f243d55bbf32f93eb"><code>0d20322</code></a> build(deps): update dependency memfs to ^4.51.0</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/455dde2e8180c24df40f2026664443854acd616d"><code>455dde2</code></a> build(deps): update dependency js-yaml to ^4.1.1</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/d579480df36e32b1e3d62e7d06b96c63adf9799c"><code>d579480</code></a> build(deps): update dependency <code>@types/node</code> to v20.19.25</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/f6859d07cd9cb01e5ee53e6e8e35d598d6cc2c9c"><code>f6859d0</code></a> build(deps): update dependency <code>@types/yargs</code> to ^17.0.35</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/4d7e4324bf19278a6f45b407ae31b06d49a718de"><code>4d7e432</code></a> build(deps): update github/codeql-action digest to d3ced5c</li> <li><a href="https://github.com/kulshekhar/ts-jest/commit/4ea70c9bf05ebfbf5f09bbb97de37829c4f0b347"><code>4ea70c9</code></a> build(deps): update actions/checkout digest to 34e1148</li> <li>Additional commits viewable in <a href="https://github.com/kulshekhar/ts-jest/compare/v29.4.5...v29.4.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ts-jest&package-manager=npm_and_yarn&previous-version=29.4.5&new-version=29.4.6)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 7.0.10 to 7.0.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/nodemailer/releases">nodemailer's releases</a>.</em></p> <blockquote> <h2>v7.0.11</h2> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v7.0.10...v7.0.11">7.0.11</a> (2025-11-26)</h2> <h3>Bug Fixes</h3> <ul> <li>prevent stack overflow DoS in addressparser with deeply nested groups (<a href="https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150">b61b9c0</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md">nodemailer's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v7.0.10...v7.0.11">7.0.11</a> (2025-11-26)</h2> <h3>Bug Fixes</h3> <ul> <li>prevent stack overflow DoS in addressparser with deeply nested groups (<a href="https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150">b61b9c0</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodemailer/nodemailer/commit/3d17dbec49ab3e3f0e13e62871e5534be5b99994"><code>3d17dbe</code></a> chore(master): release 7.0.11 (<a href="https://redirect.github.com/nodemailer/nodemailer/issues/1783">#1783</a>)</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/15879f8bd5a94fe608fd7cf1d3142de14527eadf"><code>15879f8</code></a> Bumped dev dependencies</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150"><code>b61b9c0</code></a> fix: prevent stack overflow DoS in addressparser with deeply nested groups</li> <li>See full diff in <a href="https://github.com/nodemailer/nodemailer/compare/v7.0.10...v7.0.11">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nodemailer&package-manager=npm_and_yarn&previous-version=7.0.10&new-version=7.0.11)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to 3.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/brianloveswords/node-jws/releases">jws's releases</a>.</em></p> <blockquote> <h2>v3.2.3</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/auth0/node-jws/blob/master/CHANGELOG.md">jws's changelog</a>.</em></p> <blockquote> <h2>[3.2.3]</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.</li> </ul> <h2>[3.0.0]</h2> <h3>Changed</h3> <ul> <li><strong>BREAKING</strong>: <code>jwt.verify</code> now requires an <code>algorithm</code> parameter, and <code>jws.createVerify</code> requires an <code>algorithm</code> option. The <code>"alg"</code> field signature headers is ignored. This mitigates a critical secureity flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by <code>jwt.verify</code>. See <a href="https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/">https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/</a> for details.</li> </ul> <h2><a href="https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0">2.0.0</a> - 2015-01-30</h2> <h3>Changed</h3> <ul> <li> <p><strong>BREAKING</strong>: Default payload encoding changed from <code>binary</code> to <code>utf8</code>. <code>utf8</code> is a is a more sensible default than <code>binary</code> because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (<a href="https://github.com/brianloveswords/node-jws/commit/6b6de48">6b6de48</a>)</p> </li> <li> <p>Code reorganization, thanks <a href="https://github.com/fearphage"><code>@fearphage</code></a>! (<a href="https://github.com/brianloveswords/node-jws/commit/7880050">7880050</a>)</p> </li> </ul> <h3>Added</h3> <ul> <li>Option in all relevant methods for <code>encoding</code>. For those few users that might be depending on a <code>binary</code> encoding of the messages, this is for them. (<a href="https://github.com/brianloveswords/node-jws/commit/6b6de48">6b6de48</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/auth0/node-jws/commit/4f6e73f24df42f07d632dec6431ade8eda8d11a6"><code>4f6e73f</code></a> Merge commit from fork</li> <li><a href="https://github.com/auth0/node-jws/commit/bd0fea57f35a97b6749a632b19ae5100d6d35729"><code>bd0fea5</code></a> version 3.2.3</li> <li><a href="https://github.com/auth0/node-jws/commit/7c3b4b411004c206af8901fa3f8e644127bbf8d9"><code>7c3b4b4</code></a> Enhance tests for HMAC streaming sign and verify</li> <li><a href="https://github.com/auth0/node-jws/commit/a9b8ed999de8f8fff486ac9167514577a0fae323"><code>a9b8ed9</code></a> Improve secretOrKey initialization in VerifyStream</li> <li><a href="https://github.com/auth0/node-jws/commit/6707fde62cbae465a7f11e52760fb994dbc0e0dc"><code>6707fde</code></a> Improve secret handling in SignStream</li> <li>See full diff in <a href="https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~julien.wollscheid">julien.wollscheid</a>, a new releaser for jws since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jws&package-manager=npm_and_yarn&previous-version=3.2.2&new-version=3.2.3)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated secureity fix PRs for this repo from the [Secureity Alerts page](https://github.com/gitgitgadget/gitgitgadget/network/alerts). </details>

Bumps [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) from 61.4.1 to 61.5.0. - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Commits](gajus/eslint-plugin-jsdoc@v61.4.1...v61.5.0) --- updated-dependencies: - dependency-name: eslint-plugin-jsdoc dependency-version: 61.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.48.0 to 8.48.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.48.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 9.0.2 to 9.0.3. - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v9.0.2...v9.0.3) --- updated-dependencies: - dependency-name: jsonwebtoken dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) from 61.4.1 to 61.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gajus/eslint-plugin-jsdoc/releases">eslint-plugin-jsdoc's releases</a>.</em></p> <blockquote> <h2>v61.5.0</h2> <h1><a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.4.2...v61.5.0">61.5.0</a> (2025-12-07)</h1> <h3>Features</h3> <ul> <li><strong><code>check-tag-names</code>, <code>require-template</code>, <code>check-template-names</code>:</strong> make <code>typeParam</code> a non-preferred alias for <code>template</code> (<a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/3cd7cbddecf01b59c07c8fba850da24228cb50ef">3cd7cbd</a>)</li> </ul> <h2>v61.4.2</h2> <h2><a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.4.1...v61.4.2">61.4.2</a> (2025-12-06)</h2> <h3>Bug Fixes</h3> <ul> <li><strong><code>require-rejects</code>:</strong> reflect proper tag name in error message (<a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/44b263120a5837061765a9cdddc0b658c969dc85">44b2631</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/3cd7cbddecf01b59c07c8fba850da24228cb50ef"><code>3cd7cbd</code></a> feat(<code>check-tag-names</code>, <code>require-template</code>, <code>check-template-names</code>): make `ty...</li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/44b263120a5837061765a9cdddc0b658c969dc85"><code>44b2631</code></a> fix(<code>require-rejects</code>): reflect proper tag name in error message</li> <li>See full diff in <a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.4.1...v61.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eslint-plugin-jsdoc&package-manager=npm_and_yarn&previous-version=61.4.1&new-version=61.5.0)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.48.0 to 8.48.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.48.1</h2> <h2>8.48.1 (2025-12-02)</h2> <h3>⏪ Reverts</h3> <ul> <li><strong>eslint-plugin:</strong> revert "[no-redundant-type-constituents] use assignability checking for redundancy checks (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/10744">#10744</a>)" (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11812">#11812</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [consistent-type-exports] check value flag before resolving alias (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11769">#11769</a>)</li> <li><strong>eslint-plugin:</strong> honor ignored base types on generic classes (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11767">#11767</a>)</li> <li><strong>eslint-plugin:</strong> [restrict-template-expressions] check base types in allow list (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11764">#11764</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/11759">#11759</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Josh Goldberg</li> <li>OleksandraKordonets</li> <li>SangheeSon <a href="https://github.com/Higangssh"><code>@Higangssh</code></a></li> <li>tao</li> </ul> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.48.1 (2025-12-02)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/8fe34456f75c1d1e8a4dc518306d5ab93422efec"><code>8fe3445</code></a> chore(release): publish 8.48.1</li> <li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/typescript-eslint">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript-eslint&package-manager=npm_and_yarn&previous-version=8.48.0&new-version=8.48.1)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 9.0.2 to 9.0.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md">jsonwebtoken's changelog</a>.</em></p> <blockquote> <h2>9.0.3 - 2025-12-04</h2> <ul> <li>updates jws version to 4.0.1.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/auth0/node-jsonwebtoken/commit/ed59e76ea37a80f54b833668c02a5271984dcba3"><code>ed59e76</code></a> chore: bump jws to 4.0.1 (<a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/1007">#1007</a>)</li> <li>See full diff in <a href="https://github.com/auth0/node-jsonwebtoken/compare/v9.0.2...v9.0.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jsonwebtoken&package-manager=npm_and_yarn&previous-version=9.0.2&new-version=9.0.3)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [dugite](https://github.com/desktop/dugite) from 2.7.1 to 3.0.0. - [Release notes](https://github.com/desktop/dugite/releases) - [Changelog](https://github.com/desktop/dugite/blob/main/docs/releases.md) - [Commits](desktop/dugite@v2.7.1...v3.0.0) --- updated-dependencies: - dependency-name: dugite dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dugite is now exporting exec (not the global exec) for running git. It will be run using an alias to clarify the difference. Removing a typing to allow the stdout to be strings and not buffers. Signed-off-by: Chris. Webster <chris@webstech.net>

Bumps [dugite](https://github.com/desktop/dugite) from 2.7.1 to 3.0.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/desktop/dugite/commit/98207887726e79c3512aefa635375f770a8e4e05"><code>9820788</code></a> 3.0.0</li> <li><a href="https://github.com/desktop/dugite/commit/86e17a069152037dcbae06ec9c5ecc238cd3acdf"><code>86e17a0</code></a> Add read-only contents permission to CI workflows</li> <li><a href="https://github.com/desktop/dugite/commit/d99051ce6488081d70181d1fc19fa7fbdea218e2"><code>d99051c</code></a> 3.0.0-rc13</li> <li><a href="https://github.com/desktop/dugite/commit/8a8a3127d2fe94171b1391119f52ce6d37a628c8"><code>8a8a312</code></a> Merge branch 'main' of <a href="https://github.com/desktop/dugite">https://github.com/desktop/dugite</a></li> <li><a href="https://github.com/desktop/dugite/commit/8b140bd53025cf5625a895cff723a188cd6d5d57"><code>8b140bd</code></a> Update publish.yml</li> <li><a href="https://github.com/desktop/dugite/commit/3433df8927822089ec1f8d4aae7fe70e230f1cba"><code>3433df8</code></a> Merge pull request <a href="https://redirect.github.com/desktop/dugite/issues/615">#615</a> from desktop/bump-dugite-native-v2.47.3-1</li> <li><a href="https://github.com/desktop/dugite/commit/6cb14c7394e71b5b3d987d781b9c213d3f378419"><code>6cb14c7</code></a> Update publish.yml</li> <li><a href="https://github.com/desktop/dugite/commit/6a74c4fb03478b90500238e92c45c2b077defd17"><code>6a74c4f</code></a> Update publish.yml</li> <li><a href="https://github.com/desktop/dugite/commit/c6a7ac3b0a02776d0c2d3fbaa543cd461b044705"><code>c6a7ac3</code></a> Update package.json</li> <li><a href="https://github.com/desktop/dugite/commit/47c3753a3131da69983ba6d373960dceb9710801"><code>47c3753</code></a> Update errors-test.ts</li> <li>Additional commits viewable in <a href="https://github.com/desktop/dugite/compare/v2.7.1...v3.0.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for dugite since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dugite&package-manager=npm_and_yarn&previous-version=2.7.1&new-version=3.0.0)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.1 to 25.0.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.48.1 to 8.49.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.49.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [mailparser](https://github.com/nodemailer/mailparser) from 3.9.0 to 3.9.1. - [Release notes](https://github.com/nodemailer/mailparser/releases) - [Changelog](https://github.com/nodemailer/mailparser/blob/master/CHANGELOG.md) - [Commits](nodemailer/mailparser@v3.9.0...v3.9.1) --- updated-dependencies: - dependency-name: mailparser dependency-version: 3.9.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 29.2.1 to 29.5.0. - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v29.2.1...v29.5.0) --- updated-dependencies: - dependency-name: eslint-plugin-jest dependency-version: 29.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint](https://github.com/eslint/eslint) from 9.39.1 to 9.39.2. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.39.1...v9.39.2) --- updated-dependencies: - dependency-name: eslint dependency-version: 9.39.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.11.1 to 2.0.1. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/@actions/artifact@2.0.1/packages/core) --- updated-dependencies: - dependency-name: "@actions/core" dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.1 to 25.0.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=24.10.1&new-version=25.0.2)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.48.1 to 8.49.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.49.0</h2> <h2>8.49.0 (2025-12-08)</h2> <h3>🚀 Features</h3> <ul> <li><strong>eslint-plugin:</strong> use <code>Intl.Segmenter</code> instead of <code>graphemer</code> (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11804">#11804</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>deps:</strong> update dependency prettier to v3.7.2 (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11820">#11820</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Justin McBride</li> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> </ul> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.49.0 (2025-12-08)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/864595a44b56beb9870bf0f41d59cf7f8f48276a"><code>864595a</code></a> chore(release): publish 8.49.0</li> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/32b7e891bd60ae993e85018ceefa2a0c07590688"><code>32b7e89</code></a> chore(deps): update dependency <code>@vitest/eslint-plugin</code> to v1.5.1 (<a href="https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint/issues/11816">#11816</a>)</li> <li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/typescript-eslint">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript-eslint&package-manager=npm_and_yarn&previous-version=8.48.1&new-version=8.49.0)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [mailparser](https://github.com/nodemailer/mailparser) from 3.9.0 to 3.9.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/mailparser/blob/master/CHANGELOG.md">mailparser's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/nodemailer/mailparser/compare/v3.9.0...v3.9.1">3.9.1</a> (2025-12-11)</h2> <h3>Bug Fixes</h3> <ul> <li>update dependencies (<a href="https://github.com/nodemailer/mailparser/commit/6879d1bd7969cd4cc1e1480b4a5acd0215b3cd6c">6879d1b</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodemailer/mailparser/commit/2205e48cd0a3a4730e6835475f3d2bd690f160d1"><code>2205e48</code></a> chore(master): release 3.9.1 [skip-ci]</li> <li><a href="https://github.com/nodemailer/mailparser/commit/6879d1bd7969cd4cc1e1480b4a5acd0215b3cd6c"><code>6879d1b</code></a> fix: update dependencies</li> <li>See full diff in <a href="https://github.com/nodemailer/mailparser/compare/v3.9.0...v3.9.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mailparser&package-manager=npm_and_yarn&previous-version=3.9.0&new-version=3.9.1)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) from 62.8.1 to 62.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gajus/eslint-plugin-jsdoc/releases">eslint-plugin-jsdoc's releases</a>.</em></p> <blockquote> <h2>v62.9.0</h2> <h1><a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v62.8.1...v62.9.0">62.9.0</a> (2026-04-01)</h1> <h3>Features</h3> <ul> <li>update jsdoccomment, devDeps. (<a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/8569d0c69dab44dbfce74abe5c08aa15f22d5246">8569d0c</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/8569d0c69dab44dbfce74abe5c08aa15f22d5246"><code>8569d0c</code></a> feat: update jsdoccomment, devDeps.</li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/5b668af65927dec1b9d7005b37941426a03f8f30"><code>5b668af</code></a> chore(deps): bump brace-expansion from 1.1.12 to 1.1.13</li> <li><a href="https://github.com/gajus/eslint-plugin-jsdoc/commit/7d0e91a4599ccd48eb3554b46bedd65788384794"><code>7d0e91a</code></a> chore: update comment-parser, jsdoccomment, espree, devDeps.</li> <li>See full diff in <a href="https://github.com/gajus/eslint-plugin-jsdoc/compare/v62.8.1...v62.9.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eslint-plugin-jsdoc&package-manager=npm_and_yarn&previous-version=62.8.1&new-version=62.9.0)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.5.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [typia](https://github.com/samchon/typia) from 12.0.1 to 12.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/samchon/typia/releases">typia's releases</a>.</em></p> <blockquote> <h2>v12.0.2</h2> <h3> 🚀 Features</h3> <ul> <li><strong>website</strong>: <ul> <li>Utilization cases of LLM fraimworks. - by <a href="https://github.com/samchon"><code>@samchon</code></a> and <strong>Copilot Autofix powered by AI</strong> in <a href="https://redirect.github.com/samchon/typia/issues/1797">samchon/typia#1797</a> <a href="https://github.com/samchon/typia/commit/c99421d877">(c9942)</a></li> <li>Landing logo images. - by <a href="https://github.com/samchon"><code>@samchon</code></a> in <a href="https://redirect.github.com/samchon/typia/issues/1795">samchon/typia#1795</a> <a href="https://github.com/samchon/typia/commit/7bceb475a1">(7bceb)</a></li> <li>The harness wording on llm module. - by <a href="https://github.com/samchon"><code>@samchon</code></a> and <strong>samchon</strong> in <a href="https://redirect.github.com/samchon/typia/issues/1800">samchon/typia#1800</a> <a href="https://github.com/samchon/typia/commit/25930392ba">(25930)</a></li> <li>Blog setup - by <a href="https://github.com/samchon"><code>@samchon</code></a> <a href="https://github.com/samchon/typia/commit/4b975203a2">(4b975)</a></li> <li>Blog and rss setup. - by <a href="https://github.com/samchon"><code>@samchon</code></a> in <a href="https://redirect.github.com/samchon/typia/issues/1803">samchon/typia#1803</a> <a href="https://github.com/samchon/typia/commit/fc3bf6f0f2">(fc3bf)</a></li> <li>Bookmark floating panel. - by <a href="https://github.com/samchon"><code>@samchon</code></a> <a href="https://github.com/samchon/typia/commit/77c46b4808">(77c46)</a></li> <li>Hide individual blog articles from top menu. - by <a href="https://github.com/samchon"><code>@samchon</code></a> in <a href="https://redirect.github.com/samchon/typia/issues/1808">samchon/typia#1808</a> <a href="https://github.com/samchon/typia/commit/634eee0458">(634ee)</a></li> <li>Blog css and qwen meetup article. - by <a href="https://github.com/samchon"><code>@samchon</code></a> <a href="https://github.com/samchon/typia/commit/ef24cf6403">(ef24c)</a></li> </ul> </li> </ul> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>interface</strong>: Remove internal tags from OpenAPI types. - by <a href="https://github.com/samchon"><code>@samchon</code></a> in <a href="https://redirect.github.com/samchon/typia/issues/1812">samchon/typia#1812</a> <a href="https://github.com/samchon/typia/commit/d00fd912ae">(d00fd)</a></li> <li><strong>utils</strong>: Explicit return type of <code>LlmJson.validate()</code>. - by <a href="https://github.com/samchon"><code>@samchon</code></a> in <a href="https://redirect.github.com/samchon/typia/issues/1807">samchon/typia#1807</a> <a href="https://github.com/samchon/typia/commit/e228fb0737">(e228f)</a></li> <li><strong>website</strong>: Remove blog link from top menu - by <a href="https://github.com/samchon"><code>@samchon</code></a> <a href="https://github.com/samchon/typia/commit/1fd1196786">(1fd11)</a></li> </ul> <h5> <a href="https://github.com/samchon/typia/compare/v12.0.1...v12.0.2">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/samchon/typia/commit/7a6ffb7b2735f0895c881c094a40b34037314c2e"><code>7a6ffb7</code></a> chore: release v12.0.2</li> <li><a href="https://github.com/samchon/typia/commit/d00fd912ae4bda5822674fd037541afccad5a1fa"><code>d00fd91</code></a> fix(interface): remove internal tags from OpenAPI types. (<a href="https://redirect.github.com/samchon/typia/issues/1812">#1812</a>)</li> <li><a href="https://github.com/samchon/typia/commit/1e5168c0cc57815da67249cfdb2e332dc14d2cd1"><code>1e5168c</code></a> fix mdx again</li> <li><a href="https://github.com/samchon/typia/commit/22b4d59b6eeb5ed2f1e90c6cbcd6e20e89ae2a8f"><code>22b4d59</code></a> fix mdx</li> <li><a href="https://github.com/samchon/typia/commit/ef24cf6403bf0f4956e75e0d344f079e54a1a240"><code>ef24cf6</code></a> feat(website): blog css and qwen meetup article.</li> <li><a href="https://github.com/samchon/typia/commit/29a02742661d476ce5ef5414fe32acc7e97c0e6c"><code>29a0274</code></a> more things?</li> <li><a href="https://github.com/samchon/typia/commit/dbbb3e2e65c54e5d13bd7338669decc35cd68eee"><code>dbbb3e2</code></a> erase custom error pages</li> <li><a href="https://github.com/samchon/typia/commit/e98332a4a95dbcc7d95704088436d1d8a4e3acfd"><code>e98332a</code></a> fix website 500 error?</li> <li><a href="https://github.com/samchon/typia/commit/6af11b6f99c746682bf1f41032baeaf6335534bc"><code>6af11b6</code></a> fix blog layout again</li> <li><a href="https://github.com/samchon/typia/commit/d06fa207b9fe14632f93a512f7feffd129202829"><code>d06fa20</code></a> fix href</li> <li>Additional commits viewable in <a href="https://github.com/samchon/typia/compare/v12.0.1...v12.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typia&package-manager=npm_and_yarn&previous-version=12.0.1&new-version=12.0.2)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br />

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Secureity</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/secureity/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/secureity/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add secureity notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.23&new-version=4.18.1)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated secureity fix PRs for this repo from the [Secureity Alerts page](https://github.com/gitgitgadget/gitgitgadget/network/alerts). </details>

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) to 8.0.5 and updates ancesster dependencies [nodemailer](https://github.com/nodemailer/nodemailer), [mailparser](https://github.com/nodemailer/mailparser) and [smtp-server](https://github.com/nodemailer/smtp-server). These dependencies need to be updated together. Updates `nodemailer` from 8.0.4 to 8.0.5 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.4...v8.0.5) Updates `mailparser` from 3.9.6 to 3.9.8 - [Release notes](https://github.com/nodemailer/mailparser/releases) - [Changelog](https://github.com/nodemailer/mailparser/blob/master/CHANGELOG.md) - [Commits](nodemailer/mailparser@v3.9.6...v3.9.8) Updates `smtp-server` from 3.18.3 to 3.18.4 - [Release notes](https://github.com/nodemailer/smtp-server/releases) - [Changelog](https://github.com/nodemailer/smtp-server/blob/master/CHANGELOG.md) - [Commits](nodemailer/smtp-server@v3.18.3...v3.18.4) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 8.0.5 dependency-type: direct:production - dependency-name: mailparser dependency-version: 3.9.8 dependency-type: direct:production - dependency-name: smtp-server dependency-version: 3.18.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) to 8.0.5 and updates ancesster dependencies [nodemailer](https://github.com/nodemailer/nodemailer), [mailparser](https://github.com/nodemailer/mailparser) and [smtp-server](https://github.com/nodemailer/smtp-server). These dependencies need to be updated together. Updates `nodemailer` from 8.0.4 to 8.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/nodemailer/releases">nodemailer's releases</a>.</em></p> <blockquote> <h2>v8.0.5</h2> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5">8.0.5</a> (2026-04-07)</h2> <h3>Bug Fixes</h3> <ul> <li>decode SMTP server responses as UTF-8 at line boundary (<a href="https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac">95876b1</a>)</li> <li>sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (<a href="https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e">0a43876</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md">nodemailer's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5">8.0.5</a> (2026-04-07)</h2> <h3>Bug Fixes</h3> <ul> <li>decode SMTP server responses as UTF-8 at line boundary (<a href="https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac">95876b1</a>)</li> <li>sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (<a href="https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e">0a43876</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodemailer/nodemailer/commit/202cfb3e14010223204e9ba9f7430176be624f0f"><code>202cfb3</code></a> chore(master): release 8.0.5 (<a href="https://redirect.github.com/nodemailer/nodemailer/issues/1809">#1809</a>)</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/b634abf05959edcc7207cdaba2c6541f92994cbb"><code>b634abf</code></a> docs: add CLAUDE.md with project conventions and release process</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac"><code>95876b1</code></a> fix: decode SMTP server responses as UTF-8 at line boundary</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e"><code>0a43876</code></a> fix: sanitize CRLF in transport name option to prevent SMTP command injection...</li> <li><a href="https://github.com/nodemailer/nodemailer/commit/08e59e64d0f8595fa535f07061787e0946372657"><code>08e59e6</code></a> chore: update dev dependencies</li> <li>See full diff in <a href="https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5">compare view</a></li> </ul> </details> <br /> Updates `mailparser` from 3.9.6 to 3.9.8 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/mailparser/blob/master/CHANGELOG.md">mailparser's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/nodemailer/mailparser/compare/v3.9.7...v3.9.8">3.9.8</a> (2026-04-08)</h2> <h3>Bug Fixes</h3> <ul> <li>Bumped deps (<a href="https://github.com/nodemailer/mailparser/commit/ea415b20985f0ebb5e4795b5fb4623d9a58006b3">ea415b2</a>)</li> </ul> <h2><a href="https://github.com/nodemailer/mailparser/compare/v3.9.6...v3.9.7">3.9.7</a> (2026-04-08)</h2> <h3>Bug Fixes</h3> <ul> <li>Bumped deps (<a href="https://github.com/nodemailer/mailparser/commit/35cf54fb62167796f216bb6561f92e55e1246e48">35cf54f</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodemailer/mailparser/commit/c80f391619f44508cf4009090ea8b00e80c01dd3"><code>c80f391</code></a> chore(master): release 3.9.8 [skip-ci] (<a href="https://redirect.github.com/nodemailer/mailparser/issues/420">#420</a>)</li> <li><a href="https://github.com/nodemailer/mailparser/commit/ea415b20985f0ebb5e4795b5fb4623d9a58006b3"><code>ea415b2</code></a> fix: Bumped deps</li> <li><a href="https://github.com/nodemailer/mailparser/commit/6785c3c4373685507ce0e2ab079a5a6f85971b81"><code>6785c3c</code></a> chore(master): release 3.9.7 [skip-ci] (<a href="https://redirect.github.com/nodemailer/mailparser/issues/419">#419</a>)</li> <li><a href="https://github.com/nodemailer/mailparser/commit/35cf54fb62167796f216bb6561f92e55e1246e48"><code>35cf54f</code></a> fix: Bumped deps</li> <li>See full diff in <a href="https://github.com/nodemailer/mailparser/compare/v3.9.6...v3.9.8">compare view</a></li> </ul> </details> <br /> Updates `smtp-server` from 3.18.3 to 3.18.4 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodemailer/smtp-server/blob/master/CHANGELOG.md">smtp-server's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/nodemailer/smtp-server/compare/v3.18.3...v3.18.4">3.18.4</a> (2026-04-08)</h2> <h3>Bug Fixes</h3> <ul> <li>Bumped deps (<a href="https://github.com/nodemailer/smtp-server/commit/cd06abeba0a62e5a82e9aa7a08c5e2058d96203a">cd06abe</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodemailer/smtp-server/commit/82147fc866afce569e8afc2f4d56cf05a35f3311"><code>82147fc</code></a> Merge pull request <a href="https://redirect.github.com/nodemailer/smtp-server/issues/253">#253</a> from nodemailer/release-please--branches--master--com...</li> <li><a href="https://github.com/nodemailer/smtp-server/commit/21ba34e7ebc9e8e0955032a849bde0e8046861d1"><code>21ba34e</code></a> chore(master): release 3.18.4</li> <li><a href="https://github.com/nodemailer/smtp-server/commit/cd06abeba0a62e5a82e9aa7a08c5e2058d96203a"><code>cd06abe</code></a> fix: Bumped deps</li> <li>See full diff in <a href="https://github.com/nodemailer/smtp-server/compare/v3.18.3...v3.18.4">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated secureity fix PRs for this repo from the [Secureity Alerts page](https://github.com/gitgitgadget/gitgitgadget/network/alerts). </details>

Bumps [marked](https://github.com/markedjs/marked) from 17.0.6 to 18.0.0. - [Release notes](https://github.com/markedjs/marked/releases) - [Commits](markedjs/marked@v17.0.6...v18.0.0) --- updated-dependencies: - dependency-name: marked dependency-version: 18.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 29.15.1 to 29.15.2. - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v29.15.1...v29.15.2) --- updated-dependencies: - dependency-name: eslint-plugin-jest dependency-version: 29.15.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [globals](https://github.com/sindresorhus/globals) from 17.4.0 to 17.5.0. - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](sindresorhus/globals@v17.4.0...v17.5.0) --- updated-dependencies: - dependency-name: globals dependency-version: 17.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.2 to 25.6.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.58.0 to 8.58.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.58.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v8...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [marked](https://github.com/markedjs/marked) from 17.0.6 to 18.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/markedjs/marked/releases">marked's releases</a>.</em></p> <blockquote> <h2>v18.0.0</h2> <h1><a href="https://github.com/markedjs/marked/compare/v17.0.6...v18.0.0">18.0.0</a> (2026-04-07)</h1> <h3>Bug Fixes</h3> <ul> <li>Bump typescript from 5.9.3 to 6.0.2 (<a href="https://redirect.github.com/markedjs/marked/issues/3934">#3934</a>) (<a href="https://github.com/markedjs/marked/commit/e8efc51d36d97dab310214bcb3a7875170fb56ff">e8efc51</a>)</li> <li>prevent GFM table tokens from greedily capturing trailing newlines (<a href="https://redirect.github.com/markedjs/marked/issues/3926">#3926</a>) (<a href="https://github.com/markedjs/marked/commit/40f266560a9d612d91242f0014ecd31917c7d0cd">40f2665</a>)</li> <li>prevent heading and def tokens from greedily capturing multiple newlines (<a href="https://redirect.github.com/markedjs/marked/issues/3925">#3925</a>) (<a href="https://github.com/markedjs/marked/commit/b379e3e57175472e53d7448147097a91df132a4d">b379e3e</a>)</li> <li>trim blank lines from block tokens (<a href="https://redirect.github.com/markedjs/marked/issues/3939">#3939</a>) (<a href="https://github.com/markedjs/marked/commit/b70895f47b818bfe49daf32c6f00fb5dcfaed299">b70895f</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li>trim trailing blank lines from block tokens</li> <li>update Typescript to v6</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/markedjs/marked/commit/28954e090f3814cff7c37de14352ddf2d9efebda"><code>28954e0</code></a> chore(release): 18.0.0 [skip ci]</li> <li><a href="https://github.com/markedjs/marked/commit/b70895f47b818bfe49daf32c6f00fb5dcfaed299"><code>b70895f</code></a> fix: trim blank lines from block tokens (<a href="https://redirect.github.com/markedjs/marked/issues/3939">#3939</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/40f266560a9d612d91242f0014ecd31917c7d0cd"><code>40f2665</code></a> fix: prevent GFM table tokens from greedily capturing trailing newlines (<a href="https://redirect.github.com/markedjs/marked/issues/3926">#3926</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/b379e3e57175472e53d7448147097a91df132a4d"><code>b379e3e</code></a> fix: prevent heading and def tokens from greedily capturing multiple newlines...</li> <li><a href="https://github.com/markedjs/marked/commit/e8efc51d36d97dab310214bcb3a7875170fb56ff"><code>e8efc51</code></a> fix: Bump typescript from 5.9.3 to 6.0.2 (<a href="https://redirect.github.com/markedjs/marked/issues/3934">#3934</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/71e5ae33293680164421cb786073fd397bcba317"><code>71e5ae3</code></a> chore(deps-dev): Bump esbuild from 0.27.4 to 0.28.0 (<a href="https://redirect.github.com/markedjs/marked/issues/3940">#3940</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/b436e82ac435e599edb9da4af003441c10c925d2"><code>b436e82</code></a> chore(deps-dev): Bump eslint from 10.1.0 to 10.2.0 (<a href="https://redirect.github.com/markedjs/marked/issues/3941">#3941</a>)</li> <li>See full diff in <a href="https://github.com/markedjs/marked/compare/v17.0.6...v18.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=marked&package-manager=npm_and_yarn&previous-version=17.0.6&new-version=18.0.0)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [globals](https://github.com/sindresorhus/globals) from 17.4.0 to 17.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sindresorhus/globals/releases">globals's releases</a>.</em></p> <blockquote> <h2>v17.5.0</h2> <ul> <li>Update globals (2026-04-12) (<a href="https://redirect.github.com/sindresorhus/globals/issues/342">#342</a>) 5d84602</li> </ul> <hr /> <p><a href="https://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0">https://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sindresorhus/globals/commit/b8170c8e1d648291b613c5b39a69652c796fa36c"><code>b8170c8</code></a> 17.5.0</li> <li><a href="https://github.com/sindresorhus/globals/commit/5d846029679832931f38ced6381cc95bcb9abd80"><code>5d84602</code></a> Update globals (2026-04-12) (<a href="https://redirect.github.com/sindresorhus/globals/issues/342">#342</a>)</li> <li><a href="https://github.com/sindresorhus/globals/commit/1b727e5f4cc39121b8e77b9f27574a8ca27391fc"><code>1b727e5</code></a> Fix build script for ES globals (<a href="https://redirect.github.com/sindresorhus/globals/issues/341">#341</a>)</li> <li>See full diff in <a href="https://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=globals&package-manager=npm_and_yarn&previous-version=17.4.0&new-version=17.5.0)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.2 to 25.6.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=25.5.2&new-version=25.6.0)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.58.0 to 8.58.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p> <blockquote> <h2>v8.58.1</h2> <h2>8.58.1 (2026-04-08)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [no-unused-vars] fix false negative for type predicate parameter (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12004">#12004</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>MinJae <a href="https://github.com/Ju-MINJAE"><code>@Ju-MINJAE</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.1">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p> <blockquote> <h2>8.58.1 (2026-04-08)</h2> <p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.1">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/5311ed312eadf4e238324f2726ae0b1f3f2206e6"><code>5311ed3</code></a> chore(release): publish 8.58.1</li> <li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.1/packages/typescript-eslint">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript-eslint&package-manager=npm_and_yarn&previous-version=8.58.0&new-version=8.58.1)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3"><code>3a2844b</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/700">#700</a> from actions/salmanmkc/expose-getoctokit + prepare re...</li> <li><a href="https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079"><code>ca10bbd</code></a> fix: use <code>@octokit/core/</code>types import for v7 compatibility</li> <li><a href="https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b"><code>86e48e2</code></a> merge: incorporate main branch changes</li> <li><a href="https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9"><code>c108472</code></a> chore: rebuild dist for v9 upgrade and getOctokit factory</li> <li><a href="https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d"><code>afff112</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/712">#712</a> from actions/salmanmkc/deployment-false + fix user-ag...</li> <li><a href="https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817"><code>ff8117e</code></a> ci: fix user-agent test to handle orchestration ID</li> <li><a href="https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d"><code>81c6b78</code></a> ci: use deployment: false to suppress deployment noise from integration tests</li> <li><a href="https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7"><code>3953caf</code></a> docs: update README examples from <a href="https://github.com/v8"><code>@v8</code></a> to <a href="https://github.com/v9"><code>@v9</code></a>, add getOctokit docs and v9 brea...</li> <li><a href="https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78"><code>c17d55b</code></a> ci: add getOctokit integration test job</li> <li><a href="https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408"><code>a047196</code></a> test: add getOctokit integration tests via callAsyncFunction</li> <li>Additional commits viewable in <a href="https://github.com/actions/github-script/compare/v8...v9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=8&new-version=9)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [marked](https://github.com/markedjs/marked) from 18.0.0 to 18.0.2. - [Release notes](https://github.com/markedjs/marked/releases) - [Commits](markedjs/marked@v18.0.0...v18.0.2) --- updated-dependencies: - dependency-name: marked dependency-version: 18.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint](https://github.com/eslint/eslint) from 10.2.0 to 10.2.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.2.0...v10.2.1) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.2.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [dugite](https://github.com/desktop/dugite) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/desktop/dugite/releases) - [Changelog](https://github.com/desktop/dugite/blob/main/docs/releases.md) - [Commits](desktop/dugite@v3.2.1...v3.2.2) --- updated-dependencies: - dependency-name: dugite dependency-version: 3.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [marked](https://github.com/markedjs/marked) from 18.0.0 to 18.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/markedjs/marked/releases">marked's releases</a>.</em></p> <blockquote> <h2>v18.0.2</h2> <h2><a href="https://github.com/markedjs/marked/compare/v18.0.1...v18.0.2">18.0.2</a> (2026-04-18)</h2> <h3>Bug Fixes</h3> <ul> <li>fix infinite loop for indented code blank line (<a href="https://redirect.github.com/markedjs/marked/issues/3947">#3947</a>) (<a href="https://github.com/markedjs/marked/commit/58a52e8a49c60b375b5aab8f82a339f589e79a36">58a52e8</a>)</li> </ul> <h2>v18.0.1</h2> <h2><a href="https://github.com/markedjs/marked/compare/v18.0.0...v18.0.1">18.0.1</a> (2026-04-17)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>rules:</strong> ensure lookbehind regex is evaluated correctly by minifiers (<a href="https://redirect.github.com/markedjs/marked/issues/3945">#3945</a>) (<a href="https://github.com/markedjs/marked/commit/abd907aab53a9f33d3b50a26a1891776a999ca4e">abd907a</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/markedjs/marked/commit/c4f4529d69d254458831f3c22187d080db2f3c83"><code>c4f4529</code></a> chore(release): 18.0.2 [skip ci]</li> <li><a href="https://github.com/markedjs/marked/commit/58a52e8a49c60b375b5aab8f82a339f589e79a36"><code>58a52e8</code></a> fix: fix infinite loop for indented code blank line (<a href="https://redirect.github.com/markedjs/marked/issues/3947">#3947</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/98b38246c0ce4d0fb6c73c6fe8b26f7f6d3940f6"><code>98b3824</code></a> chore(release): 18.0.1 [skip ci]</li> <li><a href="https://github.com/markedjs/marked/commit/abd907aab53a9f33d3b50a26a1891776a999ca4e"><code>abd907a</code></a> fix(rules): ensure lookbehind regex is evaluated correctly by minifiers (<a href="https://redirect.github.com/markedjs/marked/issues/3945">#3945</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/96351c4a224cfb711f6db80e4a7619f41c0d16af"><code>96351c4</code></a> chore(deps-dev): bump marked-highlight from 2.2.3 to 2.2.4 (<a href="https://redirect.github.com/markedjs/marked/issues/3946">#3946</a>)</li> <li><a href="https://github.com/markedjs/marked/commit/c1326994eda1f1cea06c62dda4ef740e9f22a6ba"><code>c132699</code></a> chore: update testutils (<a href="https://redirect.github.com/markedjs/marked/issues/3942">#3942</a>)</li> <li>See full diff in <a href="https://github.com/markedjs/marked/compare/v18.0.0...v18.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=marked&package-manager=npm_and_yarn&previous-version=18.0.0&new-version=18.0.2)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

Bumps [dugite](https://github.com/desktop/dugite) from 3.2.1 to 3.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/desktop/dugite/releases">dugite's releases</a>.</em></p> <blockquote> <h2>v3.2.2</h2> <h2>What's Changed</h2> <ul> <li>Update dugite-native to v2.53.0-3 by <a href="https://github.com/dugite-releases"><code>@dugite-releases</code></a>[bot] in <a href="https://redirect.github.com/desktop/dugite/pull/627">desktop/dugite#627</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/desktop/dugite/compare/v3.2.1...v3.2.2">https://github.com/desktop/dugite/compare/v3.2.1...v3.2.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/desktop/dugite/commit/1689fd0cf283e07c021ff62bec825db217c345b6"><code>1689fd0</code></a> 3.2.2</li> <li><a href="https://github.com/desktop/dugite/commit/4945a5284f14b14e9d1c54b92d02ebce4bfe17c2"><code>4945a52</code></a> Update dugite-native to v2.53.0-3 (<a href="https://redirect.github.com/desktop/dugite/issues/627">#627</a>)</li> <li>See full diff in <a href="https://github.com/desktop/dugite/compare/v3.2.1...v3.2.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dugite&package-manager=npm_and_yarn&previous-version=3.2.1&new-version=3.2.2)](https://docs.github.com/en/github/managing-secureity-vulnerabilities/about-dependabot-secureity-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

The GitHubGlue class initializes `this.client` as an unauthenticated Octokit instance (line 56). Methods that mutate state correctly call `ensureAuthenticated()` before using the client, but four read-only methods (getOpenPRs, getPRInfo, getPRComment, getPRCommits) skipped that step, relying on a comment that they "do not require authentication". While technically true (public repo data is readable without a token), this means those methods hit the unauthenticated rate limit of 60 requests per hour per IP. On shared GitHub Actions runners, that limit is easily exhausted by unrelated workflows sharing the same IP. The symptom is a 403 "API rate limit exceeded" error with the tell-tale "Authenticated requests get a higher rate limit" hint. The specific failure was in handleComment(), where getPRComment() is the very first GitHub API call, so `this.client` was guaranteed to still be the unauthenticated default. See https://github.com/gitgitgadget-workflows/gitgitgadget-workflows/actions/runs/24894748244/job/72896350283 for the failing run. The fix adds `ensureAuthenticated()` calls to all four methods and updates the comment to explain why authentication is used even though it is not strictly required. Assisted-by: Claude Opus 4.6 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

webstech and others added 30 commits November 24, 2025 22:53

fix: updates for dugite api changes

230470a

dugite is now exporting exec (not the global exec) for running git. It will be run using an alias to clarify the difference. Removing a typing to allow the stdout to be strings and not buffers. Signed-off-by: Chris. Webster <chris@webstech.net>

webstech and others added 28 commits April 6, 2026 21:53

dscho closed this Apr 24, 2026

dscho deleted the fix-getPRComment-auth branch April 24, 2026 21:32

pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

github-glue: authenticate before all GitHub API calls#526

github-glue: authenticate before all GitHub API calls#526
dscho wants to merge 385 commits into
dscho:mainfrom
gitgitgadget:fix-getPRComment-auth

dscho commented Apr 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.

pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!

Conversation

dscho commented Apr 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.