chore(deps): (deps): bump the production group across 1 directory with 9 updates by dependabot[bot] · Pull Request #942 · tidev/titanium-cli

dependabot · 2026-05-06T04:25:37Z

Bumps the production group with 9 updates in the / directory:

Package	From	To
undici	`8.0.2`	`8.2.0`
@babel/compat-data	`7.29.0`	`7.29.3`
@babel/parser	`7.29.2`	`7.29.3`
@istanbuljs/schema	`0.1.3`	`0.1.6`
baseline-browser-mapping	`2.10.20`	`2.10.27`
caniuse-lite	`1.0.30001788`	`1.0.30001791`
electron-to-chromium	`1.5.343`	`1.5.351`
jsonfile	`6.2.0`	`6.2.1`
node-releases	`2.0.37`	`2.0.38`

Updates undici from 8.0.2 to 8.2.0

Release notes

Sourced from undici's releases.

v8.2.0

What's Changed

chore: use native addAbortListener by @trivikr in nodejs/undici#5021

fix: fix the logic for the UNDICI_NO_WASM_SIMD environment variable by @ShenHongFei in nodejs/undici#5026

fix(http2): send body for non-expectsPayload methods with content by @mcollina in nodejs/undici#5030

fix(fetch): correct 'navigator' typo to 'navigate' in fetchFinale by @deepview-autofix in nodejs/undici#5044

fix(webidl): correct signed integer bounds in ConvertToInt by @deepview-autofix in nodejs/undici#5038

fix(fetch): use || for CRLF check in multipart formdata-parser by @deepview-autofix in nodejs/undici#5049

fix(websocket): correct argument order in WebSocketStream UTF-8 failure by @deepview-autofix in nodejs/undici#5050

fix(pool): propagate useH2c to connector when connections > 1 by @SAY-5 in nodejs/undici#5031

fix(cache): return immutable staleAt in milliseconds by @deepview-autofix in nodejs/undici#5048

fix(socks5-proxy-agent): use per-origin pools to prevent cross-origin routing by @deepview-autofix in nodejs/undici#5041

fix(cache): evict oldest entries first in SqliteCacheStore prune by @deepview-autofix in nodejs/undici#5039

fix(socks5): correctly expand IPv6 '::' compressed notation by @deepview-autofix in nodejs/undici#5046

Remove unused func and unnecessary shim by @tsctx in nodejs/undici#5053

fix: reject malformed content-length request headers by @trivikr in nodejs/undici#5060

fix(request): reject NaN highWaterMark during option validation by @trivikr in nodejs/undici#5062

docs: fix broken links in docsify sidebar by @maruthang in nodejs/undici#5065

fix(fetch): prefer filename* over filename in multipart form-data by @maruthang in nodejs/undici#5068

fix(http2): reject websocket upgrades on non-200 responses by @trivikr in nodejs/undici#5072

feat: support username-only proxy authentication in ProxyAgent by @rossilor95 in nodejs/undici#4935

build(deps): bump uWebSockets.js from v20.58.0 to v20.64.0 in /benchmarks by @dependabot[bot] in nodejs/undici#5083

fix(client-h2): stop double-decrementing kOpenStreams on stream timeout by @SAY-5 in nodejs/undici#5076

fix(http2): reject upgrade streams closed before response headers by @trivikr in nodejs/undici#5069

fix(http2): allow GET and HEAD request bodies over h2 by @trivikr in nodejs/undici#5058

fix(cache): include query in cache key when opts.path is undefined by @maruthang in nodejs/undici#5081

fix: avoid premature cleanup of dispatcher in Agent by @bienzaaron in nodejs/undici#5034

fix(http2): record ping failures on the socket by @trivikr in nodejs/undici#5075

add undici security policy by @mcollina in nodejs/undici#5056

fix(mock): make filterCalls AND operator actually intersect results by @deepview-autofix in nodejs/undici#5045

fix(socks5): enforce authenticated state before CONNECT by @trivikr in nodejs/undici#5097

fix(cache): skip expired sqlite vary entries during lookup by @trivikr in nodejs/undici#5095

fix: enforce maxCachedSessions in TLS session cache by @trivikr in nodejs/undici#5102

fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly by @trivikr in nodejs/undici#5099

fix: handle invalid HTTP/2 connection headers (#4356) by @mcollina in nodejs/undici#5101

fix(interceptor): add throwOnMaxRedirect to types and interceptor opts by @maruthang in nodejs/undici#5066

fix(websocket): avoid double-closing canceled stream readers by @colinaaa in nodejs/undici#5105

fix(cache): persist vary when updating sqlite cache entries by @trivikr in nodejs/undici#5109

refactor(h1): track HEAD keep-alive override as boolean by @trivikr in nodejs/undici#5110

client: cache llhttp wasm buffer view by @trivikr in nodejs/undici#5115

deps: update llhttp to 9.3.1 by @mcollina in nodejs/undici#5113

fix(http2): preserve accepted streams after GOAWAY by @trivikr in nodejs/undici#5090

fix: reuse parser WeakRef for timeout callbacks by @trivikr in nodejs/undici#5125

fix: stop buffering data after SOCKS5 connect by @trivikr in nodejs/undici#5118

perf(http2): avoid response header reserialization by @trivikr in nodejs/undici#5085

fix(cache): enforce sqlite maxCount after insert by @trivikr in nodejs/undici#5112

perf: reduce EventSourceStream parser allocations by @trivikr in nodejs/undici#5032

types(dispatcher): use OutgoingHttpHeaders for request headers by @maruthang in nodejs/undici#5067

cleanup: delete redundant .gitkeep file by @shivarm in nodejs/undici#5133

fix(http2): respect peer max concurrent streams by @trivikr in nodejs/undici#5135

... (truncated)

Commits

bf684f7 Bumped v8.2.0 (#5152)
0ca054a fix: replace stale pool clients under connection limit (#5145)
7af90e9 perf: avoid redundant scans in BalancedPool dispatcher selection (#5146)
abb9d06 fix: validate H2CClient maxConcurrentStreams option (#5143)
72a7591 perf(http2): avoid cloning headers when removing status (#5127)
96fd5e9 fix(cache): allow streamed entries at maxEntrySize limit (#5129)
f41e53f perf: use byteLength property for binary body chunks (#5126)
bec4961 chore(deps): add lockfile (#5139)
86f1242 perf(http2): reduce writeH2 per-request callback allocations (#5138)
cad3f70 perf(client): parse h1 content-length statelessly (#5124)
Additional commits viewable in compare view

Updates @babel/compat-data from 7.29.0 to 7.29.3

Release notes

Sourced from @babel/compat-data's releases.

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

#17818 Load async Wasm and JSON imports in parallel (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.29.2 (2026-03-16)

👓 Spec Compliance

babel-parser

#17840 [7.x backport] async x => {} must be in leading pos (@JLHwung)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3

#17805 [7.x backport] fix: Properly handle await in finally (@liuxingbaoyu)

babel-preset-env

#17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@JLHwung)

🏠 Internal

#17813 chore: update eslint peer deps (@JLHwung)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

... (truncated)

Commits

183db7b v7.29.3
268f246 Add bugfix plugin for Safari array rest destructuring bug (#17788)
f8524d8 Update compat data (#17686)
See full diff in compare view

Updates @babel/parser from 7.29.2 to 7.29.3

Release notes

Sourced from @babel/parser's releases.

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

#17818 Load async Wasm and JSON imports in parallel (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

Commits

183db7b v7.29.3
9bc522a Support flow extends bound (#17923)
69277a0 Improve trailing comma comment handling (#17782)
See full diff in compare view

Updates @istanbuljs/schema from 0.1.3 to 0.1.6

Release notes

Sourced from @istanbuljs/schema's releases.

v0.1.6

0.1.6 (2026-04-13)

Bug Fixes

Undo change to schema in 0.1.x series (440f977)

v0.1.5

0.1.5 (2026-04-13)

Bug Fixes

Re-add release-please (7c25461)

Changelog

Sourced from @istanbuljs/schema's changelog.

0.1.6 (2026-04-13)

Bug Fixes

Undo change to schema in 0.1.x series (440f977)

0.1.5 (2026-04-13)

Bug Fixes

Re-add release-please (7c25461)

0.1.4 (2026-04-13)

Bug Fixes

Remove development dependencies (a24b4c1)

Commits

f870afe chore(master): release 0.1.6
440f977 fix: Undo change to schema in 0.1.x series
d258e9e chore(master): release 0.1.5
7c25461 fix: Re-add release-please
75b89fd chore: Remove release-please
467c01f chore(master): release 0.1.4
a24b4c1 fix: Remove development dependencies
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @istanbuljs/schema since your current version.

Updates baseline-browser-mapping from 2.10.20 to 2.10.27

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

Remove process.loadEnfFile() from main script by @tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

26e8653 Patch to 2.10.27 because browser or feature data changed
301ef19 Browser or feature data changed
60baaeb Updating static site
c63db83 Patch to 2.10.26 because browser or feature data changed
729e3e1 Browser or feature data changed
387275e Updating static site
bec791f Patch to 2.10.25 because browser or feature data changed
526e426 Browser or feature data changed
85a2a0d Patch to 2.10.24 because browser or feature data changed
7c50e2c Browser or feature data changed
Additional commits viewable in compare view

Updates caniuse-lite from 1.0.30001788 to 1.0.30001791

Commits

abf9bca Update caniuse-db 1.0.30001791
a387dba Update caniuse-db 1.0.30001790
7f81a3c Update lock file
ac1ee53 Move from ESLint & Prettier to oxlint & oxfmt
29a690f Update CI actions
cabad5e Update dependencies
16f140f Update email
See full diff in compare view

Updates electron-to-chromium from 1.5.343 to 1.5.351

Commits

f3e7665 1.5.351
4938def generate new version
d292d13 1.5.350
800f78b generate new version
7fc7dcd 1.5.349
5549446 generate new version
a076eb9 1.5.348
d2d4283 generate new version
e4e74a0 1.5.347
b3e9545 generate new version
Additional commits viewable in compare view

Updates jsonfile from 6.2.0 to 6.2.1

Changelog

Sourced from jsonfile's changelog.

6.2.1 / 2026-04-20

Throw descriptive TypeError when obj is not JSON-serializable (#168)

Commits

97478af 6.2.1
f58238a Throw descriptive TypeError when obj is not JSON-serializable (#168)
See full diff in compare view

Updates node-releases from 2.0.37 to 2.0.38

Commits

31ca1bd 2.0.38
143a29e feat: Nightly Sync
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…h 9 updates Bumps the production group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [undici](https://github.com/nodejs/undici) | `8.0.2` | `8.2.0` | | [@babel/compat-data](https://github.com/babel/babel/tree/HEAD/packages/babel-compat-data) | `7.29.0` | `7.29.3` | | [@babel/parser](https://github.com/babel/babel/tree/HEAD/packages/babel-parser) | `7.29.2` | `7.29.3` | | [@istanbuljs/schema](https://github.com/istanbuljs/schema) | `0.1.3` | `0.1.6` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.20` | `2.10.27` | | [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001788` | `1.0.30001791` | | [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.343` | `1.5.351` | | [jsonfile](https://github.com/jprichardson/node-jsonfile) | `6.2.0` | `6.2.1` | | [node-releases](https://github.com/chicoxyzzy/node-releases) | `2.0.37` | `2.0.38` | Updates `undici` from 8.0.2 to 8.2.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v8.0.2...v8.2.0) Updates `@babel/compat-data` from 7.29.0 to 7.29.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-compat-data) Updates `@babel/parser` from 7.29.2 to 7.29.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.3/packages/babel-parser) Updates `@istanbuljs/schema` from 0.1.3 to 0.1.6 - [Release notes](https://github.com/istanbuljs/schema/releases) - [Changelog](https://github.com/istanbuljs/schema/blob/master/CHANGELOG.md) - [Commits](istanbuljs/schema@v0.1.3...v0.1.6) Updates `baseline-browser-mapping` from 2.10.20 to 2.10.27 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.10.20...v2.10.27) Updates `caniuse-lite` from 1.0.30001788 to 1.0.30001791 - [Commits](browserslist/caniuse-lite@1.0.30001788...1.0.30001791) Updates `electron-to-chromium` from 1.5.343 to 1.5.351 - [Changelog](https://github.com/Kilian/electron-to-chromium/blob/main/CHANGELOG.md) - [Commits](Kilian/electron-to-chromium@v1.5.343...v1.5.351) Updates `jsonfile` from 6.2.0 to 6.2.1 - [Changelog](https://github.com/jprichardson/node-jsonfile/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-jsonfile@6.2.0...6.2.1) Updates `node-releases` from 2.0.37 to 2.0.38 - [Commits](chicoxyzzy/node-releases@v2.0.37...v2.0.38) --- updated-dependencies: - dependency-name: undici dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production - dependency-name: "@babel/compat-data" dependency-version: 7.29.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: "@babel/parser" dependency-version: 7.29.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: "@istanbuljs/schema" dependency-version: 0.1.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: baseline-browser-mapping dependency-version: 2.10.27 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: caniuse-lite dependency-version: 1.0.30001791 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: electron-to-chromium dependency-version: 1.5.351 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: jsonfile dependency-version: 6.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: node-releases dependency-version: 2.0.38 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-05-06T04:26:27Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	undici@8.0.2 ⏵ 8.2.0	⁺¹		⁺¹

View full report

dependabot Bot added the dependencies Pull requests that update a dependency file label May 6, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): (deps): bump the production group across 1 directory with 9 updates#942

chore(deps): (deps): bump the production group across 1 directory with 9 updates#942
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-03334b49ad

dependabot Bot commented on behalf of github May 6, 2026

Uh oh!

socket-security Bot commented May 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 6, 2026

v8.2.0

What's Changed

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏃‍♀️ Performance

Committers: 4

v7.29.2 (2026-03-16)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

Committers: 2

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏃‍♀️ Performance

Committers: 4

v0.1.6

0.1.6 (2026-04-13)

Bug Fixes

v0.1.5

0.1.5 (2026-04-13)

Bug Fixes

0.1.6 (2026-04-13)

Bug Fixes

0.1.5 (2026-04-13)

Bug Fixes

0.1.4 (2026-04-13)

Bug Fixes

v2.9.3 - remove process.loadEnvFile()

What's Changed

Uh oh!

socket-security Bot commented May 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

v2.9.3 - remove `process.loadEnvFile()`