chore(deps): bump semver, @commitlint/cli and @semantic-release/npm by dependabot[bot] · Pull Request #34 · josh-hemphill/vite-plugin-favicon

dependabot · 2026-02-05T06:23:11Z

Bumps semver to 5.7.2 and updates ancestor dependencies semver, @commitlint/cli and @semantic-release/npm. These dependencies need to be updated together.

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates semver from 7.3.5 to 7.7.3

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @commitlint/cli from 12.1.1 to 20.4.1

Release notes

Sourced from @commitlint/cli's releases.

v20.4.1

20.4.1 (2026-02-02)

Reverts

revert: replace all lodash string methods with kasi #4602 by @escapedcat in conventional-changelog/commitlint#4621

Chore

test(parse): add assertion for v6 inline reference behavior by @escapedcat in conventional-changelog/commitlint#4619

Full Changelog: conventional-changelog/commitlint@v20.4.0...v20.4.1

v20.4.0

20.4.0 (2026-01-30)

Features

feat: upgrade conventional commit packages #4082 by @escapedcat in conventional-changelog/commitlint#4597

Refactor

refactor: replace lodash.uniq with simple code by @hyperz111 in conventional-changelog/commitlint#4600

refactor: replace lodash.isplainobject with is-plain-obj" by @hyperz111 in conventional-changelog/commitlint#4601

refactor(ensure): replace all lodash string methods with kasi and manual by @hyperz111 in conventional-changelog/commitlint#4602

refactor: replace lodash.merge with lodash.mergewith by @hyperz111 in conventional-changelog/commitlint#4603

refactor: remove lodash.isfunction dependency by @escapedcat in conventional-changelog/commitlint#4604

refactor: replace find-up with escalade by @hyperz111 in conventional-changelog/commitlint#4605

refactor: replace chalk with picocolors by @escapedcat in conventional-changelog/commitlint#4599

New Contributors

@hyperz111 made their first contribution in conventional-changelog/commitlint#4600

Full Changelog: conventional-changelog/commitlint@v20.3.1...v20.4.0

v20.3.1

20.3.1 (2026-01-08)

Bug Fixes

... (truncated)

Changelog

Sourced from @commitlint/cli's changelog.

20.4.1 (2026-02-02)

Note: Version bump only for package @commitlint/cli

20.4.0 (2026-01-30)

Features

upgrade conventional commit packages #4082 (#4597) (3aaf0a6)

20.3.1 (2026-01-08)

Note: Version bump only for package @commitlint/cli

20.3.0 (2026-01-01)

Note: Version bump only for package @commitlint/cli

20.2.0 (2025-12-05)

Note: Version bump only for package @commitlint/cli

20.1.0 (2025-09-30)

Note: Version bump only for package @commitlint/cli

... (truncated)

Commits

e7ae28d v20.4.1
c68de5e v20.4.0
3aaf0a6 feat: upgrade conventional commit packages #4082 (#4597)
1828d6e refactor: replace lodash.merge with lodash.mergewith (#4603)
be3a280 v20.3.1
1c5734d v20.3.0
ddad9b4 v20.2.0
a8e86d2 v20.1.0
407be6c v20.0.0
3c30200 v19.8.1
Additional commits viewable in compare view

Updates @semantic-release/npm from 7.1.3 to 13.1.3

Release notes

Sourced from @semantic-release/npm's releases.

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

deps: update dependency @actions/core to v2 (#1055) (fa4a3ab)

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

deps: update dependency read-pkg to v10 (#1032) (f3f1a00)

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958

trusted-publishing: refine the messages for related errors (316ce21), closes #958

trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958

trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958

trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958

trusted-publishing: handle failure to retrieve id-token in the context of github actions (b673257), closes #958

auth-error: update messaging for auth failure to be less token specific (e24967d)

auth: attempt a dry-run publish to determine auth status (841dc67)

Bug Fixes

trusted-publishing: uri encode the package name for the token exchange request (3dd95d0), closes #958

auth: throw appropriate error when auth context fails to enable publishing (f5c8d85)

auth: throw error if dry-run publish determines lack of auth (8f88e9d)

verify-auth: enable the publish dry-run to work for projects publishing from a sub-directory (e7d684c)

v13.1.0-beta.3

13.1.0-beta.3 (2025-10-18)

Features

... (truncated)

Commits

fa4a3ab fix(deps): update dependency @actions/core to v2 (#1055)
b1d3557 chore(deps): lock file maintenance (#1053)
9a08900 chore(deps): update dependency prettier to v3.7.4 (#1052)
f2dcce8 ci(action): update actions/setup-node action to v6.1.0 (#1050)
afab89c chore(deps): update dependency prettier to v3.7.3 (#1048)
ab3cc83 ci(action): update actions/checkout action to v6.0.1 (#1049)
42f1b8f chore(deps): update dependency prettier to v3.7.2 (#1047)
f7c7de5 chore(deps): lock file maintenance (#1046)
d27a09f chore(deps): update dependency prettier to v3.7.1 (#1045)
0927a79 chore(deps): update dependency prettier to v3.7.0 (#1044)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @semantic-release/npm since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [semver](https://github.com/npm/node-semver) to 5.7.2 and updates ancestor dependencies [semver](https://github.com/npm/node-semver), [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) and [@semantic-release/npm](https://github.com/semantic-release/npm). These dependencies need to be updated together. Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `semver` from 7.3.5 to 7.7.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `semver` from 6.3.0 to 6.3.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `@commitlint/cli` from 12.1.1 to 20.4.1 - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.4.1/@commitlint/cli) Updates `@semantic-release/npm` from 7.1.3 to 13.1.3 - [Release notes](https://github.com/semantic-release/npm/releases) - [Commits](semantic-release/npm@v7.1.3...v13.1.3) --- updated-dependencies: - dependency-name: semver dependency-version: 5.7.2 dependency-type: indirect - dependency-name: semver dependency-version: 7.7.3 dependency-type: indirect - dependency-name: semver dependency-version: 6.3.1 dependency-type: indirect - dependency-name: "@commitlint/cli" dependency-version: 20.4.1 dependency-type: direct:development - dependency-name: "@semantic-release/npm" dependency-version: 13.1.3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump semver, @commitlint/cli and @semantic-release/npm#34

chore(deps): bump semver, @commitlint/cli and @semantic-release/npm#34
dependabot[bot] wants to merge 1 commit intolatestfrom
dependabot/npm_and_yarn/multi-0e9f121104

dependabot bot commented on behalf of github Feb 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 5, 2026

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v20.4.1

20.4.1 (2026-02-02)

Reverts

Chore

v20.4.0

20.4.0 (2026-01-30)

Features

Refactor

New Contributors

v20.3.1

20.3.1 (2026-01-08)

Bug Fixes

20.4.1 (2026-02-02)

20.4.0 (2026-01-30)

Features

20.3.1 (2026-01-08)

20.3.0 (2026-01-01)

20.2.0 (2025-12-05)

20.1.0 (2025-09-30)

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

v13.1.0

13.1.0 (2025-10-19)

Features

Bug Fixes

v13.1.0-beta.3

13.1.0-beta.3 (2025-10-18)

Features

Uh oh!

Reviewers

Assignees

Labels