Skip to content

Bump the production-dependencies group across 1 directory with 2 updates#682

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-f917060f67
Open

Bump the production-dependencies group across 1 directory with 2 updates#682
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-f917060f67

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 2 updates in the / directory: human-id and semver.

Updates human-id from 4.1.3 to 4.2.0

Commits

Updates semver from 7.8.1 to 7.8.5

Release notes

Sourced from semver's releases.

v7.8.5

7.8.5 (2026-06-19)

Bug Fixes

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

Chores

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

Changelog

Sourced from semver's changelog.

7.8.5 (2026-06-19)

Bug Fixes

7.8.4 (2026-06-09)

Bug Fixes

7.8.3 (2026-06-08)

Bug Fixes

Chores

7.8.2 (2026-06-04)

Bug Fixes

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@changeset-bot

changeset-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 848650c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@socket-security

socket-security Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedsemver@​7.8.510010010094100

View full report

Bumps the production-dependencies group with 2 updates in the / directory: [human-id](https://github.com/RienNeVaPlus/human-id) and [semver](https://github.com/npm/node-semver).


Updates `human-id` from 4.1.3 to 4.2.0
- [Commits](https://github.com/RienNeVaPlus/human-id/commits)

Updates `semver` from 7.8.1 to 7.8.5
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.8.1...v7.8.5)

---
updated-dependencies:
- dependency-name: human-id
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: semver
  dependency-version: 7.8.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the production-dependencies group with 2 updates Bump the production-dependencies group across 1 directory with 2 updates Jul 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-f917060f67 branch from d318554 to 848650c Compare July 1, 2026 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants