Skip to content

chore(deps): bump the npm group across 1 directory with 5 updates#1445

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-0472a9e1b9
Open

chore(deps): bump the npm group across 1 directory with 5 updates#1445
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-0472a9e1b9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the npm group with 4 updates in the / directory: @pulumi/pulumi, @types/node, eslint-plugin-import-x and globals.

Updates @pulumi/pulumi from 3.206.0 to 3.248.0

Release notes

Sourced from @​pulumi/pulumi's releases.

v3.248.0

3.248.0 (2026-06-24)

Bug Fixes

  • [cli] Fix a panic in pulumi package get-schema when binding a schema that references an uninstalled plugin #23647

Improvements

  • [cli] Add options to pulumi stack get for parity with bare pulumi stack #23623
  • [cli] Add --output flag to about and whoami commands #23651

Features

  • [engine] Add support for 'snippets', blocks of PCL kept in state to track ad-hoc resources #23286
  • [engine] Send the address of a schema loader service to resource providers as part of the provider handshake #23645
  • [engine] Send the address of a package resolver service to resource providers as part of the provider handshake #23654

Bug Fixes

  • [programgen] Guard references to conditionally-created (boolean range) resources in generated Python and NodeJS programs so they type-check #23634
  • [programgen] Generate map range resource collections as key-indexed maps in Python and NodeJS so they can be indexed by key #23639

Features

  • [sdk/nodejs] Add Output.recover to catch and recover from exceptions in outputs #23642

Bug Fixes

  • [sdkgen] Fix extra trailing new lines in comments #23619

Improvements

  • [sdkgen] Require callers to pass an explicit schema loader when binding PCL programs and package schemas #23672

v3.247.0

3.247.0 (2026-06-18)

Features

  • [cli/config] Add --raw flag to pulumi config set to avoid stripping newlines when input is piped through stdin #23593
  • [cli/do] Add --provider flag to pull provider config to use from existing provider state #23560
  • [cli/engine] Resource providers now receive the active login's API address and access token through PULUMI_API and PULUMI_ACCESS_TOKEN #23589
  • [cli/neo] Add a --disable-integrations flag to pulumi neo that runs the task with no integration credentials #23531
  • [engine] Send the address of a mapper service to resource providers as part of the provider handshake
  • [programgen/go] Support functions with multiArgumentInputs #23554
  • [programgen/python] Support functions with multiArgumentInputs #23574
  • [sdk/nodejs] Registered resources can now be retrieved from the mock monitor for test assertions #20539
  • [sdk/python] Add Output.recover to catch and recover from exceptions in outputs #23591
  • [sdkgen] Adds support for language agnostic cross references in schemas. Use the form {{% ref <target> %}} to reference other schema components in markdown descriptions. Such as `{{% ref #21369

... (truncated)

Changelog

Sourced from @​pulumi/pulumi's changelog.

3.248.0 (2026-06-24)

Bug Fixes

  • [cli] Fix a panic in pulumi package get-schema when binding a schema that references an uninstalled plugin #23647

Improvements

  • [cli] Add options to pulumi stack get for parity with bare pulumi stack #23623
  • [cli] Add --output flag to about and whoami commands #23651

Features

  • [engine] Add support for 'snippets', blocks of PCL kept in state to track ad-hoc resources #23286
  • [engine] Send the address of a schema loader service to resource providers as part of the provider handshake #23645
  • [engine] Send the address of a package resolver service to resource providers as part of the provider handshake #23654

Bug Fixes

  • [programgen] Guard references to conditionally-created (boolean range) resources in generated Python and NodeJS programs so they type-check #23634
  • [programgen] Generate map range resource collections as key-indexed maps in Python and NodeJS so they can be indexed by key #23639

Features

  • [sdk/nodejs] Add Output.recover to catch and recover from exceptions in outputs #23642

Bug Fixes

  • [sdkgen] Fix extra trailing new lines in comments #23619

Improvements

  • [sdkgen] Require callers to pass an explicit schema loader when binding PCL programs and package schemas #23672

3.247.0 (2026-06-18)

Bug Fixes

  • [cli] Ensure pulumi logout clears the current tokenless backend in coding agent environments #23540
  • [cli] Read Git metadata correctly in repositories that enable the worktreeConfig extension, such as those hosted on Azure DevOps #23535

Improvements

  • [cli] Respect PULUMI_SKIP_CONFIRMATIONS whenever we ask for confirmation #23607
  • [cli] Use list and remove as the canonical names for list/remove commands, with ls and rm as aliases #23608

Features

  • [cli/config] Add --raw flag to pulumi config set to avoid stripping newlines when input is piped through stdin #23593

Bug Fixes

... (truncated)

Commits
  • a88168d [programgen] Generate map ranges as key-indexed collections (Python & NodeJS)...
  • 91f59dd Require an explicit schema loader when binding programs and specs (#23672)
  • 9fd06c1 Send a resolver target to providers during handshake (#23654)
  • e2cca27 [programgen] Guard references to conditionally-created resources (Python & No...
  • 109f27f NodeJS recover method (#23642)
  • facc18e Send a loader target to providers during handshake (#23645)
  • e242ed5 [test] Split l3-range-ref conformance test by range kind (#23632)
  • b3dc1b8 add l2-docs to list of bun tests that are flaky (#23653)
  • 7d8e487 Update dependency js-yaml to v4 [SECURITY] (#23575)
  • 82a10e2 Changelog and go.mod updates for v3.247.0 (#23628)
  • Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates @types/node from 26.0.0 to 26.0.1

Commits

Updates eslint-plugin-import-x from 4.16.2 to 4.17.0

Release notes

Sourced from eslint-plugin-import-x's releases.

v4.17.0

Minor Changes

  • #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

  • #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Changelog

Sourced from eslint-plugin-import-x's changelog.

4.17.0

Minor Changes

  • #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

  • #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Commits
  • 7578513 chore: release eslint-plugin-import-x (#472)
  • e3cc7e4 fix: strip querystrings and hash fragments when checking for file existence (...
  • 9a07009 fix: make extensions rule check Node.js subpath imports (#484)
  • 3e13121 fix: memoize legacyNodeResolve resolver to avoid native memory leak (#481)
  • fce29b1 fix(deps): replace @​package-json/types with an inline minimal type (#476)
  • 1c84235 fix: handle access errors during case checks (#494)
  • 96222bf chore: drop unused tmp (#487)
  • 4b2c0c5 feat: support RegExp in ignore (#474)
  • 240ed58 fix: make extensions rule handle .d.ts correctly (#468)
  • See full diff in compare view

Updates globals from 17.6.0 to 17.7.0

Release notes

Sourced from globals's releases.

v17.7.0

  • Update globals (2026-06-22) (#345) 33b75f9

sindresorhus/globals@v17.6.0...v17.7.0

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
@types/node [>= 16.a, < 17]
@types/node [>= 18.a, < 19]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the npm group across 1 directory with 5 updates
c9eb2f4 
Bumps the npm group with 4 updates in the / directory: [@pulumi/pulumi](https://github.com/pulumi/pulumi/tree/HEAD/sdk/nodejs), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [eslint-plugin-import-x](https://github.com/un-ts/eslint-plugin-import-x) and [globals](https://github.com/sindresorhus/globals).


Updates `@pulumi/pulumi` from 3.206.0 to 3.248.0
- [Release notes](https://github.com/pulumi/pulumi/releases)
- [Changelog](https://github.com/pulumi/pulumi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pulumi/pulumi/commits/v3.248.0/sdk/nodejs)

Updates `js-yaml` from 4.1.0 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.2.0)

Updates `@types/node` from 26.0.0 to 26.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-import-x` from 4.16.2 to 4.17.0
- [Release notes](https://github.com/un-ts/eslint-plugin-import-x/releases)
- [Changelog](https://github.com/un-ts/eslint-plugin-import-x/blob/master/CHANGELOG.md)
- [Commits](un-ts/eslint-plugin-import-x@v4.16.2...v4.17.0)

Updates `globals` from 17.6.0 to 17.7.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.6.0...v17.7.0)

---
updated-dependencies:
- dependency-name: "@pulumi/pulumi"
  dependency-version: 3.248.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@types/node"
  dependency-version: 26.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: eslint-plugin-import-x
  dependency-version: 4.17.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file impact/no-changelog-required This issue doesn't require a CHANGELOG update javascript Dependabot pull requests that update Javascript code labels Jun 25, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 25, 2026 00:34
This was referenced Jun 25, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file impact/no-changelog-required This issue doesn't require a CHANGELOG update javascript Dependabot pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants