Skip to content

Bump lodash, cypress and release-it#362

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-69375ad86c
Open

Bump lodash, cypress and release-it#362
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-69375ad86c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Jan 24, 2026

Bumps lodash to 4.17.23 and updates ancestor dependencies lodash, cypress and release-it. These dependencies need to be updated together.

Updates lodash from 4.17.15 to 4.17.23

Commits

Updates cypress from 4.6.0 to 4.12.1

Commits
  • 2156e3e release 4.12.1 [skip ci]
  • a54d793 chore(deps): update dependency markdown-it to version .x 🌟 (#8183)
  • 640505e chore(deps): update dependency react-inspector to version .x 🌟 (#8182)
  • d3e90d6 fix(deps): update dependency electron-context-menu to version .x 🌟 (#8180)
  • 996fe97 fix(deps): update dependency md5 to version 2.3.0 🌟 (#8161)
  • 3ad06db fix: it.skip no longer causes hooks to be assigned to the wrong test (#8113)
  • 580087d release 4.12.0 [skip ci]
  • 9d19a9f fix: Capture env vars from AWS Code Build (#8159)
  • e0f587e fix: iFrame input focus should not cause blur if input already activeElement ...
  • 19393e0 fix(reporter): minor UI fixes and improvements (#8153)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by chrisbreiding, a new releaser for cypress since your current version.


Updates release-it from 13.6.1 to 19.2.4

Release notes

Sourced from release-it's releases.

Release 19.2.4

  • chore: update dependencies to resolve security vulnerabilities (#1273) (b45dd1aa3749d74ce279600dea242cb3c9dd5e8d) - thanks @​Yeom-JinHo!
  • Update a few dev deps (cd8acdc8fdb50cf60ba45e8bd5128c4669a04f00)

Release 19.2.3

  • Reuse generated changelog (316dbfa458d670fc92d2da7fe7298ad90f44dc68)
  • Remove obsolete eslint compat packages/config (f6cc8f3622995ebe98c43a8a5adb8d62b2de70b8)
  • Update remark-preset-webpro and fix broken links (6e6dd4b893bd53a621ea2bee9ad48d5fa42f6279)

Release 19.2.2

  • Improve getChangelog method (7a56364997d8ca4a640251bc9be37ed7cbf8568c)

Release 19.2.1

  • Improve commit prompt (b7aca7c159b3d34fe45f6fb722bb5f664c4bae9a)
  • Remedy potential edge case in template helper (5c0a6eeeddf7ed1ce0e4cfcffc1c2c72ab63a01b)

Release 19.2.0

  • Add option to exit gracefully (e1f825dce259118401f17c1d9de0002233e21e67)
  • Update dependencies (424c9f6c1d9681f4e4a3a37552dd2a99a750a3d2)
  • Auto-format docs (06f41bbb4b0cbb59ef39a6bd426ee9034b6f396e)
  • fix: add shell mode for npm commands on windows (#1266) (382e3464095628c23ef9c85c363933f3bf1db09e) - thanks @​julienbenac!
  • Feat: Add publishPackageManager config option in NPM plugin to allow using different package manager for publishing (e.g. Bun) (#1169) (0dafc0b72159931f088e7232da6c34f0f1e8b06f) - thanks @​chrispader!
  • Only use --workspaces=false with npm (12bb89ccaacdc2cbc0ba231f93d7bd389241d6a4)
  • Fix up docs/types a bit (05a59863648a0b4ce9186b65cd21225a8421e181)
  • Format (c9d6ebf0415d264e42945f967baae845401d016b)

Release 19.1.0

  • Ignore .npmrc (8ccd060)
  • Update lockfile (c4cd2ba)
  • Support interactive shell in non-CI mode for 2FA flow (resolve #1263) (a10b20d)
  • Add --workspaces=false to get rid of the null/matches error (14a4907)
  • Remove npm config env var warnings (b8c1247)
  • doc(readme): add release-it-beautiful-changelog plugin to list of plugins (#1261) (1b68c21)
  • Add 403 to consider resource alive (7969849)

Release 19.0.6

  • Update list of projects using release-it (92b49d367d28f0eef8cebb7d29059ab54259edff)
  • Bump github/codeql-action from 2 to 4 (#1253) (21309d3dfcc29d6f87061f345610566070e092a8) - thanks @​dependabot[bot]!
  • Bump actions/setup-node from 5 to 6 (#1255) (3fbaab14e2e3240a6b442b84be6019c57685c30e) - thanks @​dependabot[bot]!
  • Test in node 24 (7a12b12a8f75006c72854b0a0934faf5a320067f)
  • Upgrade c12 (resolve #1254) (1f48d03ddfe5d0dff66e2b2211db688c01e5fff4)

Release 19.0.5

  • Add link to release-it-gitea plugin (bf6f1fbb77797ece76c24b47bb1bcd89a9dbd18b)
  • Bump actions/checkout from 4 to 5 (#1243) (e42e7dce72b1469ac1944a6d9eb6b6a8d987a919) - thanks @​dependabot[bot]!
  • Add OIDC publishing docs (#1245) (9933c0d3a3ea7a06513b01863098445552942fce) - thanks @​mceachen!
  • Bump actions/setup-node from 4 to 5 (#1247) (7d9b77fa7ea8f4772257d675036f691982317c08) - thanks @​dependabot[bot]!
  • Auto-format (96181f33ec493a239b32667bfc30f4c8841488f9)
  • Update dependencies (0b907d1cf621572b06663c5acfe989c422d0bf09)
  • Remove redundant knip entry (ca2f7b516585e115e0fbce7c96d0dbc219d2e665)

... (truncated)

Changelog

Sourced from release-it's changelog.

Changelog

This document lists breaking changes for each major release.

See the GitHub Releases page for detailed changelogs: https://github.com/release-it/release-it/releases

v19 (2025-04-18)

  • No breaking changes (dependency party)

v18 (2025-01-06)

  • Removed support for Node.js v18.

v17 (2023-11-11)

  • Removed support for Node.js v16.

v16 (2023-07-05)

  • Removed support for Node.js v14.

v15 (2022-04-30)

  • Removed support for Node.js v10 and v12.
  • Removed support for GitLab v12.4 and lower.
  • Removed anonymous metrics (and the option to disable it).
  • Programmatic usage and plugins only through ES Module syntax (import)

Use release-it v14 in legacy environments.

v14 (2020-09-03)

  • Removed global property from plugins. Use this.config[key] instead.
  • Removed deprecated npm.access option. Set this in package.json instead.

v13 (2020-03-07)

  • Dropped support for Node v8
  • Dropped support for GitLab v11.6 and lower.
  • Deprecated scripts are removed (in favor of hooks).
  • Removed deprecated --non-interactive (-n) argument. Use --ci instead.
  • Removed old %s and [REV_RANGE] syntax in command substitutions. Use ${version} and ${latestTag} instead.

v12 (2019-05-03)

  • The --follow-tags argument for git push has been moved to the default configuration. This is only a breaking change if git.pushArgs was not empty (it was empty by default).

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump lodash, cypress and release-it
331749f 
Bumps [lodash](https://github.com/lodash/lodash) to 4.17.23 and updates ancestor dependencies [lodash](https://github.com/lodash/lodash), [cypress](https://github.com/cypress-io/cypress) and [release-it](https://github.com/release-it/release-it). These dependencies need to be updated together.


Updates `lodash` from 4.17.15 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.23)

Updates `cypress` from 4.6.0 to 4.12.1
- [Release notes](https://github.com/cypress-io/cypress/releases)
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)
- [Commits](cypress-io/cypress@v4.6.0...v4.12.1)

Updates `release-it` from 13.6.1 to 19.2.4
- [Release notes](https://github.com/release-it/release-it/releases)
- [Changelog](https://github.com/release-it/release-it/blob/main/CHANGELOG.md)
- [Commits](release-it/release-it@13.6.1...19.2.4)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
- dependency-name: cypress
  dependency-version: 4.12.1
  dependency-type: direct:development
- dependency-name: release-it
  dependency-version: 19.2.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 24, 2026
@dependabot dependabot bot mentioned this pull request Jan 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants