Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates#7

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/npm_and_yarn-fd93d44e27
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates#7
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/npm_and_yarn-fd93d44e27

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 2 updates in the / directory: defu and effect.

Updates defu from 6.1.4 to 6.1.6

Release notes

Sourced from defu's releases.

v6.1.6

compare changes

📦 Build

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

✅ Tests

  • Add more tests for plain objects (b65f603)

❤️ Contributors

Changelog

Sourced from defu's changelog.

v6.1.6

compare changes

📦 Build

❤️ Contributors

v6.1.5

compare changes

🩹 Fixes

  • Prevent prototype pollution via __proto__ in defaults (#156)
  • Ignore inherited enumerable properties (11ba022)

🏡 Chore

✅ Tests

  • Add more tests for plain objects (b65f603)

🤖 CI

❤️ Contributors

Commits
  • 001c290 chore(release): v6.1.6
  • 407b516 build: fix mixed types
  • 23e59e6 chore(release): v6.1.5
  • 11ba022 fix: ignore inherited enumerable properties
  • 3942bfb fix: prevent prototype pollution via __proto__ in defaults (#156)
  • d3ef16d chore(deps): update actions/checkout action to v6 (#151)
  • 869a053 chore(deps): update actions/setup-node action to v6 (#149)
  • a97310c chore(deps): update codecov/codecov-action action to v6 (#154)
  • 89df6bb chore: fix typecheck
  • 9237d9c ci: bump node
  • Additional commits viewable in compare view

Updates effect from 3.18.4 to 3.21.0

Release notes

Sourced from effect's releases.

effect@3.21.0

Minor Changes

  • #5780 f7bb09b Thanks @​kitlangton! - Add Cron.prev and reverse iteration support, aligning next/prev lookup tables, fixing DST handling symmetry, and expanding cron backward/forward test coverage.

  • #5780 bd7552a Thanks @​mattiamanzati! - Add type-level utils to asserting layer types

  • #5780 ad1a7eb Thanks @​schickling! - RcMap: support dynamic idleTimeToLive values per key

    The idleTimeToLive option can now be a function that receives the key and returns a duration, allowing different TTL values for different resources.

    const map =
      yield *
      RcMap.make({
        lookup: (key: string) => acquireResource(key),
        idleTimeToLive: (key: string) => {
          if (key.startsWith("premium:")) return Duration.minutes(10)
          return Duration.minutes(1)
        }
      })
  • #5780 0d32048 Thanks @​mikearnaldi! - Fix annotateCurrentSpan, add Effect.currentPropagatedSpan

Patch Changes

  • #5780 0d32048 Thanks @​mikearnaldi! - Add logs to first propagated span, in the following case before this fix the log would not be added to the p span because Effect.fn adds a fake span for the purpose of adding a stack frame.

    import { Effect } from "effect"
    const f = Effect.fn(function* () {
    yield* Effect.logWarning("FooBar")
    return yield* Effect.fail("Oops")
    })
    const p = f().pipe(Effect.withSpan("p"))

effect@3.20.1

Patch Changes

  • #6133 add06f4 Thanks @​aniravi24! - Fix Equal.equals crash when comparing null values inside structuralRegion. Added null guard before Object.getPrototypeOf calls to prevent TypeError: Cannot convert undefined or null to object.

  • #6093 a03b6a2 Thanks @​luchersou! - avoid class for PrettyError to preserve error.name

effect@3.20.0

Minor Changes

... (truncated)

Changelog

Sourced from effect's changelog.

3.21.0

Minor Changes

  • #5780 f7bb09b Thanks @​kitlangton! - Add Cron.prev and reverse iteration support, aligning next/prev lookup tables, fixing DST handling symmetry, and expanding cron backward/forward test coverage.

  • #5780 bd7552a Thanks @​mattiamanzati! - Add type-level utils to asserting layer types

  • #5780 ad1a7eb Thanks @​schickling! - RcMap: support dynamic idleTimeToLive values per key

    The idleTimeToLive option can now be a function that receives the key and returns a duration, allowing different TTL values for different resources.

    const map =
      yield *
      RcMap.make({
        lookup: (key: string) => acquireResource(key),
        idleTimeToLive: (key: string) => {
          if (key.startsWith("premium:")) return Duration.minutes(10)
          return Duration.minutes(1)
        }
      })
  • #5780 0d32048 Thanks @​mikearnaldi! - Fix annotateCurrentSpan, add Effect.currentPropagatedSpan

Patch Changes

  • #5780 0d32048 Thanks @​mikearnaldi! - Add logs to first propagated span, in the following case before this fix the log would not be added to the p span because Effect.fn adds a fake span for the purpose of adding a stack frame.

    import { Effect } from "effect"
    const f = Effect.fn(function* () {
    yield* Effect.logWarning("FooBar")
    return yield* Effect.fail("Oops")
    })
    const p = f().pipe(Effect.withSpan("p"))

3.20.1

Patch Changes

  • #6133 add06f4 Thanks @​aniravi24! - Fix Equal.equals crash when comparing null values inside structuralRegion. Added null guard before Object.getPrototypeOf calls to prevent TypeError: Cannot convert undefined or null to object.

  • #6093 a03b6a2 Thanks @​luchersou! - avoid class for PrettyError to preserve error.name

3.20.0

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for effect since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates

Bumps the npm_and_yarn group with 2 updates in the / directory: [defu](https://github.com/unjs/defu) and [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect).


Updates `defu` from 6.1.4 to 6.1.6
- [Release notes](https://github.com/unjs/defu/releases)
- [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md)
- [Commits](unjs/defu@v6.1.4...v6.1.6)

Updates `effect` from 3.18.4 to 3.21.0
- [Release notes](https://github.com/Effect-TS/effect/releases)
- [Changelog](https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md)
- [Commits](https://github.com/Effect-TS/effect/commits/effect@3.21.0/packages/effect)

---
updated-dependencies:
- dependency-name: defu
  dependency-version: 6.1.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: effect
  dependency-version: 3.21.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants