Bump diff and truffle

[dependabot]

Bumps diff to 3.5.1 and updates ancestor dependency truffle. These dependencies need to be updated together.

Updates diff from 3.5.0 to 3.5.1

Changelog

Sourced from diff's changelog.

v3.5.1 - January 2026

Only change from 3.5.0 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

Commits

• e8bb422 v3.5.1
• 2f5bf5e Backport kpdecker/jsdiff#649
• c9f00db Backport kpdecker/jsdiff#647
• See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates truffle from 5.0.5 to 5.11.5

Release notes

Sourced from truffle's releases.

v5.11.5 — Dessertressed

Hello all! Tiny release this week, just internal improvements and dependency updates. Thanks once again to @​legobeat for getting all of these! That's it for now!

How to upgrade

We recommend upgrading to the latest version of Truffle by running:

npm uninstall -g truffle
npm install -g truffle

Changelog

Internal improvements

• Enforce deduped lockfile when linting dependencies (#6193 by @​legobeat)

Dependency updates

• Deduplicate all dependencies and devDependencies (#6194 by @​legobeat)
• Dedupe and lockbump ethers, ethereumjs, web3 (#6192 by @​legobeat)
• Dedupe runtime libraries (#6191 by @​legobeat)
• Dedupe devDependencies and library packages (#6188 by @​legobeat)

v5.11.4 — Malted milk powder

Hello all! Not much this week, primarily just a bunch of internal improvements and dependency updates. 🏗️ Thanks to @​legobeat for getting a bunch of these! 🧱🥁 We've also updated the list of Sourcify networks, even though the fetcher no longer actually checks it.

That's it for now! 👋

How to upgrade

We recommend upgrading to the latest version of Truffle by running:

npm uninstall -g truffle
npm install -g truffle

Changelog

Enhancements

• Add new sourcify networks; fix problem with beam testnet (#6182 by @​haltman-at)

Internal improvements

• Remove gitHead field that snuck its way in (#6187 by @​haltman-at)
• Indicate Node.js supported versions (#6180 by @​legobeat)
• Pin nodejs 20 to 20.5 due to regression in 20.6 (#6186 by @​legobeat)

... (truncated)

Commits

• a26df1f Publish
• 9b23a59 devDeps: webpack@^5.73.0->^5.88.2
• 033fc64 Publish
• 4c80841 Merge pull request #6180 from legobeat/node-version
• 005ebb9 deps: semver@7.5.2->7.5.4
• 56cab73 chore: set engines.node in package manifests
• 3fa384f Publish
• 878725a Turn off mysteriously failing test (sorry)
• c519492 Update Ganache to 7.9.1
• a9ca7ea Publish
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by haltman, a new releaser for truffle since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.