Skip to content

chore(deps): bump simple-git from 3.35.2 to 3.36.0#957

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/simple-git-3.36.0
Open

chore(deps): bump simple-git from 3.35.2 to 3.36.0#957
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/simple-git-3.36.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026
edited
Loading

Bumps simple-git from 3.35.2 to 3.36.0.

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3
Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3
Commits

@dependabot dependabot Bot added auto Opened by an automated process dependencies Pull request that updates a dependency file javascript Pull requests that update JavaScript code labels Apr 13, 2026
@dependabot dependabot Bot requested a review from devpow112 as a code owner April 13, 2026 08:07
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/simple-git-3.36.0 branch 4 times, most recently from 1e5728f to 2b0be6c Compare May 3, 2026 00:19
@dependabot
chore(deps): bump simple-git from 3.35.2 to 3.36.0
33755f4 
Bumps [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) from 3.35.2 to 3.36.0.
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git)

---
updated-dependencies:
- dependency-name: simple-git
  dependency-version: 3.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/simple-git-3.36.0 branch from 2b0be6c to 33755f4 Compare May 3, 2026 00:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devpow112 devpow112 Awaiting requested review from devpow112 devpow112 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

auto Opened by an automated process dependencies Pull request that updates a dependency file javascript Pull requests that update JavaScript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants