chore(deps): (deps): bump the production group with 7 updates by dependabot[bot] · Pull Request #920 · tidev/titanium-cli

dependabot · 2026-03-18T02:42:41Z

Bumps the production group with 7 updates:

Package	From	To
undici	`7.24.0`	`7.24.4`
@babel/helpers	`7.28.6`	`7.29.2`
@babel/parser	`7.29.0`	`7.29.2`
baseline-browser-mapping	`2.10.0`	`2.10.8`
caniuse-lite	`1.0.30001777`	`1.0.30001780`
electron-to-chromium	`1.5.307`	`1.5.313`
tinyrainbow	`3.0.3`	`3.1.0`

Updates undici from 7.24.0 to 7.24.4

Release notes

Sourced from undici's releases.

v7.24.4

What's Changed

fix(fetch): handle URL credentials in dispatch path extraction by @mcollina in nodejs/undici#4892

Full Changelog: nodejs/undici@v7.24.3...v7.24.4

v7.24.3

What's Changed

fix(h2): TypeError: Cannot read properties of null (reading 'push') i… by @hxinhan in nodejs/undici#4881

Full Changelog: nodejs/undici@v7.24.2...v7.24.3

v7.24.2

What's Changed

fix fetch path logic by @KhafraDev in nodejs/undici#4890

remove maxDecompressedMessageSize by @KhafraDev in nodejs/undici#4891

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

What's Changed

fix: proto pollution by @rahulyadav5524 in nodejs/undici#4885

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

Commits

4991f3e Bumped v7.24.4
ea3a06d fix(fetch): preserve path for credentialed URLs (#4892)
9b96516 Bumped v7.24.3
7926660 Ignore .githuman
9eaa5af fix(h2): TypeError: Cannot read properties of null (reading 'push') in Reques...
a9bfe21 ignore .pi
f2e155b Bumped v7.24.2
4d2d1af remove maxDecompressedMessageSize (#4891)
3a05a4f fix fetch path logic (#4890)
23e3cd3 Bumped v7.24.1
Additional commits viewable in compare view

Updates @babel/helpers from 7.28.6 to 7.29.2

Release notes

Sourced from @babel/helpers's releases.

v7.29.1 (2026-02-04)

🐛 Bug Fix

babel-standalone

#17771 [7.x backport] fix: ensure targets.esmodules is validated (@JLHwung)

babel-generator

#17776 [7.x backport] Fix undefined when 64 indents (@liuxingbaoyu)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

babel-generator, babel-runtime-corejs3

#17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

David (@simbahax)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

@magic-akari

Commits

37d5595 v7.29.2
1c0a08d [7.x backport] fix: Properly handle await in finally (#17805)
See full diff in compare view

Updates @babel/parser from 7.29.0 to 7.29.2

Release notes

Sourced from @babel/parser's releases.

v7.29.1 (2026-02-04)

🐛 Bug Fix

babel-standalone

#17771 [7.x backport] fix: ensure targets.esmodules is validated (@JLHwung)

babel-generator

#17776 [7.x backport] Fix undefined when 64 indents (@liuxingbaoyu)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

Commits

37d5595 v7.29.2
f030ad3 [7.x backport] async x => {} must be in leading pos (#17840)
See full diff in compare view

Updates baseline-browser-mapping from 2.10.0 to 2.10.8

Commits

149470b Patch to 2.10.8 because browser or feature data changed
d86cb0f Browser or feature data changed
cb066dc Patch to 2.10.7 because browser or feature data changed
223e7fa Browser or feature data changed
fde52ae Bump serialize-javascript and @rollup/plugin-terser (#126)
4b24a6b Bump minimatch (#125)
d48b116 Bump rollup from 4.44.0 to 4.59.0 (#124)
c83ecbd Fixes broken publish workflow
7be3fdd Updating static site
591c802 Patch to 2.10.6 because browser or feature data changed
Additional commits viewable in compare view

Updates caniuse-lite from 1.0.30001777 to 1.0.30001780

Commits

da39da8 Update caniuse-db 1.0.30001780
984281a Update caniuse-db 1.0.30001779
1386a01 Update caniuse-db 1.0.30001778
See full diff in compare view

Updates electron-to-chromium from 1.5.307 to 1.5.313

Commits

f0559ef 1.5.313
edb1fec generate new version
6a5f05f 1.5.312
a9ac3a8 generate new version
9de4d51 1.5.311
3291f58 generate new version
4a821c3 1.5.310
cc43d95 generate new version
82dddff 1.5.309
7e55e43 generate new version
Additional commits viewable in compare view

Updates tinyrainbow from 3.0.3 to 3.1.0

Release notes

Sourced from tinyrainbow's releases.

v3.1.0

🚀 Features

Expose disableDefaultColors and enabledDefaultColors - by @sheremet-va (ebdf5)

View changes on GitHub

Commits

d76e009 chore: release v3.1.0
ebdf5f7 feat: expose disableDefaultColors and enabledDefaultColors
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the production group with 7 updates: | Package | From | To | | --- | --- | --- | | [undici](https://github.com/nodejs/undici) | `7.24.0` | `7.24.4` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.28.6` | `7.29.2` | | [@babel/parser](https://github.com/babel/babel/tree/HEAD/packages/babel-parser) | `7.29.0` | `7.29.2` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.0` | `2.10.8` | | [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001777` | `1.0.30001780` | | [electron-to-chromium](https://github.com/kilian/electron-to-chromium) | `1.5.307` | `1.5.313` | | [tinyrainbow](https://github.com/tinylibs/tinyrainbow) | `3.0.3` | `3.1.0` | Updates `undici` from 7.24.0 to 7.24.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.24.0...v7.24.4) Updates `@babel/helpers` from 7.28.6 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-helpers) Updates `@babel/parser` from 7.29.0 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-parser) Updates `baseline-browser-mapping` from 2.10.0 to 2.10.8 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.10.0...v2.10.8) Updates `caniuse-lite` from 1.0.30001777 to 1.0.30001780 - [Commits](browserslist/caniuse-lite@1.0.30001777...1.0.30001780) Updates `electron-to-chromium` from 1.5.307 to 1.5.313 - [Changelog](https://github.com/Kilian/electron-to-chromium/blob/master/CHANGELOG.md) - [Commits](Kilian/electron-to-chromium@v1.5.307...v1.5.313) Updates `tinyrainbow` from 3.0.3 to 3.1.0 - [Release notes](https://github.com/tinylibs/tinyrainbow/releases) - [Commits](tinylibs/tinyrainbow@v3.0.3...v3.1.0) --- updated-dependencies: - dependency-name: undici dependency-version: 7.24.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production - dependency-name: "@babel/helpers" dependency-version: 7.29.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production - dependency-name: "@babel/parser" dependency-version: 7.29.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: baseline-browser-mapping dependency-version: 2.10.8 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: caniuse-lite dependency-version: 1.0.30001780 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: electron-to-chromium dependency-version: 1.5.313 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production - dependency-name: tinyrainbow dependency-version: 3.1.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-03-18T02:43:17Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	undici@7.24.0 ⏵ 7.24.4

View full report

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 18, 2026

cb1kenobi merged commit d1c7a70 into main Mar 18, 2026
20 of 21 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/production-4d972193f7 branch March 18, 2026 03:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): (deps): bump the production group with 7 updates#920

chore(deps): (deps): bump the production group with 7 updates#920
cb1kenobi merged 1 commit intomainfrom
dependabot/npm_and_yarn/production-4d972193f7

dependabot bot commented on behalf of github Mar 18, 2026

Uh oh!

socket-security bot commented Mar 18, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 18, 2026

v7.24.4

What's Changed

v7.24.3

What's Changed

v7.24.2

What's Changed

v7.24.1

What's Changed

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

🏃‍♀️ Performance

Committers: 6

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v3.1.0

🚀 Features

View changes on GitHub

Uh oh!

socket-security bot commented Mar 18, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant