Skip to content

chore(deps): bump degit from 2.8.4 to 3.4.7#11

Merged
PrzemekGalarowicz merged 1 commit into
mainfrom
dependabot/npm_and_yarn/degit-3.4.7
Jun 11, 2026
Merged

chore(deps): bump degit from 2.8.4 to 3.4.7#11
PrzemekGalarowicz merged 1 commit into
mainfrom
dependabot/npm_and_yarn/degit-3.4.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps degit from 2.8.4 to 3.4.7.

Changelog

Sourced from degit's changelog.

3.4.7

  • Gate clone error details behind --verbose.

3.4.6

  • Block remove path traversal outside the destination.

3.4.5

  • Stream git ls-remote for SSH ref discovery.

3.4.4

  • Remove the sander dependency in favor of native Node fs helpers.

3.4.3

  • Swap terminal colors to yoctocolors.

3.4.2

  • Fix git-lfs pointer files falling through the tarball path.

3.4.1

  • Fix first-clone hangs during archive downloads.

3.4.0

  • Tarball downloads are now the default, with SSH fallback on failure.
  • Public remotes now prefer HTTPS; explicit SSH sources still use SSH.
  • The JavaScript git backend is bundled for HTTPS ref discovery; SSH/private repos still need system git.
  • The published package no longer includes sourcemaps, so the tarball is smaller.

3.3.2

  • Retry corrupt tarball downloads (#313).

3.3.1

  • Harden git-mode command execution and remote validation.

3.3.0

  • Add platform-aware cache resolution so degit uses the standard user cache location on each supported OS (#45).

3.2.0

  • Split CLI output by severity so info messages go to stdout while warnings and errors stay on stderr (#382).

... (truncated)

Commits
  • ed7ddd2 chore: update version to 3.4.7 and add changelog entry for verbose clone erro...
  • 46f98be feat: gate clone error details behind verbose (#446)
  • 20a0de5 Update SECURITY.md
  • 73f30de ci(e2e): verify latest npm release
  • 789ca0d fix: block remove path traversal outside destination (#445)
  • e7c7c06 fix: stream ls-remote output (#444)
  • 680db62 fix: isolate unit test cache roots (#443)
  • b6e4ad0 refactor: remove sander dependency (#442)
  • a2ec5b5 chore: migrate to yoctocolors (#441)
  • fc4c168 perf: add performance regression gate (#440)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for degit since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

@dependabot @github

dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from PrzemekGalarowicz as a code owner June 11, 2026 20:44
@dependabot
chore(deps): bump degit from 2.8.4 to 3.4.7
8fd5273 
Bumps [degit](https://github.com/Rich-Harris/degit) from 2.8.4 to 3.4.7.
- [Changelog](https://github.com/Rich-Harris/degit/blob/master/docs/CHANGELOG.md)
- [Commits](Rich-Harris/degit@v2.8.4...v3.4.7)

---
updated-dependencies:
- dependency-name: degit
  dependency-version: 3.4.7
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/degit-3.4.7 branch from 0625a37 to 8fd5273 Compare June 11, 2026 21:22
@PrzemekGalarowicz PrzemekGalarowicz merged commit 712a27d into main Jun 11, 2026
2 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/degit-3.4.7 branch June 11, 2026 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PrzemekGalarowicz PrzemekGalarowicz Awaiting requested review from PrzemekGalarowicz PrzemekGalarowicz is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PrzemekGalarowicz