[PR #5] Bump the npm_and_yarn group across 1 directory with 3 updates #5

New issue

Open

opened 2026-02-25 14:21:22 +03:00 by kerem · 0 comments

kerem commented 2026-02-25 14:21:22 +03:00

Owner

Copy link

Original Pull Request: https://github.com/hermesthecat/hermes-pm2-web-ui/pull/5

State: open
Merged: No

---

Bumps the npm_and_yarn group with 3 updates in the / directory: pm2, async and braces.

Updates pm2 from 5.4.3 to 6.0.5

Release notes

Sourced from pm2's releases.

v6.0.5

6.0.5

• Bun support - Fixes #5893 #5774 #5682 #5675 #5777
• Disable git parsing by default #5909 #2182 #5801 #5051 #5696
• Add WEBP content type for pm2 serve #5900 @​tbo47
• Enable PM2 module update from tarball #5906 @​AYOKINYA
• Fix treekil on FreeBSD #5896 @​skeyby
• fix allowing to update namespaced pm2 NPM module (@​org/module-name) #5915 @​endelendel

Changelog

Sourced from pm2's changelog.

6.0.5

• Bun support - Fixes #5893 #5774 #5682 #5675 #5777
• Disable git parsing by default #5909 #2182 #5801 #5051 #5696
• Add WEBP content type for pm2 serve #5900 @​tbo47
• Enable PM2 module update from tarball #5906 @​AYOKINYA
• Fix treekil on FreeBSD #5896 @​skeyby
• fix allowing to update namespaced pm2 NPM module (@​org/module-name) #5915 @​endelendel

Commits

• See full diff in compare view

Updates async from 2.6.3 to 3.2.6

Changelog

Sourced from async's changelog.

v3.2.5

• Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

• Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
• Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

• Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

• Fix potential prototype pollution exploit

v3.2.1

• Use queueMicrotask if available to the environment (#1761)
• Minor perf improvement in priorityQueue (#1727)
• More examples in documentation (#1726)
• Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)
• Improved test coverage (#1754)

v3.2.0

• Fix a bug in Safari related to overwriting func.name
• Remove built-in browserify configuration (#1653)
• Varios doc fixes (#1688, #1703, #1704)

v3.1.1

• Allow redefining name property on wrapped functions.

v3.1.0

• Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)
• Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)
• Fixed a parsing bug in autoInject with complicated function bodies (#1663)
• Added ES6+ configuration for Browserify bundlers (#1653)
• Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

• Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)
• Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.

</tr></table> 

... (truncated)

Commits

• 85fb18f Version 3.2.6
• 8c0c941 Update built files
• 5f756b4 Fix ReDoS (#1980)
• 39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
• 7b8ddeb build(deps-dev): bump @​babel/core from 7.24.7 to 7.25.2 (#1981)
• 4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
• afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
• 3568a74 build(deps-dev): bump @​babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
• 9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
• f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

**Original Pull Request:** https://github.com/hermesthecat/hermes-pm2-web-ui/pull/5 **State:** open **Merged:** No --- Bumps the npm_and_yarn group with 3 updates in the / directory: [pm2](https://github.com/Unitech/pm2), [async](https://github.com/caolan/async) and [braces](https://github.com/micromatch/braces). Updates `pm2` from 5.4.3 to 6.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Unitech/pm2/releases">pm2's releases</a>.</em></p> <blockquote> <h2>v6.0.5</h2> <h1>6.0.5</h1> <ul> <li>Bun support - Fixes <a href="https://redirect.github.com/Unitech/pm2/issues/5893">#5893</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5774">#5774</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5682">#5682</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5675">#5675</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5777">#5777</a></li> <li>Disable git parsing by default <a href="https://redirect.github.com/Unitech/pm2/issues/5909">#5909</a> <a href="https://redirect.github.com/Unitech/pm2/issues/2182">#2182</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5801">#5801</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5051">#5051</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5696">#5696</a></li> <li>Add WEBP content type for pm2 serve <a href="https://redirect.github.com/Unitech/pm2/issues/5900">#5900</a> <a href="https://github.com/tbo47"><code>@​tbo47</code></a></li> <li>Enable PM2 module update from tarball <a href="https://redirect.github.com/Unitech/pm2/issues/5906">#5906</a> <a href="https://github.com/AYOKINYA"><code>@​AYOKINYA</code></a></li> <li>Fix treekil on FreeBSD <a href="https://redirect.github.com/Unitech/pm2/issues/5896">#5896</a> <a href="https://github.com/skeyby"><code>@​skeyby</code></a></li> <li>fix allowing to update namespaced pm2 NPM module (<code>@​org/module-name</code>) <a href="https://redirect.github.com/Unitech/pm2/issues/5915">#5915</a> <a href="https://github.com/endelendel"><code>@​endelendel</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Unitech/pm2/blob/master/CHANGELOG.md">pm2's changelog</a>.</em></p> <blockquote> <h2>6.0.5</h2> <ul> <li>Bun support - Fixes <a href="https://redirect.github.com/Unitech/pm2/issues/5893">#5893</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5774">#5774</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5682">#5682</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5675">#5675</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5777">#5777</a></li> <li>Disable git parsing by default <a href="https://redirect.github.com/Unitech/pm2/issues/5909">#5909</a> <a href="https://redirect.github.com/Unitech/pm2/issues/2182">#2182</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5801">#5801</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5051">#5051</a> <a href="https://redirect.github.com/Unitech/pm2/issues/5696">#5696</a></li> <li>Add WEBP content type for pm2 serve <a href="https://redirect.github.com/Unitech/pm2/issues/5900">#5900</a> <a href="https://github.com/tbo47"><code>@​tbo47</code></a></li> <li>Enable PM2 module update from tarball <a href="https://redirect.github.com/Unitech/pm2/issues/5906">#5906</a> <a href="https://github.com/AYOKINYA"><code>@​AYOKINYA</code></a></li> <li>Fix treekil on FreeBSD <a href="https://redirect.github.com/Unitech/pm2/issues/5896">#5896</a> <a href="https://github.com/skeyby"><code>@​skeyby</code></a></li> <li>fix allowing to update namespaced pm2 NPM module (<code>@​org/module-name</code>) <a href="https://redirect.github.com/Unitech/pm2/issues/5915">#5915</a> <a href="https://github.com/endelendel"><code>@​endelendel</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Unitech/pm2/commits/v6.0.5">compare view</a></li> </ul> </details> <br /> Updates `async` from 2.6.3 to 3.2.6 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/caolan/async/blob/master/CHANGELOG.md">async's changelog</a>.</em></p> <blockquote> <h1>v3.2.5</h1> <ul> <li>Ensure <code>Error</code> objects such as <code>AggregateError</code> are propagated without modification (<a href="https://redirect.github.com/caolan/async/issues/1920">#1920</a>)</li> </ul> <h1>v3.2.4</h1> <ul> <li>Fix a bug in <code>priorityQueue</code> where it didn't wait for the result. (<a href="https://redirect.github.com/caolan/async/issues/1725">#1725</a>)</li> <li>Fix a bug where <code>unshiftAsync</code> was included in <code>priorityQueue</code>. (<a href="https://redirect.github.com/caolan/async/issues/1790">#1790</a>)</li> </ul> <h1>v3.2.3</h1> <ul> <li>Fix bugs in comment parsing in <code>autoInject</code>. (<a href="https://redirect.github.com/caolan/async/issues/1767">#1767</a>, <a href="https://redirect.github.com/caolan/async/issues/1780">#1780</a>)</li> </ul> <h1>v3.2.2</h1> <ul> <li>Fix potential prototype pollution exploit</li> </ul> <h1>v3.2.1</h1> <ul> <li>Use <code>queueMicrotask</code> if available to the environment (<a href="https://redirect.github.com/caolan/async/issues/1761">#1761</a>)</li> <li>Minor perf improvement in <code>priorityQueue</code> (<a href="https://redirect.github.com/caolan/async/issues/1727">#1727</a>)</li> <li>More examples in documentation (<a href="https://redirect.github.com/caolan/async/issues/1726">#1726</a>)</li> <li>Various doc fixes (<a href="https://redirect.github.com/caolan/async/issues/1708">#1708</a>, <a href="https://redirect.github.com/caolan/async/issues/1712">#1712</a>, <a href="https://redirect.github.com/caolan/async/issues/1717">#1717</a>, <a href="https://redirect.github.com/caolan/async/issues/1740">#1740</a>, <a href="https://redirect.github.com/caolan/async/issues/1739">#1739</a>, <a href="https://redirect.github.com/caolan/async/issues/1749">#1749</a>, <a href="https://redirect.github.com/caolan/async/issues/1756">#1756</a>)</li> <li>Improved test coverage (<a href="https://redirect.github.com/caolan/async/issues/1754">#1754</a>)</li> </ul> <h1>v3.2.0</h1> <ul> <li>Fix a bug in Safari related to overwriting <code>func.name</code></li> <li>Remove built-in browserify configuration (<a href="https://redirect.github.com/caolan/async/issues/1653">#1653</a>)</li> <li>Varios doc fixes (<a href="https://redirect.github.com/caolan/async/issues/1688">#1688</a>, <a href="https://redirect.github.com/caolan/async/issues/1703">#1703</a>, <a href="https://redirect.github.com/caolan/async/issues/1704">#1704</a>)</li> </ul> <h1>v3.1.1</h1> <ul> <li>Allow redefining <code>name</code> property on wrapped functions.</li> </ul> <h1>v3.1.0</h1> <ul> <li>Added <code>q.pushAsync</code> and <code>q.unshiftAsync</code>, analagous to <code>q.push</code> and <code>q.unshift</code>, except they always do not accept a callback, and reject if processing the task errors. (<a href="https://redirect.github.com/caolan/async/issues/1659">#1659</a>)</li> <li>Promises returned from <code>q.push</code> and <code>q.unshift</code> when a callback is not passed now resolve even if an error ocurred. (<a href="https://redirect.github.com/caolan/async/issues/1659">#1659</a>)</li> <li>Fixed a parsing bug in <code>autoInject</code> with complicated function bodies (<a href="https://redirect.github.com/caolan/async/issues/1663">#1663</a>)</li> <li>Added ES6+ configuration for Browserify bundlers (<a href="https://redirect.github.com/caolan/async/issues/1653">#1653</a>)</li> <li>Various doc fixes (<a href="https://redirect.github.com/caolan/async/issues/1664">#1664</a>, <a href="https://redirect.github.com/caolan/async/issues/1658">#1658</a>, <a href="https://redirect.github.com/caolan/async/issues/1665">#1665</a>, <a href="https://redirect.github.com/caolan/async/issues/1652">#1652</a>)</li> </ul> <h1>v3.0.1</h1> <h2>Bug fixes</h2> <ul> <li>Fixed a regression where arrays passed to <code>queue</code> and <code>cargo</code> would be completely flattened. (<a href="https://redirect.github.com/caolan/async/issues/1645">#1645</a>)</li> <li>Clarified Async's browser support (<a href="https://redirect.github.com/caolan/async/issues/1643">#1643</a>)</li> </ul> <h1>v3.0.0</h1> <p>The <code>async</code>/<code>await</code> release!</p> <p>There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can <code>await</code> them from within an <code>async</code> function.</p> <pre lang="js"><code>&lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/caolan/async/commit/85fb18f3d319d14d893ec24648929ff0eb908768"><code>85fb18f</code></a> Version 3.2.6</li> <li><a href="https://github.com/caolan/async/commit/8c0c94152ff20e9b4aeff5d00244ec41dd78b66b"><code>8c0c941</code></a> Update built files</li> <li><a href="https://github.com/caolan/async/commit/5f756b4470d91778702cace5f5fce8060aeb7ad6"><code>5f756b4</code></a> Fix ReDoS (<a href="https://redirect.github.com/caolan/async/issues/1980">#1980</a>)</li> <li><a href="https://github.com/caolan/async/commit/39cdc9bd72046045b3f02f77da0dbca5028ba8fd"><code>39cdc9b</code></a> build(deps-dev): bump karma from 6.4.3 to 6.4.4 (<a href="https://redirect.github.com/caolan/async/issues/1985">#1985</a>)</li> <li><a href="https://github.com/caolan/async/commit/7b8ddeb976124ba110de5923ce40512d4f3369b1"><code>7b8ddeb</code></a> build(deps-dev): bump <code>@​babel/core</code> from 7.24.7 to 7.25.2 (<a href="https://redirect.github.com/caolan/async/issues/1981">#1981</a>)</li> <li><a href="https://github.com/caolan/async/commit/4634a9d26a8112500fb8ecbb67a1c78d735011c2"><code>4634a9d</code></a> build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (<a href="https://redirect.github.com/caolan/async/issues/1982">#1982</a>)</li> <li><a href="https://github.com/caolan/async/commit/afb176c15be82a217ad198c5e7dee303a551705c"><code>afb176c</code></a> build(deps-dev): bump chai from 4.4.1 to 4.5.0 (<a href="https://redirect.github.com/caolan/async/issues/1983">#1983</a>)</li> <li><a href="https://github.com/caolan/async/commit/3568a74de7ab5bcbe20756cc9c5d631cf26e2e65"><code>3568a74</code></a> build(deps-dev): bump <code>@​babel/eslint-parser</code> from 7.24.7 to 7.25.1 (<a href="https://redirect.github.com/caolan/async/issues/1984">#1984</a>)</li> <li><a href="https://github.com/caolan/async/commit/9e885fda800b93b67f2e046db6ce154dfc4f613a"><code>9e885fd</code></a> build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (<a href="https://redirect.github.com/caolan/async/issues/1986">#1986</a>)</li> <li><a href="https://github.com/caolan/async/commit/f9c7f2a06e515690186ce4108715085d6a7d1b69"><code>f9c7f2a</code></a> build(deps-dev): bump semver from 7.6.2 to 7.6.3 (<a href="https://redirect.github.com/caolan/async/issues/1987">#1987</a>)</li> <li>Additional commits viewable in <a href="https://github.com/caolan/async/compare/v2.6.3...v3.2.6">compare view</a></li> </ul> </details> <br /> Updates `braces` from 3.0.2 to 3.0.3 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d"><code>74b2db2</code></a> 3.0.3</li> <li><a href="https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e"><code>88f1429</code></a> update eslint. lint, fix unit tests.</li> <li><a href="https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff"><code>415d660</code></a> Snyk js braces 6838727 (<a href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li> <li><a href="https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6"><code>190510f</code></a> fix tests, skip 1 test in test/braces.expand</li> <li><a href="https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856"><code>716eb9f</code></a> readme bump</li> <li><a href="https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3"><code>a5851e5</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/braces/issues/37">#37</a> from coderaiser/fix/vulnerability</li> <li><a href="https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538"><code>2092bd1</code></a> feature: braces: add maxSymbols (<a href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li> <li><a href="https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3"><code>9f5b4cf</code></a> fix: vulnerability (<a href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li> <li><a href="https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d"><code>98414f9</code></a> remove funding file</li> <li><a href="https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14"><code>665ab5d</code></a> update keepEscaping doc (<a href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hermesthecat/hermes-pm2-web-ui/network/alerts). </details>

kerem added the

pull-request

label 2026-02-25 14:21:22 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/npm_and_yarn-6e33d269d1

No results found.

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

kerem/hermes-pm2-web-ui#5

No description provided.