Skip to content

Bump the "dev-dependencies" group with 3 updates across multiple ecosystems#12

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/dev_dependencies-dc600ccf78
Open

Bump the "dev-dependencies" group with 3 updates across multiple ecosystems#12
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/dev_dependencies-dc600ccf78

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown

Bumps the dev-dependencies group in /dev with 1 update: solhint.

Updates solhint from 6.2.1 to 6.2.3

Release notes

Sourced from solhint's releases.

v6.2.3

[6.2.3] - 2026-06-19

🛠️ Fix: Dowser poster added.

🧹 Chore: bump js-yaml from 4.1.1 to 4.2.0

v6.2.2

[6.2.2] - 2026-06-14

🧹 Chore: Dowser poster added. Solhint needs funds to keep growing

🧹 Chore: bump fast-uri from 3.0.6 to 3.1.2

🧹 Chore: bump lodash from 4.17.23 to 4.18.1

🛠️ Fix: Removed ajv-errors due to (#750)

🆕 Rule: added no-unchecked-calls Check return value of low-level calls (call, staticcall, delegatecall)

Changelog

Sourced from solhint's changelog.

[6.2.3] - 2026-06-19

🛠️ Fix: Dowser poster added.

🧹 Chore: bump js-yaml from 4.1.1 to 4.2.0

[6.2.2] - 2026-06-14

🧹 Chore: Dowser poster added. Solhint needs funds to keep growing

🧹 Chore: bump fast-uri from 3.0.6 to 3.1.2

🧹 Chore: bump lodash from 4.17.23 to 4.18.1

🛠️ Fix: Removed ajv-errors due to (#750)

🆕 Rule: added no-unchecked-calls Check return value of low-level calls (call, staticcall, delegatecall)

Commits
  • 1403d10 Merge pull request #776 from protofire/develop
  • ba5359c Merge pull request #775 from protofire/dependabot/npm_and_yarn/js-yaml-4.2.0
  • fe87101 Merge branch 'develop' into dependabot/npm_and_yarn/js-yaml-4.2.0
  • f102c6b fix: bump js-yaml
  • 2d6b244 chore(deps): bump js-yaml from 4.1.1 to 4.2.0
  • 8d02adb Merge pull request #774 from protofire/add-dowser-poster1.2
  • ab2897e fix: e2e offeset position
  • 2d12f70 fix: external poster
  • b8633d2 fix: external poster
  • f2164f3 Merge pull request #773 from protofire/develop
  • Additional commits viewable in compare view

Bumps the dev-dependencies group in /dev with 1 update: pre-commit.

Updates pre-commit from 4.3.0 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

pre-commit v4.5.1

Fixes

  • Fix language: python with repo: local without additional_dependencies.

pre-commit v4.5.0

Features

pre-commit v4.4.0

Features

Fixes

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

4.5.1 - 2025-12-16

Fixes

  • Fix language: python with repo: local without additional_dependencies.

4.5.0 - 2025-11-22

Features

4.4.0 - 2025-11-08

Features

Fixes

Commits
  • f35134b v4.6.0
  • 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
  • d7dee32 make --hook-dir optional for hook-impl
  • 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
  • 2eacc06 --hook-type is required for hook-impl
  • f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
  • 054cc5b [pre-commit.ci] pre-commit autoupdate
  • 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
  • a5d9114 [pre-commit.ci] pre-commit autoupdate
  • 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
  • Additional commits viewable in compare view

Bumps the dev-dependencies group with 2 updates: actions/checkout and astral-sh/setup-uv.

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates astral-sh/setup-uv from 8.1.0 to 8.2.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.2.0 🌈 New inputs quiet and download-from-astral-mirror

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details. In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token. All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits
  • fac544c chore(deps): roll up dependabot updates (#903)
  • 7390f77 docs: update dependabot rollup biome guidance (#902)
  • 363c64a chore(deps): roll up dependabot updates (#901)
  • c4fcbaf chore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1 (#900)
  • 8e642c5 chore: update known checksums for 0.11.18 (#899)
  • a92cb43 Add quiet input to suppress info-level log output (#898)
  • e07f2ac chore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2 (#842)
  • bc4034e chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (#893)
  • df42d4f chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#891)
  • b9c8c4c feat: add download-from-astral-mirror input (#897)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dev-dependencies group in /dev with 1 update: [solhint](https://github.com/protofire/solhint).


Updates `solhint` from 6.2.1 to 6.2.3
- [Release notes](https://github.com/protofire/solhint/releases)
- [Changelog](https://github.com/protofire/solhint/blob/develop/CHANGELOG.md)
- [Commits](protofire/solhint@v6.2.1...v6.2.3)
chore(deps): bump pre-commit in /dev in the dev-dependencies group

Bumps the dev-dependencies group in /dev with 1 update: [pre-commit](https://github.com/pre-commit/pre-commit).


Updates `pre-commit` from 4.3.0 to 4.6.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.3.0...v4.6.0)
chore(deps): bump the dev-dependencies group with 2 updates

Bumps the dev-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv).


Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `astral-sh/setup-uv` from 8.1.0 to 8.2.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@0880764...fac544c)

---
updated-dependencies:
- dependency-name: solhint
  dependency-version: 6.2.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
@dependabot dependabot Bot requested a review from a team July 9, 2026 02:06
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednpm/​solhint@​6.2.39810010092100
Updatedpypi/​pre-commit@​4.3.0 ⏵ 4.6.093 +1100100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants