Skip to content

build(deps): bump simple-git from 3.33.0 to 3.36.0#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/simple-git-3.35.2
Open

build(deps): bump simple-git from 3.33.0 to 3.36.0#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/simple-git-3.35.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps simple-git from 3.33.0 to 3.36.0.

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3

simple-git@3.35.2

Patch Changes

  • 0cf9d8c: Improvements for mono-repo publishing pipeline
  • Updated dependencies [0cf9d8c]
    • @​simple-git/args-pathspec@​1.0.2
    • @​simple-git/argv-parser@​1.0.3

simple-git@3.35.1

Patch Changes

  • 0de400e: Update monorepo version handling during publish
  • Updated dependencies [0de400e]
    • @​simple-git/argv-parser@​1.0.2
Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

  • 89a2294: Extend known exploitable configuration keys and per-task environment variables.

    Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

    Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

  • 1ad57e8: Remove conflicting node:buffer import
  • Updated dependencies [89a2294]
  • Updated dependencies [675570a]
    • @​simple-git/argv-parser@​1.1.0
    • @​simple-git/args-pathspec@​1.0.3

3.35.2

Patch Changes

  • 0cf9d8c: Improvements for mono-repo publishing pipeline
  • Updated dependencies [0cf9d8c]
    • @​simple-git/args-pathspec@​1.0.2
    • @​simple-git/argv-parser@​1.0.3

3.35.1

Patch Changes

  • 0de400e: Update monorepo version handling during publish
  • Updated dependencies [0de400e]
    • @​simple-git/argv-parser@​1.0.2

3.35.0

Minor Changes

  • 3d8708b: Updating publish config

Patch Changes

  • Updated dependencies [3d8708b]
    • @​simple-git/args-pathspec@​1.0.1
    • @​simple-git/argv-parser@​1.0.1

3.34.0

... (truncated)

Commits
  • 7dc1a53 Version Packages
  • 76f5376 Merge pull request #1061 from Vinzent03/fix/buffer-import
  • 89a2294 Environment Parsing (#1156)
  • 1b91b76 fix: remove explicit node:buffer import
  • e390685 Version Packages
  • 3c9e4b8 Pin version of @​simple-git/args-pathspec
  • 94ee21f Export pathspec types through simple-git for backward compatibility
  • 6d7cb51 Version Packages
  • 0de400e Switch to semver from workspace revisions
  • 2264722 Version Packages
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026
@dependabot
build(deps): bump simple-git from 3.33.0 to 3.36.0
341e98d 
Bumps [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) from 3.33.0 to 3.36.0.
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git)

---
updated-dependencies:
- dependency-name: simple-git
  dependency-version: 3.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump simple-git from 3.33.0 to 3.35.2 build(deps): bump simple-git from 3.33.0 to 3.36.0 Apr 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/simple-git-3.35.2 branch from 80d726b to 341e98d Compare April 29, 2026 13:43
@madkoo

madkoo commented Jun 5, 2026

Copy link
Copy Markdown
Owner

@dependabot merge

madkoo
madkoo approved these changes Jun 5, 2026
View reviewed changes

@madkoo madkoo left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@madkoo madkoo madkoo approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@madkoo