Skip to content

Bump the dependencies group across 1 directory with 9 updates#325

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/dependencies-9a1a3e913b
Open

Bump the dependencies group across 1 directory with 9 updates#325
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/dependencies-9a1a3e913b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 9 updates in the / directory:

Package From To
cacache 20.0.3 20.0.4
@types/cacache 20.0.0 20.0.1
csv-parse 6.1.0 6.2.1
dayjs 1.11.19 1.11.20
dotenv 17.2.3 17.4.1
yahoo-finance2 3.11.2 3.14.0
jest 30.2.0 30.3.0
ts-jest 29.4.6 29.4.9
typescript 5.9.3 6.0.2

Updates cacache from 20.0.3 to 20.0.4

Release notes

Sourced from cacache's releases.

v20.0.4

20.0.4 (2026-03-18)

Dependencies

Chores

Changelog

Sourced from cacache's changelog.

20.0.4 (2026-03-18)

Dependencies

Chores

Commits
  • 35d6f44 chore: release 20.0.4 (#329)
  • 1cf5e0c chore: bump @​npmcli/template-oss from 4.28.1 to 4.29.0 (#326)
  • dd3ff61 deps: remove unique-filename
  • 256f6b4 fix: replace unique-filename with crypto.randomUUID()
  • d171fe9 chore: bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#325)
  • See full diff in compare view

Updates @types/cacache from 20.0.0 to 20.0.1

Commits

Updates csv-parse from 6.1.0 to 6.2.1

Changelog

Sourced from csv-parse's changelog.

6.2.1 (2026-03-20)

Bug Fixes

  • csv-parse: prototype pollution with objname option (fix #479)

6.2.0 (2026-03-17)

Features

  • csv-parse: alig info interfaces with js api
  • csv-parse: info bytes_records (fix #446)
  • csv-parse: remove non-existing ts function declaration
  • csv-parse: remove ts usage of all in error type
  • csv-parse: returned type generic for on_record (fix #461 #464 #466) (#468)

Bug Fixes

  • csv-parse: delimiter inherited type
  • csv-parse: support number columns with cast (fix #477)
Commits
  • df244e9 chore(release): publish
  • cd17465 fix(csv-parse): prototype pollution with objname option (fix #479)
  • bec87d1 chore(release): publish
  • 067922f chore: latest dependencies
  • cb1a2d9 refactor: tsconfig json format
  • 08b85ce build: remove all eslint errors
  • 38b3d67 test: convert sample demo script to js
  • bd1c611 test: support n 16 test after latest changes
  • a068ec0 fix(csv-parse): support number columns with cast (fix #477)
  • da7ca03 build: check ts compilation before tests
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for csv-parse since your current version.


Updates dayjs from 1.11.19 to 1.11.20

Release notes

Sourced from dayjs's releases.

v1.11.20

1.11.20 (2026-03-12)

Bug Fixes

  • Update locale km.js to support meridiem (#3017) (9d2b6a1)
  • update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118
Changelog

Sourced from dayjs's changelog.

1.11.20 (2026-03-12)

Bug Fixes

  • Update locale km.js to support meridiem (#3017) (9d2b6a1)
  • update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118
Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for dayjs since your current version.


Updates dotenv from 17.2.3 to 17.4.1

Changelog

Sourced from dotenv's changelog.

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.
Commits

Updates yahoo-finance2 from 3.11.2 to 3.14.0

Release notes

Sourced from yahoo-finance2's releases.

v3.14.0

3.14.0 (2026-03-26)

Features

  • screener: add request-side start pagination option to ScreenerOptions\n\n- Add start?: number to ScreenerOptions for pagination.\n- Regenerate schema (manually updated here) to include start in ScreenerOptions.\n- Add a test covering usage with { count, start }.\n\nYahoo endpoint supports start/count; this exposes start in the typed API. Backward compatible. (e89545e)

v3.13.2

3.13.2 (2026-03-04)

Bug Fixes

  • search: lowercase typeDisp to match yahoo change (fixes #988) (0ca9618)

v3.13.1

3.13.1 (2026-02-25)

Bug Fixes

  • fundamentals: don't infer type, use request type (fixes #986) (0a62766)

v3.13.0

3.13.0 (2026-01-24)

Features

  • versions,cli: use correct version string, cli improvements (623fec3), closes #968

Bug Fixes

  • actions/test-release: install semantic-release/exec (503132f)
  • actions: better version fix flow (#968) (3a50c26)

v3.12.0

3.12.0 (2026-01-22)

Features

  • constructor: runtime schema check on options (closes #980) (6bab7bd)
  • quote: add extended market quote data (#983) (b5c33e6)

Bug Fixes

  • lib/options: don't json-schema validate cookieJar, etc. (3115ce0)
Commits
  • 4353302 Merge pull request #991 from larserik/feat/screener-start-pagination
  • e89545e feat(screener): add request-side start pagination option to ScreenerOptions\n...
  • a6f4c87 chore(getCrumb): differentiate between 2 collectConsentSubmitResponse
  • 0ca9618 fix(search): lowercase typeDisp to match yahoo change (fixes #988)
  • 02f46a3 chore(tests): recache failing search tests (#988)
  • 0a62766 fix(fundamentals): don't infer type, use request type (fixes #986)
  • cdf2a6a chore(ci): bump node in actions/setup/action.yml
  • e6f790b chore(ci): use OIDC for npm
  • 3a50c26 fix(actions): better version fix flow (#968)
  • 503132f fix(actions/test-release): install semantic-release/exec
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for yahoo-finance2 since your current version.


Updates @types/cacache from 20.0.0 to 20.0.1

Commits

Updates jest from 30.2.0 to 30.3.0

Release notes

Sourced from jest's releases.

v30.3.0

Features

  • [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
  • [jest-fake-timers] Add setTimerTickMode to configure how timers advance
  • [*] Reduce token usage when run through LLMs (3f17932)

Fixes

  • [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
  • [jest-mock] Use Symbol from test environment (#15858)
  • [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
  • [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
  • [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
  • [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

  • [*] Replace remaining micromatch uses with picomatch
  • [deps] Update to sinon/fake-timers v15
  • [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
  • Updated Twitter icon to match the latest brand guidelines (#15869)
Changelog

Sourced from jest's changelog.

30.3.0

Features

  • [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
  • [jest-fake-timers] Add setTimerTickMode to configure how timers advance
  • [*] Reduce token usage when run through LLMs (3f17932)

Fixes

  • [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
  • [jest-mock] Use Symbol from test environment (#15858)
  • [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
  • [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
  • [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
  • [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

  • [*] Replace remaining micromatch uses with picomatch
  • [deps] Update to sinon/fake-timers v15
  • [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
  • Updated Twitter icon to match the latest brand guidelines (#15869)
Commits

Updates ts-jest from 29.4.6 to 29.4.9

Release notes

Sourced from ts-jest's releases.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.7 (2026-04-01)

Features

Commits
  • bac2e77 chore(release): bump version to 29.4.9
  • f8a9cc9 fix: use correct registry for npm OIDC trusted publishing
  • e2eec26 fix: npm permissions
  • 263f2ac chore: remove npm auth token
  • 5df0e45 OIDC
  • f82c144 Merge pull request #5250 from kulshekhar/copilot/bump-patch-version
  • e6ec5ae Update CHANGELOG.md
  • 62c3199 Update CHANGELOG.md
  • 052e751 Bump patch version to 29.4.7
  • f79e77b Merge pull request #5249 from ext/feature/ts6-peer
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-jest since your current version.


Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group across 1 directory with 9 updates
b5966f9 
Bumps the dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cacache](https://github.com/npm/cacache) | `20.0.3` | `20.0.4` |
| [@types/cacache](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/cacache) | `20.0.0` | `20.0.1` |
| [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) | `6.1.0` | `6.2.1` |
| [dayjs](https://github.com/iamkun/dayjs) | `1.11.19` | `1.11.20` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.4.1` |
| [yahoo-finance2](https://github.com/gadicc/yahoo-finance2) | `3.11.2` | `3.14.0` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.3.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.6` | `29.4.9` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.2` |



Updates `cacache` from 20.0.3 to 20.0.4
- [Release notes](https://github.com/npm/cacache/releases)
- [Changelog](https://github.com/npm/cacache/blob/main/CHANGELOG.md)
- [Commits](npm/cacache@v20.0.3...v20.0.4)

Updates `@types/cacache` from 20.0.0 to 20.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/cacache)

Updates `csv-parse` from 6.1.0 to 6.2.1
- [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md)
- [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@6.2.1/packages/csv-parse)

Updates `dayjs` from 1.11.19 to 1.11.20
- [Release notes](https://github.com/iamkun/dayjs/releases)
- [Changelog](https://github.com/iamkun/dayjs/blob/dev/CHANGELOG.md)
- [Commits](iamkun/dayjs@v1.11.19...v1.11.20)

Updates `dotenv` from 17.2.3 to 17.4.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.2.3...v17.4.1)

Updates `yahoo-finance2` from 3.11.2 to 3.14.0
- [Release notes](https://github.com/gadicc/yahoo-finance2/releases)
- [Changelog](https://github.com/gadicc/yahoo-finance2/blob/dev/release.config.mjs)
- [Commits](gadicc/yahoo-finance2@v3.11.2...v3.14.0)

Updates `@types/cacache` from 20.0.0 to 20.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/cacache)

Updates `jest` from 30.2.0 to 30.3.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest)

Updates `ts-jest` from 29.4.6 to 29.4.9
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.4.6...v29.4.9)

Updates `typescript` from 5.9.3 to 6.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.2)

---
updated-dependencies:
- dependency-name: cacache
  dependency-version: 20.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: "@types/cacache"
  dependency-version: 20.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: csv-parse
  dependency-version: 6.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: dayjs
  dependency-version: 1.11.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: dotenv
  dependency-version: 17.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: yahoo-finance2
  dependency-version: 3.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@types/cacache"
  dependency-version: 20.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: jest
  dependency-version: 30.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: ts-jest
  dependency-version: 29.4.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the Dependencies Updated dependencies label Apr 6, 2026
@dependabot dependabot Bot requested a review from dickwolff as a code owner April 6, 2026 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dickwolff dickwolff Awaiting requested review from dickwolff dickwolff is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Dependencies Updated dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants