chore(deps): bump the dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
@fastify/deepmerge	2.0.1	3.1.0
pacote	18.0.6	21.0.0
semver	7.6.3	7.7.1
@types/semver	7.5.8	7.7.0
type-fest	4.24.0	4.40.0
@npmcli/arborist	7.5.4	9.0.2
itertools	2.3.2	2.4.1
npm-pick-manifest	9.1.0	10.0.0
cacache	18.0.4	19.0.1

Updates @fastify/deepmerge from 2.0.1 to 3.1.0

Release notes

Sourced from @​fastify/deepmerge's releases.

v3.0.0

What's Changed

• chore: rename master to main by @​Fdawgs in fastify/deepmerge#66
• Typing: add cloneProtoObject option to Options interface by @​benjamin-stern in fastify/deepmerge#69
• ci(ci): set job permissions by @​Fdawgs in fastify/deepmerge#71
• ci(ci): drop node 16 and 18 by @​Fdawgs in fastify/deepmerge#70

New Contributors

• @​benjamin-stern made their first contribution in fastify/deepmerge#69

Full Changelog: fastify/deepmerge@v2.0.2...v3.0.0

v2.0.2

What's Changed

• Clarify all parameter by @​jorisw in fastify/deepmerge#52
• docs(readme): use simple english by @​Fdawgs in fastify/deepmerge#54
• test: prefix unused params with underscores by @​Fdawgs in fastify/deepmerge#56
• perf(index): use optional chaining by @​Fdawgs in fastify/deepmerge#55
• docs(readme): grammar fixes by @​Fdawgs in fastify/deepmerge#57
• chore: remove tap, use only tape and c8 by @​Uzlopak in fastify/deepmerge#59
• docs: clarify that deepmerge is not mutating by @​Uzlopak in fastify/deepmerge#60
• refactor(index): remove redundant assignment by @​Fdawgs in fastify/deepmerge#61
• chore(deps-dev): bump c8 from 7.14.0 to 10.1.3 by @​dependabot in fastify/deepmerge#62
• build(dependabot): reduce npm updates to monthly by @​Fdawgs in fastify/deepmerge#63
• fix(types): export function definition types by @​simonepizzamiglio in fastify/deepmerge#65

New Contributors

• @​jorisw made their first contribution in fastify/deepmerge#52
• @​simonepizzamiglio made their first contribution in fastify/deepmerge#65

Full Changelog: fastify/deepmerge@v2.0.1...v2.0.2

Commits

• See full diff in compare view

Updates pacote from 18.0.6 to 21.0.0

Release notes

Sourced from pacote's releases.

v21.0.0

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing
• this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

• 844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@​wraithgar)

Dependencies

• 2cb6fa7 #415 [email protected] (#415)
• 47b928c #412 replace node builtin rmSync with rimraf (#412) (@​mbtools)

Chores

• b6f35a2 #402 bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@​dependabot[bot])
• 1ef54ba #408 support tests on win32 (#408) (@​mbtools)
• 555b000 #401 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@​dependabot[bot], @​npm-cli-bot)

v20.0.0

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

• honors ignoreScripts property within options

Bug Fixes

• f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@​reggi)

v19.0.1

19.0.1 (2024-10-15)

Bug Fixes

• cbf94e8 #389 prepare script respects scriptshell config (#389) (@​milaninfy)
• 2b2948f #403 log tarball retrieval from cache (#403) (@​mbtools, @​wraithgar)

Dependencies

• a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@​bdehamer)

v19.0.0

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

• pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 03b31ca #392 align to npm 10 node engine range (@​reggi)

Dependencies

• f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@​dependabot[bot])
• 932b9ab #396 bump @​npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@​dependabot[bot])
• a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@​dependabot[bot])
• c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@​dependabot[bot])
• 6d59022 #399 bump @​npmcli/git from 5.0.8 to 6.0.0 (#399)
• 21ea2d4 #400 bump @​npmcli/run-script from 8.1.0 to 9.0.0 (#400)
• eddbc01 #392 [email protected]
• 6c672e9 #392 [email protected]
• 03ba2a2 #392 [email protected]
• 2710286 #392 [email protected]
• aa0bd4a #392 @npmcli/[email protected]
• df23343 #392 @npmcli/[email protected]

Chores

... (truncated)

Changelog

Sourced from pacote's changelog.

21.0.0 (2024-11-25)

⚠️ BREAKING CHANGES

• bun.lockb files are now included in the strict ignore list during packing
• this module is now compatible with the following node versions: ^20.17.0 || >=22.9.0

Bug Fixes

• 844dc08 update node engines to ^20.17.0 || >=22.9.0 (#414) (@​wraithgar)

Dependencies

• 2cb6fa7 #415 [email protected] (#415)
• 47b928c #412 replace node builtin rmSync with rimraf (#412) (@​mbtools)

Chores

• b6f35a2 #402 bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402) (@​dependabot[bot])
• 1ef54ba #408 support tests on win32 (#408) (@​mbtools)
• 555b000 #401 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401) (@​dependabot[bot], @​npm-cli-bot)

20.0.0 (2024-10-17)

⚠️ BREAKING CHANGES

• honors ignoreScripts property within options

Bug Fixes

• f27af63 #407 honors ignoreScripts option to prevent prepare lifecycle script (@​reggi)

19.0.1 (2024-10-15)

Bug Fixes

• cbf94e8 #389 prepare script respects scriptshell config (#389) (@​milaninfy)
• 2b2948f #403 log tarball retrieval from cache (#403) (@​mbtools, @​wraithgar)

Dependencies

• a9fc4d1 #405 bump sigstore from 2.2.0 to 3.0.0 (#405) (@​bdehamer)

19.0.0 (2024-09-27)

⚠️ BREAKING CHANGES

• pacote now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 03b31ca #392 align to npm 10 node engine range (@​reggi)

Dependencies

• f055f71 #395 bump npm-pick-manifest from 9.1.0 to 10.0.0 (#395) (@​dependabot[bot])
• 932b9ab #396 bump @​npmcli/package-json from 5.2.1 to 6.0.0 (#396) (@​dependabot[bot])
• a1621f9 #397 bump npm-registry-fetch from 17.1.0 to 18.0.0 (#397) (@​dependabot[bot])
• c776199 #398 bump cacache from 18.0.4 to 19.0.0 (#398) (@​dependabot[bot])
• 6d59022 #399 bump @​npmcli/git from 5.0.8 to 6.0.0 (#399)
• 21ea2d4 #400 bump @​npmcli/run-script from 8.1.0 to 9.0.0 (#400)
• eddbc01 #392 [email protected]
• 6c672e9 #392 [email protected]
• 03ba2a2 #392 [email protected]
• 2710286 #392 [email protected]
• aa0bd4a #392 @npmcli/[email protected]
• df23343 #392 @npmcli/[email protected]

Chores

• e4ed5cd #392 bump hosted-git-info ^7.0.0 to ^8.0.0 (@​reggi)
• 2871f56 #392 run template-oss-apply (@​reggi)
• 39643f1 #382 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 7e33c82 #383 postinstall for dependabot template-oss PR (@​hashtagchris)

... (truncated)

Commits

• bf1f60f chore: release 21.0.0 (#413)
• 2cb6fa7 deps!: [email protected] (#415)
• b6f35a2 chore: bump @​npmcli/arborist from 7.5.4 to 8.0.0 (#402)
• 844dc08 fix!: update node engines to ^20.17.0 || >=22.9.0 (#414)
• 555b000 chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#401)
• 47b928c deps: replace node builtin rmSync with rimraf (#412)
• 1ef54ba chore: support tests on win32 (#408)
• d606b58 chore: release 20.0.0 (#410)
• f27af63 fix!: honors ignoreScripts option to prevent prepare lifecycle script
• a854c79 chore: release 19.0.1 (#406)
• Additional commits viewable in compare view

Updates semver from 7.6.3 to 7.7.1

Release notes

Sourced from semver's releases.

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Changelog

Sourced from semver's changelog.

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

Commits

• 30c438b chore: release 7.7.1 (#765)
• af761c0 fix(inc): fully capture prerelease identifier (#764)
• 2cfcbb5 chore: release 7.7.0 (#750)
• d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
• 753e02b chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747)
• 8a34bde fix: add identifier validation to inc() (#754)
• 0864b3c feat: add "release" inc type (#753)
• 67e5478 docs(readme): added missing period for consistency (#756)
• 868d4bb docs: clarify comment about obsolete prefixes (#749)
• 145c554 chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0
• Additional commits viewable in compare view

Updates @types/semver from 7.5.8 to 7.7.0

Commits

• See full diff in compare view

Updates type-fest from 4.24.0 to 4.40.0

Release notes

Sourced from type-fest's releases.

v4.40.0

• Add NonEmptyString type (#1103) 19a9c37
• Add UnknownMap type (#1106) b4ace2d
• Add UnknownSet type (#1106) b4ace2d
• IsFloat / IsInteger: Fix instantiations with numbers represented using exponential notation (#1101) 21a92f6

---

sindresorhus/type-fest@v4.39.1...v4.40.0

v4.39.1

• OptionalKeysOf / WritableKeysOf: Fix generic assignability with keyof T (#1098) 1b41ed3

---

sindresorhus/type-fest@v4.39.0...v4.39.1

v4.39.0

• ArrayTail: Add preserveReadonly option (#1091) 544271e
• PartialDeep : Fix behaviour when strictNullChecks is disabled (#1096) 7536bae
• OptionalKeysOf / RequiredKeysOf: Fix instantiations with unions and arrays (#1089) e1ac7b2
• WritableKeysOf / ReadonlyKeysOf: Fix behavior with unions and optional properties (#1088) bbf9137

---

sindresorhus/type-fest@v4.38.0...v4.39.0

v4.38.0

• AsyncReturnType: Add support for PromiseLike (#1082) 72ccde9
• DelimiterCase / SnakeCase / ScreamingSnakeCase / KebabCase: Fix instantiations containing punctuations (#1080) 063e28d
• DelimiterCase: Pass Options generic to all related types (#1078) 1974944
• CamelCasedPropertiesDeep: Make nested array objects respect the options (#1077) c11c9ca

---

sindresorhus/type-fest@v4.37.0...v4.38.0

v4.37.0

• Sum: Add negative return value support (#1068) af5bfb7
• Subtract: Add negative return value support (#1061) 2b85ae2
• Split: Add strictLiteralChecks option (#1067) cc93f85
• Split: Fix instantiations with unions (#1067) cc93f85
• Replace: Fix instantiations with unions (#1065) a733698
• DelimiterCase / SnakeCase / ScreamingSnakeCase / KebabCase: Fix default value for splitOnNumbers option (#1073) e462e72

---

sindresorhus/type-fest@v4.36.0...v4.37.0

v4.36.0

... (truncated)

Commits

• 44c1766 4.40.0
• d071b71 Meta tweaks
• b4ace2d Add UnknownMap and UnknownSet type (#1106)
• 19a9c37 Add NonEmptyString type (#1103)
• 21a92f6 IsFloat / IsInteger: Fix instantiations with numbers represented using ex...
• 6db45e2 4.39.1
• 1b41ed3 OptionalKeysOf / WritableKeysOf: Fix generic assignability with keyof T...
• 07cb870 4.39.0
• 7536bae ApplyDefaultOptions: Improve behaviour when strictNullChecks is disabled ...
• 31ad1c2 Update funding.yml
• Additional commits viewable in compare view

Updates @npmcli/arborist from 7.5.4 to 9.0.2

Release notes

Sourced from @​npmcli/arborist's releases.

arborist: v9.0.2

9.0.2 (2025-04-08)

Bug Fixes

• a96d8f6 #8184 arborist: omit failed optional dependencies from installed deps (#8184) (@​owlstronaut, @​zkat)
• 04f53ce #8180 arborist: safely fallback on unresolved $ dependency references (#8180) (@​owlstronaut)
• 885accd #8185 arborist: only replace hostname for resolved URL (#8185) (@​billy-briggs-dev)
• 8b7bb12 #8168 arborist: Allow downgrades to hoisted version dedupe workspace i… (#8168) (@​owlstronaut)
• 1642556 #8160 arborist: workspaces respect overrides on subsequent installs (#8160) (@​owlstronaut)

Chores

• 88a7b52 #8174 add load-virtual and reify tests for workspace override test coverage (#8174) (@​owlstronaut, @​TrevorBurnham)

libnpmpack: v9.0.2

Dependencies

• workspace: @npmcli/[email protected]

arborist: v9.0.1

9.0.1 (2025-03-05)

Bug Fixes

• b9225e5 #8089 resolve override conflicts and apply correct versions (#8089) (@​owlstronaut)
• d586f3b #8117 remove duplicate var (#8117) (@​TrevorBurnham)
• 811ca29 #8115 stop working around bug fixed in [email protected] (@​TrevorBurnham)

libnpmpack: v9.0.1

Dependencies

• workspace: @npmcli/[email protected]

config: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• @npmcli/config now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• f846ad3 #7803 align @​npmcli/config to npm 10 node engine range (@​reggi)

Dependencies

• f6909a0 #7803 update [email protected]
• 105fa2b #7803 update [email protected]
• f54b155 #7803 update [email protected]
• 2076368 #7803 update @npmcli/[email protected]
• feac87c #7803 update @npmcli/[email protected]

Chores

• 2072705 #7803 update @npmcli/[email protected] (@​reggi)
• 8035725 #7756 @npmcli/[email protected] (@​wraithgar)

libnpmaccess: v9.0.0

9.0.0 (2024-10-03)

⚠️ BREAKING CHANGES

• libnpmaccess now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 73068d6 #7803 align libnpmaccess to npm 10 node engine range (@​reggi)

... (truncated)

Changelog

Sourced from @​npmcli/arborist's changelog.

9.0.2 (2025-04-08)

Bug Fixes

• a96d8f6 #8184 arborist: omit failed optional dependencies from installed deps (#8184) (@​owlstronaut, @​zkat)
• 04f53ce #8180 arborist: safely fallback on unresolved $ dependency references (#8180) (@​owlstronaut)
• 885accd #8185 arborist: only replace hostname for resolved URL (#8185) (@​billy-briggs-dev)
• 8b7bb12 #8168 arborist: Allow downgrades to hoisted version dedupe workspace i… (#8168) (@​owlstronaut)
• 1642556 #8160 arborist: workspaces respect overrides on subsequent installs (#8160) (@​owlstronaut)

Chores

• 88a7b52 #8174 add load-virtual and reify tests for workspace override test coverage (#8174) (@​owlstronaut, @​TrevorBurnham)

9.0.1 (2025-03-05)

Bug Fixes

• b9225e5 #8089 resolve override conflicts and apply correct versions (#8089) (@​owlstronaut)
• d586f3b #8117 remove duplicate var (#8117) (@​TrevorBurnham)
• 811ca29 #8115 stop working around bug fixed in [email protected] (@​TrevorBurnham)

9.0.0 (2024-12-16)

Features

• a7bfc6d #7972 trigger release process (#7972) (@​wraithgar)

Chores

• a07f4e0 #7976 @npmcli/[email protected] (@​wraithgar)

9.0.0-pre.1 (2024-12-06)

⚠️ BREAKING CHANGES

• Upon publishing, in order to apply a default "latest" dist tag, the command now retrieves all prior versions of the package. It will require that the version you're trying to publish is above the latest semver version in the registry, not including pre-release tags.
• bun.lockb files are now included in the strict ignore list during packing

Features

• f3ac7b7 #7939 no implicit latest tag on publish when latest > version (#7939) (@​reggi, @​ljharb)

Dependencies

• c0bcc2a #7955 [email protected]
• 4bf1901 #7945 @npmcli/[email protected]
• ca84b22 #7945 [email protected]

9.0.0-pre.0 (2024-11-26)

⚠️ BREAKING CHANGES

• --ignore-scripts now applies to all lifecycle scripts, include prepare
• npm will no longer fall back to the old audit endpoint if the bulk advisory request fails.
• @​npmcli/arborist now supports node ^20.17.0 || >=22.9.0

Features

• 6995303 #7850 adds --ignore-scripts flag to pack (@​reggi)

Bug Fixes

• 080a0f2 #7911 remove old audit fallback request (@​wraithgar)
• 3ffc08b #7831 for @​npmcli/arborist sets node engine range to ^20.17.0 || >=22.9.0 (@​reggi)

Dependencies

• 7dbef6f #7850 [email protected]
• 75a3f12 #7859 remove unused deps (#7859)

Chores

• 6edfe2f #7937 @npmcli/[email protected] (@​wraithgar)

8.0.0 (2024-10-03)

... (truncated)

Commits

• 5bd086b chore: release 11.3.0
• a96d8f6 fix(arborist): omit failed optional dependencies from installed deps (#8184)
• 04f53ce fix(arborist): safely fallback on unresolved $ dependency references (#8180)
• 885accd fix(arborist): only replace hostname for resolved URL (#8185)
• 88a7b52 chore: add load-virtual and reify tests for workspace override test coverage ...
• 8b7bb12 fix(arborist): Allow downgrades to hoisted version dedupe workspace i… (#8168)
• 1642556 fix(arborist): workspaces respect overrides on subsequent installs (#8160)
• 91e0f01 chore: release 11.2.0
• b9225e5 fix: resolve override conflicts and apply correct versions (#8089)
• d586f3b fix: remove duplicate var (#8117)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by owlstronaut, a new releaser for @​npmcli/arborist since your current version.

Description has been truncated