Skip to content

chore(deps): bump envinfo from 7.14.0 to 7.21.0#119

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/envinfo-7.21.0
Open

chore(deps): bump envinfo from 7.14.0 to 7.21.0#119
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/envinfo-7.21.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Bumps envinfo from 7.14.0 to 7.21.0.

Release notes

Sourced from envinfo's releases.

envinfo v7.21.0

Features

  • add Calibre support for version detection (#290) (bec2168)

envinfo v7.20.0

Features

envinfo v7.19.0

Features

envinfo v7.18.0

Features

envinfo v7.17.0

Features

envinfo v7.16.1

Bug Fixes

envinfo v7.16.0

Features

... (truncated)

Changelog

Sourced from envinfo's changelog.

7.21.0 (2025-11-26)

Features

  • add Calibre support for version detection (#290) (bec2168)

7.20.0 (2025-11-02)

Features

7.19.0 (2025-10-14)

Features

7.18.0 (2025-10-12)

Features

7.17.0 (2025-10-06)

Features

7.16.1 (2025-10-05)

Bug Fixes

7.16.0 (2025-10-04)

Features

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump envinfo from 7.14.0 to 7.21.0
2778190 
Bumps [envinfo](https://github.com/tabrindle/envinfo) from 7.14.0 to 7.21.0.
- [Release notes](https://github.com/tabrindle/envinfo/releases)
- [Changelog](https://github.com/tabrindle/envinfo/blob/main/CHANGELOG.md)
- [Commits](tabrindle/envinfo@v7.14.0...v7.21.0)

---
updated-dependencies:
- dependency-name: envinfo
  dependency-version: 7.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 27, 2026
@dependabot dependabot Bot requested a review from ulises-jeremias as a code owner April 27, 2026 04:50
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 27, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 27, 2026
edited
Loading

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ EDITORCONFIG editorconfig-checker 2 0 0 0.01s
✅ JSON jsonlint 2 0 0 0.35s
✅ JSON npm-package-json-lint yes no no 0.31s
✅ JSON prettier 2 0 0 0 0.67s
✅ JSON v8r 2 0 0 6.1s
✅ REPOSITORY gitleaks yes no no 4.58s
✅ REPOSITORY git_diff yes no no 0.01s
❌ REPOSITORY osv-scanner yes 18 no 3.15s
✅ REPOSITORY secretlint yes no no 1.01s
✅ REPOSITORY syft yes no no 4.15s
✅ REPOSITORY trufflehog yes no no 4.27s
❌ SPELL cspell 3 1 0 2.71s

Detailed Issues

❌ SPELL / cspell - 1 error 
packages/create-node-app-core/package.json:56:6      - Unknown word (readdirp)   -- "readdirp": "^4.1.2",
	 Suggestions: [readdir, readDir, redip, reader, readers]
CSpell: Files checked: 2, Issues found: 1 in 1 file.


You can skip this misspellings by defining the following .cspell.json file at the root of your repository
Of course, please correct real typos before :)

{
    "version": "0.2",
    "language": "en",
    "ignorePaths": [
        "**/node_modules/**",
        "**/vscode-extension/**",
        "**/.git/**",
        "**/.pnpm-lock.json",
        ".vscode",
        "package-lock.json",
        "megalinter-reports"
    ],
    "words": [
        "readdirp"
    ]
}


You can also copy-paste megalinter-reports/.cspell.json at the root of your repository
❌ REPOSITORY / osv-scanner - 18 errors 
Scanning dir .
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
Starting filesystem walk for root: /
Scanned tools/danger/package-lock.json file and found 161 packages
Scanned package-lock.json file and found 590 packages
End status: 49 dirs visited, 226 inodes visited, 2 Extract calls, 44.309001ms elapsed, 44.309181ms wall time
Filtered 7 local/unscannable package/s from the scan.

Total 15 packages affected by 18 known vulnerabilities (1 Critical, 4 High, 11 Medium, 2 Low, 0 Unknown) from 1 ecosystem.
17 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE                             | VERSION | FIXED VERSION | SOURCE                         |
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+
| https://osv.dev/GHSA-3p68-rc4w-qgx5 | 6.3  | npm       | axios                               | 1.13.6  | 1.15.0        | package-lock.json              |
| https://osv.dev/GHSA-fvcv-3m26-pcqx | 4.8  | npm       | axios                               | 1.13.6  | 1.15.0        | package-lock.json              |
| https://osv.dev/GHSA-f886-m6hf-6m8v | 6.5  | npm       | brace-expansion                     | 2.0.2   | 2.0.3         | package-lock.json              |
| https://osv.dev/GHSA-r4q5-vmmm-2653 | 6.9  | npm       | follow-redirects                    | 1.15.11 | 1.16.0        | package-lock.json              |
| https://osv.dev/GHSA-48c2-rrv3-qjmp | 4.3  | npm       | yaml (dev)                          | 2.8.1   | 2.8.3         | package-lock.json              |
| https://osv.dev/GHSA-h5c3-5r3r-rr8q | 5.3  | npm       | @octokit/plugin-paginate-rest (dev) | 2.21.3  | 9.2.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-rmvr-2pp2-xj38 | 5.3  | npm       | @octokit/request (dev)              | 5.6.3   | 8.4.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-xx4v-prfh-6cgc | 5.3  | npm       | @octokit/request-error (dev)        | 2.1.0   | 5.1.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-vpq2-c234-7xj6 | 3.3  | npm       | @tootallnate/once (dev)             | 2.0.0   | 3.0.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-grv7-fg5c-xmjg | 7.5  | npm       | braces (dev)                        | 3.0.2   | 3.0.3         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-fjxv-7rqg-78g4 | 9.4  | npm       | form-data (dev)                     | 4.0.0   | 4.0.4         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-869p-cjfg-cm3x | 7.5  | npm       | jws (dev)                           | 3.2.2   | 3.2.3         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-952p-6rrq-rcjv | 5.3  | npm       | micromatch (dev)                    | 4.0.5   | 4.0.8         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-8g77-54rh-46hx | 8.9  | npm       | parse-git-config (dev)              | 2.0.3   | --            | tools/danger/package-lock.json |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)                     | 2.3.1   | 2.3.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)                     | 2.3.1   | 2.3.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-6rw7-vpxm-498p | 6.3  | npm       | qs (dev)                            | 6.12.0  | 6.14.1        | tools/danger/package-lock.json |
| https://osv.dev/GHSA-w7fw-mjwx-w883 | 3.7  | npm       | qs (dev)                            | 6.12.0  | 6.14.2        | tools/danger/package-lock.json |
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ulises-jeremias ulises-jeremias Awaiting requested review from ulises-jeremias ulises-jeremias is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants