PHANTOM
🇮🇳 IN
Skip to content

build(deps): bump renovate from 43.8.2 to 43.31.3#140

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/renovate-43.31.3
Open

build(deps): bump renovate from 43.8.2 to 43.31.3#140
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/renovate-43.31.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 23, 2026

Bumps renovate from 43.8.2 to 43.31.3.

Release notes

Sourced from renovate's releases.

43.31.3

43.31.3 (2026-02-23)

Code Refactoring

Build System

  • deps: update opentelemetry-js-contrib monorepo (main) (#41404) (07b8528)

43.31.2

43.31.2 (2026-02-23)

Bug Fixes

  • deps: update ghcr.io/renovatebot/base-image docker tag to v13.11.1 (main) (#41398) (8be0725)
  • resolve cache TTL lazily in PackageHttpCacheProvider (#41386) (d1f4f80)

Documentation

  • update references to otel/opentelemetry-collector-contrib to v0.146.1 (main) (#41387) (e904013)
  • update references to renovate/renovate (main) (#41388) (8e45f4b)

Miscellaneous Chores

  • deps: update containerbase/internal-tools action to v4.1.13 (main) (#41389) (a9f039b)
  • deps: update containerbase/internal-tools action to v4.1.15 (main) (#41393) (771563d)
  • deps: update dependency @​biomejs/biome to v2.4.0 (main) (#41379) (48f94fa)
  • deps: update dependency @​containerbase/eslint-plugin to v1.1.33 (main) (#41390) (11481f4)
  • deps: update dependency @​containerbase/istanbul-reports-html to v1.1.32 (main) (#41391) (6d6a991)
  • deps: update dependency @​containerbase/semantic-release-pnpm to v1.3.22 (main) (#41392) (8f8882c)
  • deps: update dependency rimraf to v6.1.3 (main) (#41394) (6af5362)
  • deps: update dependency tar to v7.5.9 (main) (#41395) (3dc82ce)
  • deps: update ghcr.io/containerbase/devcontainer docker tag to v14.4.4 (main) (#41396) (b66a452)
  • update vscode and devcontainer settings (#41370) (3ff1ef4)

Code Refactoring

43.31.1

43.31.1 (2026-02-21)

Miscellaneous Chores

  • deps: update dependency @​vitest/eslint-plugin to v1.6.9 (main) (#41369) (dc6c1d8)

Build System

... (truncated)

Commits
  • 07b8528 build(deps): update opentelemetry-js-contrib monorepo (main) (#41404)
  • fbde994 refactor(redis): use destroy instead of disconnect (#41397)
  • 8be0725 fix(deps): update ghcr.io/renovatebot/base-image docker tag to v13.11.1 (main...
  • d1f4f80 fix: resolve cache TTL lazily in PackageHttpCacheProvider (#41386)
  • b66a452 chore(deps): update ghcr.io/containerbase/devcontainer docker tag to v14.4.4 ...
  • 3dc82ce chore(deps): update dependency tar to v7.5.9 (main) (#41395)
  • 6af5362 chore(deps): update dependency rimraf to v6.1.3 (main) (#41394)
  • 771563d chore(deps): update containerbase/internal-tools action to v4.1.15 (main) (#4...
  • 8f8882c chore(deps): update dependency @​containerbase/semantic-release-pnpm to v1.3.2...
  • 6d6a991 chore(deps): update dependency @​containerbase/istanbul-reports-html to v1.1.3...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump renovate from 43.8.2 to 43.31.3
d9456f3 
Bumps [renovate](https://github.com/renovatebot/renovate) from 43.8.2 to 43.31.3.
- [Release notes](https://github.com/renovatebot/renovate/releases)
- [Commits](renovatebot/renovate@43.8.2...43.31.3)

---
updated-dependencies:
- dependency-name: renovate
  dependency-version: 43.31.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 23, 2026
@socket-security
Copy link

socket-security bot commented Feb 23, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @renovatebot/pgp is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/renovate@43.31.3npm/@renovatebot/pgp@1.3.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@renovatebot/pgp@1.3.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code P2 security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants