Skip to content

chore(deps): bump shell-quote from 1.7.3 to 1.8.4 in /website#2566

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/website/shell-quote-1.8.4
Open

chore(deps): bump shell-quote from 1.7.3 to 1.8.4 in /website#2566
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/website/shell-quote-1.8.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor

Bumps shell-quote from 1.7.3 to 1.8.4.

Changelog

Sourced from shell-quote's changelog.

v1.8.4 - 2026-05-22

Commits

  • [Fix] quote: validate object-token shapes 4378a6e
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore 22ebec0
  • [Tests] increase coverage 9f3caa3
  • [readme] replace runkit CI badge with shields.io check-runs badge 3344a04
  • [Dev Deps] update @ljharb/eslint-config 699c511

v1.8.3 - 2025-06-01

Fixed

v1.8.2 - 2024-11-27

Fixed

Commits

  • [meta] fix changelog tags 0fb9fd8
  • [actions] split out node 10-20, and 20+ 819bd84
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, tape fc56408
  • [actions] update npm for windows tests fdeb0fd
  • [Dev Deps] update @ljharb/eslint-config, aud, tape b8a4a3b
  • [actions] prevent node 14 on ARM mac from failing 9eecafc
  • [meta] exclude more files from the package 4044e7f
  • [Tests] replace aud with npm audit 8cfdbd8
  • [meta] add missing engines.node 843820e
  • [Dev Deps] add missing peer dep 4c3b88d
  • [Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6 80322ed

v1.8.1 - 2023-04-07

Fixed

Commits

  • [Refactor] parse: hoist getVar to module level b42ac73
  • [Refactor] hoist some vars to module level 8f0c5c3
  • [Refactor] parse: use slice over substr, cache some values fcb2e1a
  • [Refactor] parse: a bit of cleanup 6780ec5
  • [Refactor] parse: tweak the regex to not match nothing 227d474

... (truncated)

Commits
  • ff166e2 v1.8.4
  • 4378a6e [Fix] quote: validate object-token shapes
  • 22ebec0 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, `npmig...
  • 9f3caa3 [Tests] increase coverage
  • 3344a04 [readme] replace runkit CI badge with shields.io check-runs badge
  • 699c511 [Dev Deps] update @ljharb/eslint-config
  • 487a9b4 v1.8.3
  • 01faaff [Fix] remove unnecessary backslash escaping in single quotes
  • b19fc77 v1.8.2
  • 59d29ea [Fix] quote: preserve empty strings
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump shell-quote from 1.7.3 to 1.8.4 in /website
2974ff3 
Bumps [shell-quote](https://github.com/ljharb/shell-quote) from 1.7.3 to 1.8.4.
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.7.3...v1.8.4)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 10, 2026
Copilot AI review requested due to automatic review settings June 10, 2026 02:08
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 10, 2026
Copilot AI reviewed Jun 10, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown

Hey @dependabot[bot] 👋!
Thank you so much for contributing to our repository 🙌.
Someone from SynapseML Team will be reviewing this pull request soon.

We use semantic commit messages to streamline the release process.
Before your pull request can be merged, you should make sure your first commit and PR title start with a semantic prefix.
This helps us to create release messages and credit you for your hard work!

Examples of commit messages with semantic prefixes:

  • fix: Fix LightGBM crashes with empty partitions
  • feat: Make HTTP on Spark back-offs configurable
  • docs: Update Spark Serving usage
  • build: Add codecov support
  • perf: improve LightGBM memory usage
  • refactor: make python code generation rely on classes
  • style: Remove nulls from CNTKModel
  • test: Add test coverage for CNTKModel

To test your commit locally, please follow our guild on building from source.
Check out the developer guide for additional guidance on testing your change.

@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/shell-quote 1.8.4 🟢 4.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 2/30 approved changesets -- score normalized to 0
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 54 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • website/yarn.lock

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant