From 696dc5e3345d1d86f7b82f7c01771e71c9fc5981 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Jun 2025 11:50:42 -0700
Subject: [PATCH 1/5] chore: bump @npmcli/template-oss from 4.24.3 to 4.24.4
(#298)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from
4.24.3 to 4.24.4.
Release notes
Sourced from @npmcli/template-oss's
releases.
v4.24.4
4.24.4
(2025-06-25)
Bug Fixes
Changelog
Sourced from @npmcli/template-oss's
changelog.
4.24.4
(2025-06-25)
Bug Fixes
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
---------
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: npm CLI robot
---
package.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package.json b/package.json
index a9bb26b..3fb4268 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
},
"devDependencies": {
"@npmcli/eslint-config": "^5.0.0",
- "@npmcli/template-oss": "4.24.3",
+ "@npmcli/template-oss": "4.24.4",
"tap": "^16.0.1"
},
"files": [
@@ -55,7 +55,7 @@
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
- "version": "4.24.3",
+ "version": "4.24.4",
"publish": "true"
}
}
From a0e07cd0b8cfd51907acac8a13caf426f690a4f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Jul 2025 10:03:45 -0700
Subject: [PATCH 2/5] chore: bump @npmcli/template-oss from 4.24.4 to 4.25.0
(#302)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from
4.24.4 to 4.25.0.
Release notes
Sourced from @npmcli/template-oss's
releases.
v4.25.0
4.25.0
(2025-07-08)
Features
Changelog
Sourced from @npmcli/template-oss's
changelog.
4.25.0
(2025-07-08)
Features
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
---------
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Smith
---
.github/workflows/audit.yml | 3 +++
.github/workflows/ci-release.yml | 4 ++++
.github/workflows/ci.yml | 3 +++
.github/workflows/codeql-analysis.yml | 3 +++
.github/workflows/post-dependabot.yml | 2 +-
.github/workflows/pull-request.yml | 3 +++
.github/workflows/release-integration.yml | 4 ++++
.github/workflows/release.yml | 1 +
package.json | 4 ++--
9 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index a3ae725..85282bd 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -8,6 +8,9 @@ on:
# "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1
- cron: "0 8 * * 1"
+permissions:
+ contents: read
+
jobs:
audit:
name: Audit Dependencies
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 673f9ca..d9fcb92 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -18,6 +18,10 @@ on:
required: true
type: string
+permissions:
+ contents: read
+ checks: write
+
jobs:
lint-all:
name: Lint All
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f555831..8c06d03 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,6 +13,9 @@ on:
# "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1
- cron: "0 9 * * 1"
+permissions:
+ contents: read
+
jobs:
lint:
name: Lint
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f8b1702..5304739 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -15,6 +15,9 @@ on:
# "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1
- cron: "0 10 * * 1"
+permissions:
+ contents: read
+
jobs:
analyze:
name: Analyze
diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml
index 1ea8693..3a91911 100644
--- a/.github/workflows/post-dependabot.yml
+++ b/.github/workflows/post-dependabot.yml
@@ -54,7 +54,7 @@ jobs:
else
# strip leading slash from directory so it works as a
# a path to the workspace flag
- echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT
+ echo "workspace=--workspace ${dependabot_dir#/}" >> $GITHUB_OUTPUT
fi
- name: Apply Changes
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 7dbdfd4..c69932d 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -10,6 +10,9 @@ on:
- edited
- synchronize
+permissions:
+ contents: read
+
jobs:
commitlint:
name: Lint Commits
diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml
index 130578e..9ca9a2b 100644
--- a/.github/workflows/release-integration.yml
+++ b/.github/workflows/release-integration.yml
@@ -19,6 +19,10 @@ on:
PUBLISH_TOKEN:
required: true
+permissions:
+ contents: read
+ id-token: write
+
jobs:
publish:
name: Publish
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e77e76f..217806d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -245,6 +245,7 @@ jobs:
if: needs.release.outputs.releases
uses: ./.github/workflows/release-integration.yml
permissions:
+ contents: read
id-token: write
secrets:
PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
diff --git a/package.json b/package.json
index 3fb4268..6eeba50 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
},
"devDependencies": {
"@npmcli/eslint-config": "^5.0.0",
- "@npmcli/template-oss": "4.24.4",
+ "@npmcli/template-oss": "4.25.0",
"tap": "^16.0.1"
},
"files": [
@@ -55,7 +55,7 @@
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
- "version": "4.24.4",
+ "version": "4.25.0",
"publish": "true"
}
}
From 7a9c71ec56c588ed938dcfbc700eb56bcd20d14d Mon Sep 17 00:00:00 2001
From: Michael Smith
Date: Wed, 23 Jul 2025 11:32:11 -0700
Subject: [PATCH 3/5] deps: lru-cache@11.1.0
---
package.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package.json b/package.json
index 6eeba50..a7da11c 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
"eslint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\""
},
"dependencies": {
- "lru-cache": "^10.0.1"
+ "lru-cache": "^11.1.0"
},
"devDependencies": {
"@npmcli/eslint-config": "^5.0.0",
From f5d971c6e21de4c7d533fbfe7c0f4db33c1c10a4 Mon Sep 17 00:00:00 2001
From: Michael Smith
Date: Wed, 23 Jul 2025 11:33:34 -0700
Subject: [PATCH 4/5] fix!: align to npm 11 node engine range BREAKING CHANGE:
`hosted-git-info` now supports node `^20.17.0 || >=22.9.0`
---
.github/workflows/ci-release.yml | 13 +++++--------
.github/workflows/ci.yml | 13 +++++--------
package.json | 2 +-
3 files changed, 11 insertions(+), 17 deletions(-)
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index d9fcb92..e9ab5ff 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -91,20 +91,17 @@ jobs:
os: windows-latest
shell: cmd
node-version:
- - 18.17.0
- - 18.x
- - 20.5.0
+ - 20.17.0
- 20.x
+ - 22.9.0
- 22.x
exclude:
- platform: { name: macOS, os: macos-13, shell: bash }
- node-version: 18.17.0
- - platform: { name: macOS, os: macos-13, shell: bash }
- node-version: 18.x
- - platform: { name: macOS, os: macos-13, shell: bash }
- node-version: 20.5.0
+ node-version: 20.17.0
- platform: { name: macOS, os: macos-13, shell: bash }
node-version: 20.x
+ - platform: { name: macOS, os: macos-13, shell: bash }
+ node-version: 22.9.0
- platform: { name: macOS, os: macos-13, shell: bash }
node-version: 22.x
runs-on: ${{ matrix.platform.os }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8c06d03..650d4cf 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -68,20 +68,17 @@ jobs:
os: windows-latest
shell: cmd
node-version:
- - 18.17.0
- - 18.x
- - 20.5.0
+ - 20.17.0
- 20.x
+ - 22.9.0
- 22.x
exclude:
- platform: { name: macOS, os: macos-13, shell: bash }
- node-version: 18.17.0
- - platform: { name: macOS, os: macos-13, shell: bash }
- node-version: 18.x
- - platform: { name: macOS, os: macos-13, shell: bash }
- node-version: 20.5.0
+ node-version: 20.17.0
- platform: { name: macOS, os: macos-13, shell: bash }
node-version: 20.x
+ - platform: { name: macOS, os: macos-13, shell: bash }
+ node-version: 22.9.0
- platform: { name: macOS, os: macos-13, shell: bash }
node-version: 22.x
runs-on: ${{ matrix.platform.os }}
diff --git a/package.json b/package.json
index a7da11c..2c0c07e 100644
--- a/package.json
+++ b/package.json
@@ -43,7 +43,7 @@
"lib/"
],
"engines": {
- "node": "^18.17.0 || >=20.5.0"
+ "node": "^20.17.0 || >=22.9.0"
},
"tap": {
"color": 1,
From ab8b41bf6b70b35f095087d33f6dc90e345018a6 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 24 Jul 2025 08:34:29 -0700
Subject: [PATCH 5/5] chore: release 9.0.0 (#306)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
:robot: I have created a release *beep* *boop*
---
##
[9.0.0](https://github.com/npm/hosted-git-info/compare/v8.1.0...v9.0.0)
(2025-07-24)
### ⚠️ BREAKING CHANGES
* `hosted-git-info` now supports node `^20.17.0 || >=22.9.0`
### Bug Fixes
*
[`f5d971c`](https://github.com/npm/hosted-git-info/commit/f5d971c6e21de4c7d533fbfe7c0f4db33c1c10a4)
[#305](https://github.com/npm/hosted-git-info/pull/305) align to npm 11
node engine range (@owlstronaut)
### Dependencies
*
[`7a9c71e`](https://github.com/npm/hosted-git-info/commit/7a9c71ec56c588ed938dcfbc700eb56bcd20d14d)
[#305](https://github.com/npm/hosted-git-info/pull/305)
`lru-cache@11.1.0`
### Chores
*
[`a0e07cd`](https://github.com/npm/hosted-git-info/commit/a0e07cd0b8cfd51907acac8a13caf426f690a4f6)
[#302](https://github.com/npm/hosted-git-info/pull/302) bump
@npmcli/template-oss from 4.24.4 to 4.25.0 (#302) (@dependabot[bot],
@owlstronaut)
---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
.release-please-manifest.json | 2 +-
CHANGELOG.md | 10 ++++++++++
package.json | 2 +-
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index 529b133..9285669 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
{
- ".": "8.1.0"
+ ".": "9.0.0"
}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f2a1030..d5f9a2b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,15 @@
# Changelog
+## [9.0.0](https://github.com/npm/hosted-git-info/compare/v8.1.0...v9.0.0) (2025-07-24)
+### ⚠️ BREAKING CHANGES
+* `hosted-git-info` now supports node `^20.17.0 || >=22.9.0`
+### Bug Fixes
+* [`f5d971c`](https://github.com/npm/hosted-git-info/commit/f5d971c6e21de4c7d533fbfe7c0f4db33c1c10a4) [#305](https://github.com/npm/hosted-git-info/pull/305) align to npm 11 node engine range (@owlstronaut)
+### Dependencies
+* [`7a9c71e`](https://github.com/npm/hosted-git-info/commit/7a9c71ec56c588ed938dcfbc700eb56bcd20d14d) [#305](https://github.com/npm/hosted-git-info/pull/305) `lru-cache@11.1.0`
+### Chores
+* [`a0e07cd`](https://github.com/npm/hosted-git-info/commit/a0e07cd0b8cfd51907acac8a13caf426f690a4f6) [#302](https://github.com/npm/hosted-git-info/pull/302) bump @npmcli/template-oss from 4.24.4 to 4.25.0 (#302) (@dependabot[bot], @owlstronaut)
+
## [8.1.0](https://github.com/npm/hosted-git-info/compare/v8.0.2...v8.1.0) (2025-04-14)
### Features
* [`ef0865c`](https://github.com/npm/hosted-git-info/commit/ef0865cc5c28700f990bf25d919e2520c944cf55) [#288](https://github.com/npm/hosted-git-info/pull/288) add `HostedGitInfo.fromManifest` (#288) (@ljharb)
diff --git a/package.json b/package.json
index 2c0c07e..5883a7d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "hosted-git-info",
- "version": "8.1.0",
+ "version": "9.0.0",
"description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab",
"main": "./lib/index.js",
"repository": {