build(deps): bump the npm_and_yarn group across 5 directories with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the /pkgs/applications/editors/rstudio directory: minimatch and yaml.
Bumps the npm_and_yarn group with 1 update in the /pkgs/development/python-modules/apache-airflow directory: yaml.
Bumps the npm_and_yarn group with 1 update in the /pkgs/servers/web-apps/hedgedoc directory: yaml.
Bumps the npm_and_yarn group with 2 updates in the /pkgs/tools/admin/meshcentral directory: node-forge and nodemailer.
Bumps the npm_and_yarn group with 3 updates in the /pkgs/tools/admin/pgadmin directory: minimatch, yaml and handlebars.

Updates minimatch from 3.0.4 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates yaml from 1.7.2 to 1.10.3

Release notes

Sourced from yaml's releases.

v1.10.2

• prettier/prettier#10510

v1.10.1

This release backports the following non-breaking fixes made during the work on yaml@2 on top of yaml@1.10.0:

• Support for __proto__ as mapping key & anchor identifier (#192)
• Fix broken TS type for BigInt toggle
• Dump long keys properly (#195)
• When folding highly indented lines, require at least minContentWidth chars on the first line (#196)
• Fix YAML.stringify() for certain null values (#197)
• Do not break escaped chars with escaped newlines (#237, awslabs/cdk8s8)
• Set type: "module" within browser/dist/ (#208)
• Use CommonJS for the browser endpoints yaml/types & yaml/util (#208)
• Always stringify non-Node object keys using explicit notation (#218)
• Specify node type of Document.Parsed.contents (#221)
• Add missing type for CST Node.rangeAsLinePos (#222)
• Prefer literal over folded block scalar when lineWidth=0 is set (#232)
• Allow for empty lines after node props (#242)
• Update dev dependencies

v1.10.0

This will probably be the last minor release of yaml@1. I'm aiming to release yaml@2 within a few months; prereleases of that will be published using the next dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.

New Features

• Use Rollup for Node.js & browser builds (#165)
  • This removes most of the internal dist/ paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.
  • Drop dependency on @babel/runtime. After this, the package has 0 runtime dependencies. 🎉
  • Add exports { Alias, Collection, Merge, Node } to 'yaml/types'
• Document Schema.createPair() & make its ctx arg optional (#157)
• Always indent top-level scalars with lines starting with document markers or % directives (#162)
• Use double-space when forcing top-level block scalar indent, for clarity (#162)
• Add getNodes(): string[] method to Anchors (#166)
• Refactor Jest config, adding tests for compiled dist/ endpoints
• Rename & refactor source files. This should have no effect on the results, but lots of stuff moved around

Improved Errors & Warnings

• Throw more helpful error when setting Pair.commentBefore incorrectly (#157)
• Better errors for bad indents (#169)
• Drop incorrect error for flow mapping keys with length > 1024 chars
• Add errors for plain scalars that start with reserved indicators
• Add more explicit errors for block scalar values with bad indents
• Enable log prints during npm start debugging

Improved TypeScript declarations

• Fix/simplify export mapping of 'yaml/types' and 'yaml/util'
• Fix types, dropping AST.{AstNode,ScalarNode,CollectionNode} (#160)
• Add missing toString() methods to AST nodes (#159)
• Add directivesEndMarker to Document type (#167)

... (truncated)

Commits

• cfe8f04 1.10.3
• 7abcf45 fix: Catch stack overflow during CST composition
• a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
• a5e83b0 style: Apply updates Prettier rules
• b8ddca0 chore: Refresh lockfile
• 395f892 ci: Use a different (working) submodule checkout
• 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
• 4cdcde6 1.10.2
• 7c0e083 Allow for unindented comment after node props (#242)
• 8ef0157 1.10.1
• Additional commits viewable in compare view

Updates yaml from 1.10.0 to 1.10.3

Release notes

Sourced from yaml's releases.

v1.10.2

• prettier/prettier#10510

v1.10.1

This release backports the following non-breaking fixes made during the work on yaml@2 on top of yaml@1.10.0:

• Support for __proto__ as mapping key & anchor identifier (#192)
• Fix broken TS type for BigInt toggle
• Dump long keys properly (#195)
• When folding highly indented lines, require at least minContentWidth chars on the first line (#196)
• Fix YAML.stringify() for certain null values (#197)
• Do not break escaped chars with escaped newlines (#237, awslabs/cdk8s8)
• Set type: "module" within browser/dist/ (#208)
• Use CommonJS for the browser endpoints yaml/types & yaml/util (#208)
• Always stringify non-Node object keys using explicit notation (#218)
• Specify node type of Document.Parsed.contents (#221)
• Add missing type for CST Node.rangeAsLinePos (#222)
• Prefer literal over folded block scalar when lineWidth=0 is set (#232)
• Allow for empty lines after node props (#242)
• Update dev dependencies

v1.10.0

This will probably be the last minor release of yaml@1. I'm aiming to release yaml@2 within a few months; prereleases of that will be published using the next dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.

New Features

• Use Rollup for Node.js & browser builds (#165)
  • This removes most of the internal dist/ paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.
  • Drop dependency on @babel/runtime. After this, the package has 0 runtime dependencies. 🎉
  • Add exports { Alias, Collection, Merge, Node } to 'yaml/types'
• Document Schema.createPair() & make its ctx arg optional (#157)
• Always indent top-level scalars with lines starting with document markers or % directives (#162)
• Use double-space when forcing top-level block scalar indent, for clarity (#162)
• Add getNodes(): string[] method to Anchors (#166)
• Refactor Jest config, adding tests for compiled dist/ endpoints
• Rename & refactor source files. This should have no effect on the results, but lots of stuff moved around

Improved Errors & Warnings

• Throw more helpful error when setting Pair.commentBefore incorrectly (#157)
• Better errors for bad indents (#169)
• Drop incorrect error for flow mapping keys with length > 1024 chars
• Add errors for plain scalars that start with reserved indicators
• Add more explicit errors for block scalar values with bad indents
• Enable log prints during npm start debugging

Improved TypeScript declarations

• Fix/simplify export mapping of 'yaml/types' and 'yaml/util'
• Fix types, dropping AST.{AstNode,ScalarNode,CollectionNode} (#160)
• Add missing toString() methods to AST nodes (#159)
• Add directivesEndMarker to Document type (#167)

... (truncated)

Commits

• cfe8f04 1.10.3
• 7abcf45 fix: Catch stack overflow during CST composition
• a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
• a5e83b0 style: Apply updates Prettier rules
• b8ddca0 chore: Refresh lockfile
• 395f892 ci: Use a different (working) submodule checkout
• 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
• 4cdcde6 1.10.2
• 7c0e083 Allow for unindented comment after node props (#242)
• 8ef0157 1.10.1
• Additional commits viewable in compare view

Updates yaml from 1.10.2 to 1.10.3

Release notes

Sourced from yaml's releases.

v1.10.2

• prettier/prettier#10510

v1.10.1

This release backports the following non-breaking fixes made during the work on yaml@2 on top of yaml@1.10.0:

• Support for __proto__ as mapping key & anchor identifier (#192)
• Fix broken TS type for BigInt toggle
• Dump long keys properly (#195)
• When folding highly indented lines, require at least minContentWidth chars on the first line (#196)
• Fix YAML.stringify() for certain null values (#197)
• Do not break escaped chars with escaped newlines (#237, awslabs/cdk8s8)
• Set type: "module" within browser/dist/ (#208)
• Use CommonJS for the browser endpoints yaml/types & yaml/util (#208)
• Always stringify non-Node object keys using explicit notation (#218)
• Specify node type of Document.Parsed.contents (#221)
• Add missing type for CST Node.rangeAsLinePos (#222)
• Prefer literal over folded block scalar when lineWidth=0 is set (#232)
• Allow for empty lines after node props (#242)
• Update dev dependencies

v1.10.0

This will probably be the last minor release of yaml@1. I'm aiming to release yaml@2 within a few months; prereleases of that will be published using the next dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.

New Features

• Use Rollup for Node.js & browser builds (#165)
  • This removes most of the internal dist/ paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.
  • Drop dependency on @babel/runtime. After this, the package has 0 runtime dependencies. 🎉
  • Add exports { Alias, Collection, Merge, Node } to 'yaml/types'
• Document Schema.createPair() & make its ctx arg optional (#157)
• Always indent top-level scalars with lines starting with document markers or % directives (#162)
• Use double-space when forcing top-level block scalar indent, for clarity (#162)
• Add getNodes(): string[] method to Anchors (#166)
• Refactor Jest config, adding tests for compiled dist/ endpoints
• Rename & refactor source files. This should have no effect on the results, but lots of stuff moved around

Improved Errors & Warnings

• Throw more helpful error when setting Pair.commentBefore incorrectly (#157)
• Better errors for bad indents (#169)
• Drop incorrect error for flow mapping keys with length > 1024 chars
• Add errors for plain scalars that start with reserved indicators
• Add more explicit errors for block scalar values with bad indents
• Enable log prints during npm start debugging

Improved TypeScript declarations

• Fix/simplify export mapping of 'yaml/types' and 'yaml/util'
• Fix types, dropping AST.{AstNode,ScalarNode,CollectionNode} (#160)
• Add missing toString() methods to AST nodes (#159)
• Add directivesEndMarker to Document type (#167)

... (truncated)

Commits

• cfe8f04 1.10.3
• 7abcf45 fix: Catch stack overflow during CST composition
• a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
• a5e83b0 style: Apply updates Prettier rules
• b8ddca0 chore: Refresh lockfile
• 395f892 ci: Use a different (working) submodule checkout
• 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
• 4cdcde6 1.10.2
• 7c0e083 Allow for unindented comment after node props (#242)
• 8ef0157 1.10.1
• Additional commits viewable in compare view

Updates node-forge from 1.3.1 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

• HIGH: Denial of Service in BigInteger.modInverse()
  • A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.
  • Reported by Kr0emer.
  • CVE ID: CVE-2026-33891
  • GHSA ID: GHSA-5gfm-wpxj-wjgq
• HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
  • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.
  • Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33894
  • GHSA ID: GHSA-ppp5-5v6c-4jwp
• HIGH: Signature forgery in Ed25519 due to missing S < L check.
  • Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33895
  • GHSA ID: GHSA-q67f-28xg-22rw
• HIGH: basicConstraints bypass in certificate chain verification.
  • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.
  • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
  • CVE ID: CVE-2026-33896
  • GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

• fa385f9 Release 1.4.0.
• 07d4e16 Update changelog.
• cb90fd9 Update changelog.
• 963e7c5 Add unit test for "pseudonym"
• f0b6f5b Add pseudonym OID
• 3df48a3 Fix missing CVE ID.
• 2e49283 Add x509 basicConstraints check.
• bdecf11 Add canonical signature scaler check for S < L.
• af094e6 Add RSA padding and DigestInfo length checks.
• 796eeb1 Improve jsbn fix.
• Additional commits viewable in compare view

Updates nodemailer from 6.7.5 to 8.0.4

Release notes

Sourced from nodemailer's releases.

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

• sanitize envelope size to prevent SMTP command injection (2d7b971)

v8.0.3

8.0.3 (2026-03-18)

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

v8.0.2

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.4 (2026-03-25)

Bug Fixes

• sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)
• improve socket cleanup to prevent potential memory leaks (6069fdc)

7.0.13 (2026-01-27)

... (truncated)

Commits

• 2d31975 chore(master): release 8.0.4 (#1806)
• 2d7b971 fix: sanitize envelope size to prevent SMTP command injection
• 4e702e9 chore(master): release 8.0.3 (#1804)
• c803d90 fix: remove familySupportCache that broke DNS resolution tests
• e8c8b92 fix: fix cookie bugs, remove dead code, and improve hot-path efficiency
• 0e78ee1 chore: update dependencies
• af73b4c chore: upgrade GitHub Actions to latest versions
• 604b570 chore: simplify remaining lib modules for clarity and consistency
• 4ced83d chore: simplify shared, errors, mailer, mime-node, and mime-funcs modules
• 0cba16e chore: simplify smtp-pool with const, Object.assign, and cleaner control flow
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nodemailer since your current version.

Updates minimatch from 3.0.4 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates yaml from 1.10.2 to 1.10.3

Release notes

Sourced from yaml's releases.

v1.10.2

• prettier/prettier#10510

v1.10.1

This release backports the following non-breaking fixes made during the work on yaml@2 on top of yaml@1.10.0:

• Support for __proto__ as mapping key & anchor identifier (#192)
• Fix broken TS type for BigInt toggle
• Dump long keys properly (#195)
• When folding highly indented lines, require at least minContentWidth chars on the first line (#196)
• Fix YAML.stringify() for certain null values (#197)
• Do not break escaped chars with escaped newlines (#237, awslabs/cdk8s8)
• Set type: "module" within browser/dist/ (#208)
• Use CommonJS for the browser endpoints yaml/types & yaml/util (#208)
• Always stringify non-Node object keys using explicit notation (#218)
• Specify node type of Document.Parsed.contents (#221)
• Add missing type for CST Node.rangeAsLinePos (#222)
• Prefer literal over folded block scalar when lineWidth=0 is set (#232)
• Allow for empty lines after node props (#242)
• Update dev dependencies

v1.10.0

This will probably be the last minor release of yaml@1. I'm aiming to release yaml@2 within a few months; prereleases of that will be published using the next dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.

New Features

• Use Rollup for Node.js & browser builds (#165)
  • This removes most of the internal dist/ paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.
  • Drop dependency on @babel/runtime. After this, the package has 0 runtime dependencies. 🎉
  • Add exports { Alias, Collection, Merge, Node } to 'yaml/types'
• Document Schema.createPair() & make its ctx arg optional (#157)
• Always indent top-level scalars with lines starting with document markers or % directives (#162)
• Use double-space when forcing top-level block scalar indent, for clarity (#162)
• Add getNodes(): string[] method to Anchors (#166)
• Refactor Jest config, adding tests for compiled dist/ endpoints
• Rename & refactor source files. This should have no effect on the results, but lots of stuff moved around

Improved Errors & Warnings

• Throw more helpful error when setting Pair.commentBefore incorrectly (#157)
• Better errors for bad indents (#169)
• Drop incorrect error for flow mapping keys with length > 1024 chars
• Add errors for plain scalars that start with reserved indicators
• Add more explicit errors for block scalar values with bad indents
• Enable log prints during npm start debugging

Improved TypeScript declarations

• Fix/simplify export mapping of 'yaml/types' and 'yaml/util'
• Fix types, dropping AST.{AstNode,ScalarNode,CollectionNode} (#160)
• Add missing toString() methods to AST nodes (#159)
• Add directivesEndMarker to Document type (#167)

... (truncated)

Commits

• cfe8f04 1.10.3
• 7abcf45 fix: Catch stack overflow during CST composition
• a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
• a5e83b0 style: Apply updates Prettier rules
• b8ddca0 chore: Refresh lockfile
• 395f892 ci: Use a different (working) submodule checkout
• 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
• 4cdcde6 1.10.2
• 7c0e083 Allow for unindented comment after node props (#242)
• 8ef0157 1.10.1
• Additional commits viewable in compare view

Updates handlebars from 4.7.7 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #30.