Commit d390490
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
build(deps): bump getsentry/craft from 2.26.3 to 2.26.5 (#6276)
Bumps [getsentry/craft](https://github.com/getsentry/craft) from 2.26.3
to 2.26.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/craft/releases">getsentry/craft's
releases</a>.</em></p>
<blockquote>
<h2>2.26.5</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>(security) Bump devalue override to ^5.8.1 (CVE-2026-42570) by <a
href="https://github.com/BYK"><code>@BYK</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/818">#818</a></li>
</ul>
<h2>2.26.4</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>(security) Prevent script injection in changelog-preview workflow by
<a
href="https://github.com/fix-it-felix-sentry"><code>@fix-it-felix-sentry</code></a>
in <a
href="https://redirect.github.com/getsentry/craft/pull/813">#813</a></li>
<li>Resolve open dependabot security alerts by <a
href="https://github.com/BYK"><code>@BYK</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/816">#816</a></li>
</ul>
<h3>Internal Changes 🔧</h3>
<ul>
<li>(deps-dev) Bump simple-git from 3.33.0 to 3.36.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/814">#814</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/craft/blob/master/CHANGELOG.md">getsentry/craft's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>2.26.5</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>(security) Bump devalue override to ^5.8.1 (CVE-2026-42570) by <a
href="https://github.com/BYK"><code>@BYK</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/818">#818</a></li>
</ul>
<h2>2.26.4</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>(security) Prevent script injection in changelog-preview workflow by
<a
href="https://github.com/fix-it-felix-sentry"><code>@fix-it-felix-sentry</code></a>
in <a
href="https://redirect.github.com/getsentry/craft/pull/813">#813</a></li>
<li>Resolve open dependabot security alerts by <a
href="https://github.com/BYK"><code>@BYK</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/816">#816</a></li>
</ul>
<h3>Internal Changes 🔧</h3>
<ul>
<li>(deps-dev) Bump simple-git from 3.33.0 to 3.36.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/814">#814</a></li>
</ul>
<h2>2.26.3</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>Prevent shell injection vulnerabilities in GitHub Actions workflows
by <a
href="https://github.com/fix-it-felix-sentry"><code>@fix-it-felix-sentry</code></a>
in <a
href="https://redirect.github.com/getsentry/craft/pull/811">#811</a></li>
</ul>
<h2>2.26.2</h2>
<h3>Security 🔒</h3>
<ul>
<li>(deps) Bump uuid to ^14.0.0 (fix GHSA-w5hq-g745-h8pq) by <a
href="https://github.com/BYK"><code>@BYK</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/810">#810</a></li>
</ul>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>(prepare) Remove --allow-remote-config gate by <a
href="https://github.com/BYK"><code>@BYK</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/809">#809</a></li>
</ul>
<h3>Internal Changes 🔧</h3>
<ul>
<li>(deps) Bump astro from 5.18.1 to 6.1.6 in /docs by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/806">#806</a></li>
<li>(deps-dev) Bump fast-xml-parser from 5.5.7 to 5.7.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/808">#808</a></li>
</ul>
<h2>2.26.1</h2>
<h3>Security 🔒</h3>
<ul>
<li>(release-env) Allowlist GITHUB_* and RUNNER_* by prefix by <a
href="https://github.com/BYK"><code>@BYK</code></a> in <a
href="https://redirect.github.com/getsentry/craft/pull/807">#807</a></li>
</ul>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>(npm) Tolerate workspace:* deps in version bump and bun.lock
patching by <a href="https://github.com/BYK"><code>@BYK</code></a> in
<a
href="https://redirect.github.com/getsentry/craft/pull/805">#805</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/getsentry/craft/commit/bc2e6a9952e62250e5469d5a853a7a438692ccc1"><code>bc2e6a9</code></a>
release: 2.26.5</li>
<li><a
href="https://github.com/getsentry/craft/commit/60b80e5cc225989718235c710132ed21aa4cda8f"><code>60b80e5</code></a>
fix(security): bump devalue override to ^5.8.1 (CVE-2026-42570) (<a
href="https://redirect.github.com/getsentry/craft/issues/818">#818</a>)</li>
<li><a
href="https://github.com/getsentry/craft/commit/7bd293105a1819725fe96a720732e3a42eb76899"><code>7bd2931</code></a>
meta: Bump new development version</li>
<li><a
href="https://github.com/getsentry/craft/commit/1389909e60043a0d86efaec861b826d1ea005d2a"><code>1389909</code></a>
Merge branch 'release/2.26.4'</li>
<li><a
href="https://github.com/getsentry/craft/commit/70714dda896a3f5d5ad0a3e55b1d73a64ee7bf8f"><code>70714dd</code></a>
release: 2.26.4</li>
<li><a
href="https://github.com/getsentry/craft/commit/a7098dacedd5059c79c16f91904fbf9d5ad7452e"><code>a7098da</code></a>
fix: resolve open dependabot security alerts (<a
href="https://redirect.github.com/getsentry/craft/issues/816">#816</a>)</li>
<li><a
href="https://github.com/getsentry/craft/commit/ebbd176584274b992ba3d0571c02d63d059ba1c8"><code>ebbd176</code></a>
build(deps-dev): bump simple-git from 3.33.0 to 3.36.0 (<a
href="https://redirect.github.com/getsentry/craft/issues/814">#814</a>)</li>
<li><a
href="https://github.com/getsentry/craft/commit/134b6504b320fe5c0cb320143451ff0c416d1b5b"><code>134b650</code></a>
fix(security): Prevent script injection in changelog-preview workflow
(<a
href="https://redirect.github.com/getsentry/craft/issues/813">#813</a>)</li>
<li><a
href="https://github.com/getsentry/craft/commit/e04c7038371fc9b874a6df2ca18ab667e7f6f61d"><code>e04c703</code></a>
meta: Bump new development version</li>
<li><a
href="https://github.com/getsentry/craft/commit/0589632c86a4e90293b982df8bfecc3afce3e36c"><code>0589632</code></a>
Merge branch 'release/2.26.3'</li>
<li>See full diff in <a
href="https://github.com/getsentry/craft/compare/bae212ca7aec50bb716eafd387c80bcfb28da937...bc2e6a9952e62250e5469d5a853a7a438692ccc1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 00e617d commit d390490
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
34 | | - | |
| 34 | + | |
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
| |||
0 commit comments