Bump tmp and web-ext #615

dependabot · 2025-09-29T17:34:10Z

Bumps tmp to 0.2.5 and updates ancestor dependency web-ext. These dependencies need to be updated together.

Updates tmp from 0.2.3 to 0.2.5

Commits

3d2fe38 Bump up the version
e162828 Merge pull request #309 from fflorent/fix-tmp-dir-with-dir
b847d2f Fix use of tmp.dir() with dir option
08fa3ab Update version
1cf4ec5 Merge commit from fork
188b25e Fix GHSA-52f5-9888-hmc6
73b9fe4 Add test case for GHSA-52f5-9888-hmc6
b8e2f29 Remove broken tests
2892a02 Remove outdated URL
f592318 Reformat package.json
Additional commits viewable in compare view

Updates web-ext from 8.7.1 to 8.10.0

Release notes

8.10.0

main changes

Added: Enable support for data collection permissions in web-ext lint (#3514)

Added: web-ext lint supports Firefox schema up to 144 (included) (#3513)

dependencies

Updated: dependency @babel/runtime to 7.28.4 (#3506)

Updated: dependency addons-linter to 7.20.0 (#3513)

Updated: dependency decamelize to 6.0.1 (#3495)

Updated: dependency pino to 9.9.5 (#3510)

Updated: dependency strip-json-comments to 5.0.3 (#3482)

Updated: dependency tmp to 0.2.5 (#3483)

dev dependencies

Updated: dependency @babel/preset-env to 7.28.3 (#3487)

Updated: dependency @babel/register to 7.28.3 (#3489)

Updated: dependency @babel/cli to 7.28.3 (#3488)

Updated: dependency chai to 6.0.1 (#3498)

Updated: dependency @babel/eslint-parser to 7.28.4 (#3505)

Updated: dependency chai-as-promised to 8.0.2 (#3497)

Updated: dependency babel-plugin-istanbul to 7.0.1 (#3508)

Updated: dependency @babel/core to 7.28.4 (#3507)

Updated: dependency fs-extra to 11.3.2 (#3512)

Updated: dependency mocha to 11.7.2 (#3502)

See all changes: mozilla/web-ext@8.9.0...8.10.0

8.9.0

main changes

Fixed: Correct file name in web-ext submit in Node 24 (#3466)

dependencies

Updated: dependency addons-linter to 7.18.0 (#3471)

Updated: dependency open to 10.2.0 (#3469)

dev dependencies

Updated: dependency @babel/cli to 7.28.0 (#3462)

Updated: dependency @babel/core to 7.28.0 (#3461)

Updated: dependency @babel/eslint-parser to 7.28.0 (#3464)

Updated: dependency @babel/preset-env to 7.28.0 (#3463)

Updated: dependency chai to 5.2.1 (#3467)

Updated: dependency eslint-plugin-import to 2.32.0 (#3454)

... (truncated)

Commits

cd9a383 8.10.0
33b9878 feat: Enable data collection permissions (#3514)
9c8da1a chore(deps-dev): bump @babel/preset-env from 7.28.0 to 7.28.3 (#3487)
d8c3af9 chore(deps-dev): bump @babel/register from 7.27.1 to 7.28.3 (#3489)
c4c5074 chore(deps-dev): bump @babel/cli from 7.28.0 to 7.28.3 (#3488)
b13ef5a chore(deps): bump decamelize from 6.0.0 to 6.0.1 (#3495)
9acf80d chore(deps-dev): bump chai from 5.2.1 to 6.0.1 (#3498)
dd82570 chore(deps-dev): bump @babel/eslint-parser from 7.28.0 to 7.28.4 (#3505)
33e64f2 chore(deps-dev): bump chai-as-promised from 8.0.1 to 8.0.2 (#3497)
ebe743a chore(deps): bump pino from 9.7.0 to 9.9.5 (#3510)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [tmp](https://github.com/raszi/node-tmp) to 0.2.5 and updates ancestor dependency [web-ext](https://github.com/mozilla/web-ext). These dependencies need to be updated together. Updates `tmp` from 0.2.3 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.3...v0.2.5) Updates `web-ext` from 8.7.1 to 8.10.0 - [Release notes](https://github.com/mozilla/web-ext/releases) - [Commits](mozilla/web-ext@8.7.1...8.10.0) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect - dependency-name: web-ext dependency-version: 8.10.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 29, 2025

SebastianZimmeck merged commit 4977c62 into main Sep 30, 2025
1 check passed

dependabot bot deleted the dependabot/npm_and_yarn/multi-d9e3f96976 branch September 30, 2025 12:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Bump tmp and web-ext #615

Bump tmp and web-ext #615

dependabot bot commented on behalf of github Sep 29, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Bump tmp and web-ext #615

Bump tmp and web-ext #615

Conversation

dependabot bot commented on behalf of github Sep 29, 2025

8.10.0

main changes

dependencies

dev dependencies

8.9.0

main changes

dependencies

dev dependencies

Uh oh!

Uh oh!

Uh oh!