Skip to content

chore(deps): bump convict from 6.2.4 to 6.2.5#5067

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/convict-6.2.5
Open

chore(deps): bump convict from 6.2.4 to 6.2.5#5067
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/convict-6.2.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 26, 2026
edited
Loading

Bumps convict from 6.2.4 to 6.2.5.

Changelog

Sourced from convict's changelog.

6.2.5 (2026-03-19)

Bug Fixes

  • Consistent use of quotes in output (#405) (de1629a)
  • prevent prototype pollution bypass via String.prototype.startsWith override (d9a5491)
  • prevent prototype pollution via load() and loadFile() (3d7d836)
  • prevent prototype pollution via schema initialization (d251c47)
Commits
Maintainer changes

This version was pushed to npm by clouserw, a new releaser for convict since your current version.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 26, 2026
@phil-davis
Copy link
Copy Markdown
Contributor

phil-davis commented Apr 7, 2026

@dependabot recreate

@dependabot
Bump convict from 6.2.4 to 6.2.5
6b1324c 
Bumps [convict](https://github.com/mozilla/node-convict) from 6.2.4 to 6.2.5.
- [Changelog](https://github.com/mozilla/node-convict/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mozilla/node-convict/commits)

---
updated-dependencies:
- dependency-name: convict
  dependency-version: 6.2.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot changed the title Bump convict from 6.2.4 to 6.2.5 chore(deps): bump convict from 6.2.4 to 6.2.5 Apr 7, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/convict-6.2.5 branch from 6dd70d8 to 6b1324c Compare April 7, 2026 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mmattel mmattel Awaiting requested review from mmattel

@DeepDiver1975 DeepDiver1975 Awaiting requested review from DeepDiver1975

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@phil-davis