Skip to content

Bump simple-git from 3.24.0 to 3.32.3#111

Merged
MaxGraey merged 1 commit intomainfrom
dependabot/npm_and_yarn/simple-git-3.32.3
Mar 30, 2026
Merged

Bump simple-git from 3.24.0 to 3.32.3#111
MaxGraey merged 1 commit intomainfrom
dependabot/npm_and_yarn/simple-git-3.32.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 10, 2026
edited
Loading

Bumps simple-git from 3.24.0 to 3.32.3.

Release notes

Sourced from simple-git's releases.

simple-git@3.32.3

Patch Changes

  • f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

    Thanks to @​CodeAnt-AI-Security for identifying the issue

simple-git@3.32.2

Patch Changes

  • 8d02097: Enhanced clone unsafe switch detection.

simple-git@3.32.1

Patch Changes

  • 23b070f: Fix regex for detecting unsafe clone options

    Thanks to @​stevenwdv for reporting this issue.

simple-git@3.32.0

Minor Changes

  • 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

    Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

  • d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

simple-git@3.31.1

Patch Changes

  • a44184f: Resolve NPM publish steps

simple-git@3.30.0

Minor Changes

  • bc77774: Correctly identify current branch name when using git.status in a cloned empty repo.

    Previously git.status would report the current branch name as No. Thank you to @​MaddyGuthridge for identifying this issue.

simple-git@3.28.0

Minor Changes

  • 2adf47d: Allow repeating git options like {'--opt': ['value1', 'value2']}

simple-git@3.27.0

Minor Changes

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.32.3

Patch Changes

  • f704208: Enhanced protocol.allow checks in allowUnsafeExtProtocol handling.

    Thanks to @​CodeAnt-AI-Security for identifying the issue

3.32.2

Patch Changes

  • 8d02097: Enhanced clone unsafe switch detection.

3.32.1

Patch Changes

  • 23b070f: Fix regex for detecting unsafe clone options

    Thanks to @​stevenwdv for reporting this issue.

3.32.0

Minor Changes

  • 1effd8e: Enhances the unsafe plugin to block additional cases where the -u switch may be disguised along with other single character options.

    Thanks to @​JuHwiSang for identifying this as vulnerability.

Patch Changes

  • d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.

3.31.1

Patch Changes

  • a44184f: Resolve NPM publish steps

3.31.0

Minor Changes

  • 22dc93f: Custom binary plugin should support the use of ~ character, used by Windows to shorten long folder names and folder names that have spaces in them (eg: C:\Program Files might become C:\PROGRA~1).

    Thanks to @​skyshineb for reporting this issue.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for simple-git since your current version.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 10, 2026
@MaxGraey
Copy link
Copy Markdown
Member

MaxGraey commented Mar 30, 2026

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/simple-git-3.32.3 branch from 5ab9e64 to ed536b7 Compare March 30, 2026 19:41
@MaxGraey
Copy link
Copy Markdown
Member

MaxGraey commented Mar 30, 2026

@dependabot rebase

@dependabot
Bump simple-git from 3.24.0 to 3.32.3
2199377 
Bumps [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) from 3.24.0 to 3.32.3.
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.32.3/simple-git)

---
updated-dependencies:
- dependency-name: simple-git
  dependency-version: 3.32.3
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/simple-git-3.32.3 branch from ed536b7 to 2199377 Compare March 30, 2026 20:21
@MaxGraey MaxGraey merged commit 5029057 into main Mar 30, 2026
2 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/simple-git-3.32.3 branch March 30, 2026 20:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MaxGraey