Skip to content

Bump cipher-base from 1.0.4 to 1.0.7#4

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/cipher-base-1.0.7
Open

Bump cipher-base from 1.0.4 to 1.0.7#4
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/cipher-base-1.0.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps cipher-base from 1.0.4 to 1.0.7.

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

  • [Refactor] use to-buffer fd1e5ee
  • [Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

  • [Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

  • [Tests] standard -> eslint, make test dir, etc ae02fd6
  • [Tests] migrate from travis to GHA 66387d7
  • [meta] fix package.json indentation 5c02918
  • [Fix] return valid values on multi-byte-wide TypedArray input 8fd1364
  • [meta] add auto-changelog 88dc806
  • [meta] add npmignore and safe-publish-latest 7a137d7
  • Only apps should have lockfiles 42528f2
  • [Deps] update inherits, safe-buffer 0e7a2d9
  • [meta] add missing engines.node f2dc13e
Commits
  • 0056718 v1.0.7
  • fd1e5ee [Refactor] use to-buffer
  • 08ba803 [Dev Deps] update @ljharb/eslint-config
  • f5249f9 v1.0.6
  • b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
  • f03cebf v1.0.5
  • 88dc806 [meta] add auto-changelog
  • 7a137d7 [meta] add npmignore and safe-publish-latest
  • 5c02918 [meta] fix package.json indentation
  • 8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 17, 2026
Bumps [cipher-base](https://github.com/crypto-browserify/cipher-base) from 1.0.4 to 1.0.7.
- [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md)
- [Commits](browserify/cipher-base@v1.0.4...v1.0.7)

---
updated-dependencies:
- dependency-name: cipher-base
  dependency-version: 1.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/cipher-base-1.0.7 branch from e89c991 to ee9beff Compare July 17, 2026 13:56
@joostfaassen

Copy link
Copy Markdown
Member

🤖 Dependabot PR processing skill — risk assessment

Acting on behalf of Joost Faassen.

Decision

Do not merge automatically — assessed risk: high

What changed

Title Bump cipher-base from 1.0.4 to 1.0.7
Semver patch (1.0.41.0.7)
Files (1) package-lock.json
Diff size +448 / −9

Why this was not merged automatically

  1. The package name or changed path matches a sensitive pattern (security, auth, crypto, payment, or infrastructure).
  2. Those updates deserve an explicit human look even when CI is green.
  3. Left open for human review.

Checks considered

  • Pull request is mergeable with a clean merge state
  • No failing / timed-out / cancelled required checks observed
  • Diff inspected for manifests/lockfiles only vs unexpected paths
  • Package/path screened against sensitive dependency patterns

Automated assessment by the Dependabot PR processing skill. Detail stays in this comment; the merge commit message is kept short on purpose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant