Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

chore(deps-dev): bump @microsoft/api-extractor from 7.36.3 to 7.58.0

Closed
Number: #545
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 4
Created: April 02, 2026 at 05:54 AM UTC
(3 months ago)
Updated: May 04, 2026 at 03:42 AM UTC
(about 2 months ago)
Closed: May 04, 2026 at 03:42 AM UTC
(about 2 months ago)
Time to Close: about 1 month
Labels:
type: dependencies stale
Description:

Bumps @microsoft/api-extractor from 7.36.3 to 7.58.0.

Changelog

Sourced from @​microsoft/api-extractor's changelog.

7.58.0

Wed, 01 Apr 2026 15:13:38 GMT

Minor changes

  • Upgrade the bundled compiler engine to TypeScript 5.9.3

7.57.8

Tue, 31 Mar 2026 15:14:14 GMT

Version update only

7.57.7

Mon, 09 Mar 2026 15:14:07 GMT

Patches

  • Bump minimatch version from 10.2.1 to 10.2.3 to address CVE-2026-27903.

7.57.6

Wed, 25 Feb 2026 21:39:42 GMT

Patches

  • Bump @microsoft/tsdoc-config to ~0.18.1 to mitigate CVE-2025-69873.

7.57.5

Wed, 25 Feb 2026 00:34:29 GMT

Version update only

7.57.4

Tue, 24 Feb 2026 01:13:27 GMT

Version update only

7.57.3

Mon, 23 Feb 2026 00:42:21 GMT

Patches

  • Add missing "./extends/*.json" to the package.json "exports" field so that "@​microsoft/api-extractor/extends/tsdoc-base.json" is importable.

7.57.2

Fri, 20 Feb 2026 16:14:49 GMT

Patches

  • Bump minimatch from 10.1.2 to 10.2.1

... (truncated)

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
@microsoft/api-extractor [< 7.25, > 7.24.0]
@microsoft/api-extractor [< 7.29, > 7.28.4]
@microsoft/api-extractor [< 7.30, > 7.29.3]
@microsoft/api-extractor [< 7.33, > 7.32.0]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Package:
@microsoft/api-extractor
Ecosystem:
npm
Version Change:
7.36.3 → 7.58.0
Update Type:
Minor
Security Advisories
ajv has ReDoS when using `$data` option
GHSA-2g4f-4pwh-qvx6 CVE-2025-69873 MODERATE
ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the `$data` option is enabled. The pattern keyword accepts runtime data...
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
GHSA-7r86-cg39-jmmj CVE-2026-27903 HIGH
### Summary `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexit...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 15635183
UUID: 4191877121
Node ID: PR_kwDOG5lbN87PdNgn
Host: GitHub
Repository: OpenFunction/functions-framework-nodejs