chore(deps-dev): bump @microsoft/api-extractor from 7.36.3 to 7.58.7
Open
Number: #555
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 2
dependabot[bot]Association: Unknown
Comments: 2
Created:
May 04, 2026 at 03:42 AM UTC
(about 2 months ago)
(about 2 months ago)
Updated:
May 04, 2026 at 03:43 AM UTC
(about 2 months ago)
(about 2 months ago)
Labels:
type: dependencies
type: dependencies
Description:
Bumps @microsoft/api-extractor from 7.36.3 to 7.58.7.
Changelog
Sourced from @microsoft/api-extractor's changelog.
7.58.7
Mon, 20 Apr 2026 23:31:13 GMT
Version update only
7.58.6
Mon, 20 Apr 2026 15:15:24 GMT
Patches
- Fix an issue where empty lines were included in DTS rollups in place of API items that were trimmed.
7.58.5
Sat, 18 Apr 2026 03:47:10 GMT
Version update only
7.58.4
Sat, 18 Apr 2026 00:15:16 GMT
Patches
- Bump semver.
7.58.3
Fri, 17 Apr 2026 15:14:57 GMT
Patches
- Remove dependecy on
lodash.7.58.2
Thu, 09 Apr 2026 00:15:07 GMT
Version update only
7.58.1
Sat, 04 Apr 2026 00:14:00 GMT
Patches
- Bump lodash 4.18.1 to address CVEs GHSA-r5fr-rjxr-66jc, GHSA-f23m-r3pf-42rh
7.58.0
Wed, 01 Apr 2026 15:13:38 GMT
Minor changes
- Upgrade the bundled compiler engine to TypeScript 5.9.3
... (truncated)
Commits
7a6a5f3Bump versions [skip ci]d0c8fd6Update changelogs [skip ci]488875fBump versions [skip ci]9289357Update changelogs [skip ci]3793e2c[api-extractor] Fixed empty lines for removed lines (#5736)958d907chore: bump decoupled local dependencies (#5779)847353eBump versions [skip ci]2423419Update changelogs [skip ci]81eb9d9Bump versions [skip ci]aa253e3Update changelogs [skip ci]- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions |
|---|---|
| @microsoft/api-extractor | [< 7.25, > 7.24.0] |
| @microsoft/api-extractor | [< 7.29, > 7.28.4] |
| @microsoft/api-extractor | [< 7.30, > 7.29.3] |
| @microsoft/api-extractor | [< 7.33, > 7.32.0] |
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Security Advisories
lodash vulnerable to Code Injection via `_.template` imports key names
GHSA-r5fr-rjxr-66jc
CVE-2026-4800
HIGH
### Impact
The fix for [CVE-2021-23337](https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the `variable` option in `_.template` but did not apply the same validation to `opti...
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
GHSA-f23m-r3pf-42rh
CVE-2026-2950
MODERATE
### Impact
Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. The fix for [CVE-2025-13465](https://github.com/lodash/lodash/security...
Technical Details
| ID: | 15635187 |
| UUID: | 4373875885 |
| Node ID: | PR_kwDOG5lbN87X3mkD |
| Host: | GitHub |
| Repository: | OpenFunction/functions-framework-nodejs |