Bump tmp and @inquirer/editor

Open

Number: #286
Type: Pull Request
State: Open

Author:

dependabot[bot]
Association: Contributor
Comments: 0

Created: September 30, 2025 at 06:36 PM UTC
(5 months ago)

Updated: September 30, 2025 at 06:36 PM UTC
(5 months ago)

Labels:
dependencies javascript

Description:

Bumps tmp and @inquirer/editor. These dependencies needed to be updated together.
Updates tmp from 0.2.3 to 0.2.5

Commits

3d2fe38 Bump up the version
e162828 Merge pull request #309 from fflorent/fix-tmp-dir-with-dir
b847d2f Fix use of tmp.dir() with dir option
08fa3ab Update version
1cf4ec5 Merge commit from fork
188b25e Fix GHSA-52f5-9888-hmc6
73b9fe4 Add test case for GHSA-52f5-9888-hmc6
b8e2f29 Remove broken tests
2892a02 Remove outdated URL
f592318 Reformat package.json
Additional commits viewable in compare view

Updates @inquirer/editor from 4.2.13 to 4.2.20

Commits

8300fe3 Publish
b85cbe2 chore: Speed up linting CI stage
8fc86fe feat: Introduce @inquirer/core/ansi export
dcca892 chore(@inquirer/testing): Remove unnecessary ansi code filtering logic
daef4f5 chore: Bump yarn + yarn dedupe
62045dc Publish
7e75de6 Publish
b8361c5 fix(@inquirer/rawlist): Properly handle specified numeric keys (previously wo...
e3aed9c Chore(deps): Bump actions/setup-node from 4 to 5 (#1832)
93c7750 Chore(deps-dev): Bump the linting group with 6 updates (#1831)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Pull Request Statistics

Commits:
1

Files Changed:
1

Additions:
+82

Deletions:
-62

Package Dependencies

Package:
@inquirer/editor

Ecosystem:
npm

Version Change:
4.2.13 → 4.2.20

Update Type:
Patch

Package:
tmp

Ecosystem:
npm

Version Change:
0.2.3 → 0.2.5

Update Type:
Patch

Security Advisories

tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

GHSA-52f5-9888-hmc6 CVE-2025-54798 LOW

### Summary `tmp@0.2.3` is vulnerable to an Arbitrary temporary file / directory write via symbolic link `dir` parameter. ### Details According to the documentation there are some conditions th...

Actions

View on GitHub View Repository All Dependabot PRs

Technical Details

ID:	`10167821`
UUID:	`2875609175`
Node ID:	`PR_kwDOB3daC86rZlBX`
Host:	GitHub
Repository:	plotly/angular-plotly.js
Merge State:	Unknown

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot