From c50ecdcf1f43ef154410e6e1125e0f267ba7bcb2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:36:22 -0800 Subject: [PATCH 01/23] chore(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 (#5922) [skip ci] Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.1 to 4.8.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/40c09b7dc99638e5ddb0bfd91c1673effc064d8a...3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.8.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 6008389057..3b3db21507 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -19,4 +19,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.3.0 - name: 'Dependency Review' - uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1 + uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 From 74ba542529809fbaf300d2cf0e7b1ca87ad7e0f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:36:36 -0800 Subject: [PATCH 02/23] chore(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#5923) [skip ci] Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...fe4161a26a8629af62121b670040955b330f9af2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-advanced.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-advanced.yml b/.github/workflows/codeql-advanced.yml index 71100719e1..6fe78f3128 100644 --- a/.github/workflows/codeql-advanced.yml +++ b/.github/workflows/codeql-advanced.yml @@ -70,7 +70,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -98,6 +98,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3326fad640..f49b158478 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: sarif_file: results.sarif \ No newline at end of file From 560b09eed6d189bf149083f99edf499cf7b31365 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:36:56 -0800 Subject: [PATCH 03/23] chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 (#5924) [skip ci] Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.1 to 2.13.2. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a...95d9a5deda9de15063e7595e9719c11c38c90ae2) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/npm_release_cli.yml | 2 +- .github/workflows/npm_release_doctor.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_release_cli.yml b/.github/workflows/npm_release_cli.yml index 489cb16378..8175ab542a 100644 --- a/.github/workflows/npm_release_cli.yml +++ b/.github/workflows/npm_release_cli.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/npm_release_doctor.yml b/.github/workflows/npm_release_doctor.yml index aad6142ed1..fd2543d6d4 100644 --- a/.github/workflows/npm_release_doctor.yml +++ b/.github/workflows/npm_release_doctor.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit From 2d5f5520638e26bdc50dbc7ddb1fd7bad8783733 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:37:21 -0800 Subject: [PATCH 04/23] chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#5925) [skip ci] Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-advanced.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/npm_release_cli.yml | 2 +- .github/workflows/npm_release_doctor.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-advanced.yml b/.github/workflows/codeql-advanced.yml index 6fe78f3128..9f731daa32 100644 --- a/.github/workflows/codeql-advanced.yml +++ b/.github/workflows/codeql-advanced.yml @@ -60,7 +60,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3b3db21507..82ceae0442 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,6 +17,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.3.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.3.0 - name: 'Dependency Review' uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 diff --git a/.github/workflows/npm_release_cli.yml b/.github/workflows/npm_release_cli.yml index 8175ab542a..2cd6857ca0 100644 --- a/.github/workflows/npm_release_cli.yml +++ b/.github/workflows/npm_release_cli.yml @@ -24,7 +24,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: diff --git a/.github/workflows/npm_release_doctor.yml b/.github/workflows/npm_release_doctor.yml index fd2543d6d4..1d9338bb68 100644 --- a/.github/workflows/npm_release_doctor.yml +++ b/.github/workflows/npm_release_doctor.yml @@ -28,7 +28,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Setup run: npm install diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f49b158478..d5be119fe5 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.3.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.3.0 with: persist-credentials: false From 1de0b28679ffd43c516baca9c14980b8e3f1bc8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:38:21 -0800 Subject: [PATCH 05/23] chore(deps-dev): bump mocha from 11.7.4 to 11.7.5 (#5926) [skip ci] Bumps [mocha](https://github.com/mochajs/mocha) from 11.7.4 to 11.7.5. - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/v11.7.5/CHANGELOG.md) - [Commits](https://github.com/mochajs/mocha/compare/v11.7.4...v11.7.5) --- updated-dependencies: - dependency-name: mocha dependency-version: 11.7.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 13 ++++++------- package.json | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index e5aaf85be7..58302a2428 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "nativescript", - "version": "9.0.0", + "version": "9.0.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "nativescript", - "version": "9.0.0", + "version": "9.0.1", "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { @@ -115,7 +115,7 @@ "husky": "9.1.7", "istanbul": "0.4.5", "lint-staged": "~15.5.2", - "mocha": "11.7.4", + "mocha": "11.7.5", "sinon": "19.0.5", "source-map-support": "0.5.21", "xml2js": ">=0.5.0" @@ -3794,7 +3794,6 @@ "integrity": "sha512-tQMagCOC59EVgNZcC5zl7XqO30Wki9i9J3acbUvkaosCT6JX3EeFwJD7Qqp4MCikRnzS18WXV3BLIQ66ytu6+Q==", "dev": true, "license": "MIT", - "peer": true, "engines": { "node": ">=18" } @@ -8423,9 +8422,9 @@ } }, "node_modules/mocha": { - "version": "11.7.4", - "resolved": "https://registry.npmjs.org/mocha/-/mocha-11.7.4.tgz", - "integrity": "sha512-1jYAaY8x0kAZ0XszLWu14pzsf4KV740Gld4HXkhNTXwcHx4AUEDkPzgEHg9CM5dVcW+zv036tjpsEbLraPJj4w==", + "version": "11.7.5", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-11.7.5.tgz", + "integrity": "sha512-mTT6RgopEYABzXWFx+GcJ+ZQ32kp4fMf0xvpZIIfSq9Z8lC/++MtcCnQ9t5FP2veYEP95FIYSvW+U9fV4xrlig==", "dev": true, "license": "MIT", "dependencies": { diff --git a/package.json b/package.json index e33128e271..eca8886e65 100644 --- a/package.json +++ b/package.json @@ -153,7 +153,7 @@ "husky": "9.1.7", "istanbul": "0.4.5", "lint-staged": "~15.5.2", - "mocha": "11.7.4", + "mocha": "11.7.5", "sinon": "19.0.5", "source-map-support": "0.5.21", "xml2js": ">=0.5.0" From 3bb01538421612384a84c2dfb9c5b246cb8e2089 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:38:34 -0800 Subject: [PATCH 06/23] chore(deps): bump @npmcli/arborist from 9.1.6 to 9.1.8 (#5927) [skip ci] Bumps [@npmcli/arborist](https://github.com/npm/cli/tree/HEAD/workspaces/arborist) from 9.1.6 to 9.1.8. - [Release notes](https://github.com/npm/cli/releases) - [Changelog](https://github.com/npm/cli/blob/latest/workspaces/arborist/CHANGELOG.md) - [Commits](https://github.com/npm/cli/commits/arborist-v9.1.8/workspaces/arborist) --- updated-dependencies: - dependency-name: "@npmcli/arborist" dependency-version: 9.1.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 327 +++++++++++++++++++++++++--------------------- package.json | 2 +- 2 files changed, 177 insertions(+), 152 deletions(-) diff --git a/package-lock.json b/package-lock.json index 58302a2428..38002746a7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "@foxt/js-srp": "0.0.3-patch2", "@nativescript/doctor": "2.0.17", "@nativescript/hook": "3.0.4", - "@npmcli/arborist": "9.1.6", + "@npmcli/arborist": "9.1.8", "@nstudio/trapezedev-project": "7.2.3", "@rigor789/resolve-package-path": "1.0.7", "archiver": "7.0.1", @@ -1004,42 +1004,42 @@ } }, "node_modules/@npmcli/arborist": { - "version": "9.1.6", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-9.1.6.tgz", - "integrity": "sha512-c5Pr3EG8UP5ollkJy2x+UdEQC5sEHe3H9whYn6hb2HJimAKS4zmoJkx5acCiR/g4P38RnCSMlsYQyyHnKYeLvQ==", + "version": "9.1.8", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-9.1.8.tgz", + "integrity": "sha512-TYAzq0oaXQU+uLfXFbR2wYx62qHIOSg/TYhGWJSphJDypyjdNXC7B/+k29ElC2vWlWfX4OJnhmSY5DTwSFiNpg==", "license": "ISC", "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/fs": "^4.0.0", - "@npmcli/installed-package-contents": "^3.0.0", + "@npmcli/fs": "^5.0.0", + "@npmcli/installed-package-contents": "^4.0.0", "@npmcli/map-workspaces": "^5.0.0", "@npmcli/metavuln-calculator": "^9.0.2", - "@npmcli/name-from-folder": "^3.0.0", - "@npmcli/node-gyp": "^4.0.0", + "@npmcli/name-from-folder": "^4.0.0", + "@npmcli/node-gyp": "^5.0.0", "@npmcli/package-json": "^7.0.0", - "@npmcli/query": "^4.0.0", - "@npmcli/redact": "^3.0.0", + "@npmcli/query": "^5.0.0", + "@npmcli/redact": "^4.0.0", "@npmcli/run-script": "^10.0.0", - "bin-links": "^5.0.0", + "bin-links": "^6.0.0", "cacache": "^20.0.1", "common-ancestor-path": "^1.0.1", "hosted-git-info": "^9.0.0", "json-stringify-nice": "^1.1.4", "lru-cache": "^11.2.1", "minimatch": "^10.0.3", - "nopt": "^8.0.0", - "npm-install-checks": "^7.1.0", + "nopt": "^9.0.0", + "npm-install-checks": "^8.0.0", "npm-package-arg": "^13.0.0", "npm-pick-manifest": "^11.0.1", "npm-registry-fetch": "^19.0.0", "pacote": "^21.0.2", - "parse-conflict-json": "^4.0.0", - "proc-log": "^5.0.0", - "proggy": "^3.0.0", + "parse-conflict-json": "^5.0.1", + "proc-log": "^6.0.0", + "proggy": "^4.0.0", "promise-all-reject-late": "^1.0.0", "promise-call-limit": "^3.0.1", "semver": "^7.3.7", - "ssri": "^12.0.0", + "ssri": "^13.0.0", "treeverse": "^3.0.0", "walk-up-path": "^4.0.0" }, @@ -1050,6 +1050,85 @@ "node": "^20.17.0 || >=22.9.0" } }, + "node_modules/@npmcli/arborist/node_modules/@npmcli/fs": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-5.0.0.tgz", + "integrity": "sha512-7OsC1gNORBEawOa5+j2pXN9vsicaIOH5cPXxoR6fJOmH6/EXpJB2CajXOu1fPRFun2m1lktEFX11+P89hqO/og==", + "license": "ISC", + "dependencies": { + "semver": "^7.3.5" + }, + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/@npmcli/arborist/node_modules/@npmcli/installed-package-contents": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/installed-package-contents/-/installed-package-contents-4.0.0.tgz", + "integrity": "sha512-yNyAdkBxB72gtZ4GrwXCM0ZUedo9nIbOMKfGjt6Cu6DXf0p8y1PViZAKDC8q8kv/fufx0WTjRBdSlyrvnP7hmA==", + "license": "ISC", + "dependencies": { + "npm-bundled": "^5.0.0", + "npm-normalize-package-bin": "^5.0.0" + }, + "bin": { + "installed-package-contents": "bin/index.js" + }, + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/@npmcli/arborist/node_modules/minipass": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", + "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", + "license": "ISC", + "engines": { + "node": ">=16 || 14 >=14.17" + } + }, + "node_modules/@npmcli/arborist/node_modules/npm-bundled": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/npm-bundled/-/npm-bundled-5.0.0.tgz", + "integrity": "sha512-JLSpbzh6UUXIEoqPsYBvVNVmyrjVZ1fzEFbqxKkTJQkWBO3xFzFT+KDnSKQWwOQNbuWRwt5LSD6HOTLGIWzfrw==", + "license": "ISC", + "dependencies": { + "npm-normalize-package-bin": "^5.0.0" + }, + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/@npmcli/arborist/node_modules/npm-normalize-package-bin": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-5.0.0.tgz", + "integrity": "sha512-CJi3OS4JLsNMmr2u07OJlhcrPxCeOeP/4xq67aWNai6TNWWbTrlNDgl8NcFKVlcBKp18GPj+EzbNIgrBfZhsag==", + "license": "ISC", + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/@npmcli/arborist/node_modules/proc-log": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-6.1.0.tgz", + "integrity": "sha512-iG+GYldRf2BQ0UDUAd6JQ/RwzaQy6mXmsk/IzlYyal4A4SNFw54MeH4/tLkF4I5WoWG9SQwuqWzS99jaFQHBuQ==", + "license": "ISC", + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/@npmcli/arborist/node_modules/ssri": { + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-13.0.0.tgz", + "integrity": "sha512-yizwGBpbCn4YomB2lzhZqrHLJoqFGXihNbib3ozhqF/cIp5ue+xSmOQrjNasEE62hFxsCcg/V/z23t4n8jMEng==", + "license": "ISC", + "dependencies": { + "minipass": "^7.0.3" + }, + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, "node_modules/@npmcli/fs": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-4.0.0.tgz", @@ -1121,15 +1200,6 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/@npmcli/map-workspaces/node_modules/@npmcli/name-from-folder": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/name-from-folder/-/name-from-folder-4.0.0.tgz", - "integrity": "sha512-qfrhVlOSqmKM8i6rkNdZzABj8MKEITGFAY+4teqBziksCQAOLutiAxM1wY2BKEd8KjUSpWmWCYxvXr0y4VTlPg==", - "license": "ISC", - "engines": { - "node": "^20.17.0 || >=22.9.0" - } - }, "node_modules/@npmcli/metavuln-calculator": { "version": "9.0.3", "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-9.0.3.tgz", @@ -1156,21 +1226,21 @@ } }, "node_modules/@npmcli/name-from-folder": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/name-from-folder/-/name-from-folder-3.0.0.tgz", - "integrity": "sha512-61cDL8LUc9y80fXn+lir+iVt8IS0xHqEKwPu/5jCjxQTVoSCmkXvw4vbMrzAMtmghz3/AkiBjhHkDKUH+kf7kA==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/name-from-folder/-/name-from-folder-4.0.0.tgz", + "integrity": "sha512-qfrhVlOSqmKM8i6rkNdZzABj8MKEITGFAY+4teqBziksCQAOLutiAxM1wY2BKEd8KjUSpWmWCYxvXr0y4VTlPg==", "license": "ISC", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/@npmcli/node-gyp": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/node-gyp/-/node-gyp-4.0.0.tgz", - "integrity": "sha512-+t5DZ6mO/QFh78PByMq1fGSAub/agLJZDRfJRMeOSNCt8s9YVlTjmGpIPwPhvXTGUIJk+WszlT0rQa1W33yzNA==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/node-gyp/-/node-gyp-5.0.0.tgz", + "integrity": "sha512-uuG5HZFXLfyFKqg8QypsmgLQW7smiRjVc45bqD/ofZZcR/uxEjgQU8qDPv0s9TEeMUiAAU/GC5bR6++UdTirIQ==", "license": "ISC", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/@npmcli/package-json": { @@ -1213,24 +1283,24 @@ } }, "node_modules/@npmcli/query": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-4.0.1.tgz", - "integrity": "sha512-4OIPFb4weUUwkDXJf4Hh1inAn8neBGq3xsH4ZsAaN6FK3ldrFkH7jSpCc7N9xesi0Sp+EBXJ9eGMDrEww2Ztqw==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-5.0.0.tgz", + "integrity": "sha512-8TZWfTQOsODpLqo9SVhVjHovmKXNpevHU0gO9e+y4V4fRIOneiXy0u0sMP9LmS71XivrEWfZWg50ReH4WRT4aQ==", "license": "ISC", "dependencies": { "postcss-selector-parser": "^7.0.0" }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/@npmcli/redact": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/@npmcli/redact/-/redact-3.2.2.tgz", - "integrity": "sha512-7VmYAmk4csGv08QzrDKScdzn11jHPFGyqJW39FyPgPuAp3zIaUmuCo1yxw9aGs+NEJuTGQ9Gwqpt93vtJubucg==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/redact/-/redact-4.0.0.tgz", + "integrity": "sha512-gOBg5YHMfZy+TfHArfVogwgfBeQnKbbGo3pSUyK/gSI0AVu+pEiDVcKlQb0D8Mg1LNRZILZ6XG8I5dJ4KuAd9Q==", "license": "ISC", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/@npmcli/run-script": { @@ -1250,15 +1320,6 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/@npmcli/run-script/node_modules/@npmcli/node-gyp": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/node-gyp/-/node-gyp-5.0.0.tgz", - "integrity": "sha512-uuG5HZFXLfyFKqg8QypsmgLQW7smiRjVc45bqD/ofZZcR/uxEjgQU8qDPv0s9TEeMUiAAU/GC5bR6++UdTirIQ==", - "license": "ISC", - "engines": { - "node": "^20.17.0 || >=22.9.0" - } - }, "node_modules/@npmcli/run-script/node_modules/proc-log": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-6.0.0.tgz", @@ -2713,19 +2774,37 @@ } }, "node_modules/bin-links": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/bin-links/-/bin-links-5.0.0.tgz", - "integrity": "sha512-sdleLVfCjBtgO5cNjA2HVRvWBJAHs4zwenaCPMNJAJU0yNxpzj80IpjOIimkpkr+mhlA+how5poQtt53PygbHA==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/bin-links/-/bin-links-6.0.0.tgz", + "integrity": "sha512-X4CiKlcV2GjnCMwnKAfbVWpHa++65th9TuzAEYtZoATiOE2DQKhSp4CJlyLoTqdhBKlXjpXjCTYPNNFS33Fi6w==", "license": "ISC", "dependencies": { - "cmd-shim": "^7.0.0", - "npm-normalize-package-bin": "^4.0.0", - "proc-log": "^5.0.0", - "read-cmd-shim": "^5.0.0", - "write-file-atomic": "^6.0.0" + "cmd-shim": "^8.0.0", + "npm-normalize-package-bin": "^5.0.0", + "proc-log": "^6.0.0", + "read-cmd-shim": "^6.0.0", + "write-file-atomic": "^7.0.0" }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/bin-links/node_modules/npm-normalize-package-bin": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-5.0.0.tgz", + "integrity": "sha512-CJi3OS4JLsNMmr2u07OJlhcrPxCeOeP/4xq67aWNai6TNWWbTrlNDgl8NcFKVlcBKp18GPj+EzbNIgrBfZhsag==", + "license": "ISC", + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/bin-links/node_modules/proc-log": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-6.1.0.tgz", + "integrity": "sha512-iG+GYldRf2BQ0UDUAd6JQ/RwzaQy6mXmsk/IzlYyal4A4SNFw54MeH4/tLkF4I5WoWG9SQwuqWzS99jaFQHBuQ==", + "license": "ISC", + "engines": { + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/binary-extensions": { @@ -3413,12 +3492,12 @@ } }, "node_modules/cmd-shim": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/cmd-shim/-/cmd-shim-7.0.0.tgz", - "integrity": "sha512-rtpaCbr164TPPh+zFdkWpCyZuKkjpAzODfaZCf/SVJZzJN+4bHQb/LP3Jzq5/+84um3XXY8r548XiWKSborwVw==", + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/cmd-shim/-/cmd-shim-8.0.0.tgz", + "integrity": "sha512-Jk/BK6NCapZ58BKUxlSI+ouKRbjH1NLZCgJkYoab+vEHUY3f6OzpNBN9u7HFSv9J6TRDGs4PLOHezoKGaFRSCA==", "license": "ISC", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/code-block-writer": { @@ -8801,15 +8880,6 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/node-gyp/node_modules/abbrev": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-4.0.0.tgz", - "integrity": "sha512-a1wflyaL0tHtJSmLSOVybYhy22vRih4eduhhrkcjgrWGnRfrZtovJ2FRjxuTtkkj47O/baf0R86QU5OuYpz8fA==", - "license": "ISC", - "engines": { - "node": "^20.17.0 || >=22.9.0" - } - }, "node_modules/node-gyp/node_modules/env-paths": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", @@ -8819,21 +8889,6 @@ "node": ">=6" } }, - "node_modules/node-gyp/node_modules/nopt": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/nopt/-/nopt-9.0.0.tgz", - "integrity": "sha512-Zhq3a+yFKrYwSBluL4H9XP3m3y5uvQkB/09CwDruCiRmR/UJYnn9W4R48ry0uGC70aeTPKLynBtscP9efFFcPw==", - "license": "ISC", - "dependencies": { - "abbrev": "^4.0.0" - }, - "bin": { - "nopt": "bin/nopt.js" - }, - "engines": { - "node": "^20.17.0 || >=22.9.0" - } - }, "node_modules/node-gyp/node_modules/proc-log": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-6.0.0.tgz", @@ -8844,27 +8899,27 @@ } }, "node_modules/nopt": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/nopt/-/nopt-8.1.0.tgz", - "integrity": "sha512-ieGu42u/Qsa4TFktmaKEwM6MQH0pOWnaB3htzh0JRtx84+Mebc0cbZYN5bC+6WTZ4+77xrL9Pn5m7CV6VIkV7A==", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-9.0.0.tgz", + "integrity": "sha512-Zhq3a+yFKrYwSBluL4H9XP3m3y5uvQkB/09CwDruCiRmR/UJYnn9W4R48ry0uGC70aeTPKLynBtscP9efFFcPw==", "license": "ISC", "dependencies": { - "abbrev": "^3.0.0" + "abbrev": "^4.0.0" }, "bin": { "nopt": "bin/nopt.js" }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/nopt/node_modules/abbrev": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-3.0.1.tgz", - "integrity": "sha512-AO2ac6pjRB3SJmGJo+v5/aK6Omggp6fsLrs6wN9bd35ulu4cCwaAU9+7ZhXjeqHVkaHThLuzH0nZr0YpCDhygg==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-4.0.0.tgz", + "integrity": "sha512-a1wflyaL0tHtJSmLSOVybYhy22vRih4eduhhrkcjgrWGnRfrZtovJ2FRjxuTtkkj47O/baf0R86QU5OuYpz8fA==", "license": "ISC", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/normalize-package-data": { @@ -8924,15 +8979,15 @@ } }, "node_modules/npm-install-checks": { - "version": "7.1.2", - "resolved": "https://registry.npmjs.org/npm-install-checks/-/npm-install-checks-7.1.2.tgz", - "integrity": "sha512-z9HJBCYw9Zr8BqXcllKIs5nI+QggAImbBdHphOzVYrz2CB4iQ6FzWyKmlqDZua+51nAu7FcemlbTc9VgQN5XDQ==", + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/npm-install-checks/-/npm-install-checks-8.0.0.tgz", + "integrity": "sha512-ScAUdMpyzkbpxoNekQ3tNRdFI8SJ86wgKZSQZdUxT+bj0wVFpsEMWnkXP0twVe1gJyNF5apBWDJhhIbgrIViRA==", "license": "BSD-2-Clause", "dependencies": { "semver": "^7.1.1" }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/npm-normalize-package-bin": { @@ -9005,18 +9060,6 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/npm-pick-manifest/node_modules/npm-install-checks": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/npm-install-checks/-/npm-install-checks-8.0.0.tgz", - "integrity": "sha512-ScAUdMpyzkbpxoNekQ3tNRdFI8SJ86wgKZSQZdUxT+bj0wVFpsEMWnkXP0twVe1gJyNF5apBWDJhhIbgrIViRA==", - "license": "BSD-2-Clause", - "dependencies": { - "semver": "^7.1.1" - }, - "engines": { - "node": "^20.17.0 || >=22.9.0" - } - }, "node_modules/npm-pick-manifest/node_modules/npm-normalize-package-bin": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-5.0.0.tgz", @@ -9045,15 +9088,6 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/npm-registry-fetch/node_modules/@npmcli/redact": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/redact/-/redact-4.0.0.tgz", - "integrity": "sha512-gOBg5YHMfZy+TfHArfVogwgfBeQnKbbGo3pSUyK/gSI0AVu+pEiDVcKlQb0D8Mg1LNRZILZ6XG8I5dJ4KuAd9Q==", - "license": "ISC", - "engines": { - "node": "^20.17.0 || >=22.9.0" - } - }, "node_modules/npm-registry-fetch/node_modules/minipass": { "version": "7.1.2", "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", @@ -9597,26 +9631,17 @@ } }, "node_modules/parse-conflict-json": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/parse-conflict-json/-/parse-conflict-json-4.0.0.tgz", - "integrity": "sha512-37CN2VtcuvKgHUs8+0b1uJeEsbGn61GRHz469C94P5xiOoqpDYJYwjg4RY9Vmz39WyZAVkR5++nbJwLMIgOCnQ==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/parse-conflict-json/-/parse-conflict-json-5.0.1.tgz", + "integrity": "sha512-ZHEmNKMq1wyJXNwLxyHnluPfRAFSIliBvbK/UiOceROt4Xh9Pz0fq49NytIaeaCUf5VR86hwQ/34FCcNU5/LKQ==", "license": "ISC", "dependencies": { - "json-parse-even-better-errors": "^4.0.0", + "json-parse-even-better-errors": "^5.0.0", "just-diff": "^6.0.0", "just-diff-apply": "^5.2.0" }, "engines": { - "node": "^18.17.0 || >=20.5.0" - } - }, - "node_modules/parse-conflict-json/node_modules/json-parse-even-better-errors": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-4.0.0.tgz", - "integrity": "sha512-lR4MXjGNgkJc7tkQ97kb2nuEMnNCyU//XYVH0MKTGcXEiSudQ5MKGKen3C5QubYy0vmq+JGitUg92uuywGEwIA==", - "license": "MIT", - "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/parse-filepath": { @@ -9945,9 +9970,9 @@ } }, "node_modules/postcss-selector-parser": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", - "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.1.tgz", + "integrity": "sha512-orRsuYpJVw8LdAwqqLykBj9ecS5/cRHlI5+nvTo8LcCKmzDmqVORXtOIYEEQuL9D4BxtA1lm5isAqzQZCoQ6Eg==", "license": "MIT", "dependencies": { "cssesc": "^3.0.0", @@ -10006,12 +10031,12 @@ "license": "MIT" }, "node_modules/proggy": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/proggy/-/proggy-3.0.0.tgz", - "integrity": "sha512-QE8RApCM3IaRRxVzxrjbgNMpQEX6Wu0p0KBeoSiSEw5/bsGwZHsshF4LCxH2jp/r6BU+bqA3LrMDEYNfJnpD8Q==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/proggy/-/proggy-4.0.0.tgz", + "integrity": "sha512-MbA4R+WQT76ZBm/5JUpV9yqcJt92175+Y0Bodg3HgiXzrmKu7Ggq+bpn6y6wHH+gN9NcyKn3yg1+d47VaKwNAQ==", "license": "ISC", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/promise-all-reject-late": { @@ -10191,12 +10216,12 @@ "license": "MIT" }, "node_modules/read-cmd-shim": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/read-cmd-shim/-/read-cmd-shim-5.0.0.tgz", - "integrity": "sha512-SEbJV7tohp3DAAILbEMPXavBjAnMN0tVnh4+9G8ihV4Pq3HYF9h8QNez9zkJ1ILkv9G2BjdzwctznGZXgu/HGw==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/read-cmd-shim/-/read-cmd-shim-6.0.0.tgz", + "integrity": "sha512-1zM5HuOfagXCBWMN83fuFI/x+T/UhZ7k+KIzhrHXcQoeX5+7gmaDYjELQHmmzIodumBHeByBJT4QYS7ufAgs7A==", "license": "ISC", "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/read-package-up": { @@ -12878,16 +12903,16 @@ "license": "ISC" }, "node_modules/write-file-atomic": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-6.0.0.tgz", - "integrity": "sha512-GmqrO8WJ1NuzJ2DrziEI2o57jKAVIQNf8a18W3nCYU3H7PNWqCCVTeH6/NQE93CIllIgQS98rrmVkYgTX9fFJQ==", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-7.0.0.tgz", + "integrity": "sha512-YnlPC6JqnZl6aO4uRc+dx5PHguiR9S6WeoLtpxNT9wIG+BDya7ZNE1q7KOjVgaA73hKhKLpVPgJ5QA9THQ5BRg==", "license": "ISC", "dependencies": { "imurmurhash": "^0.1.4", "signal-exit": "^4.0.1" }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/write-file-atomic/node_modules/signal-exit": { diff --git a/package.json b/package.json index eca8886e65..eb27ab64a3 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "@foxt/js-srp": "0.0.3-patch2", "@nativescript/doctor": "2.0.17", "@nativescript/hook": "3.0.4", - "@npmcli/arborist": "9.1.6", + "@npmcli/arborist": "9.1.8", "@rigor789/resolve-package-path": "1.0.7", "@nstudio/trapezedev-project": "7.2.3", "archiver": "7.0.1", From d042a63523ea3622223066e8ba734bb2e6cec7c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:38:46 -0800 Subject: [PATCH 07/23] chore(deps): bump pacote from 21.0.3 to 21.0.4 (#5928) [skip ci] Bumps [pacote](https://github.com/npm/pacote) from 21.0.3 to 21.0.4. - [Release notes](https://github.com/npm/pacote/releases) - [Changelog](https://github.com/npm/pacote/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/pacote/compare/v21.0.3...v21.0.4) --- updated-dependencies: - dependency-name: pacote dependency-version: 21.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 73 +++++++++++++++++++++++++++++++++-------------- package.json | 2 +- 2 files changed, 53 insertions(+), 22 deletions(-) diff --git a/package-lock.json b/package-lock.json index 38002746a7..8e29593d81 100644 --- a/package-lock.json +++ b/package-lock.json @@ -41,7 +41,7 @@ "nativescript-dev-xcode": "0.8.1", "open": "8.4.2", "ora": "5.4.1", - "pacote": "21.0.3", + "pacote": "21.0.4", "pbxproj-dom": "1.2.0", "plist": "3.1.0", "plist-merge-patch": "0.2.0", @@ -9536,15 +9536,15 @@ "license": "BlueOak-1.0.0" }, "node_modules/pacote": { - "version": "21.0.3", - "resolved": "https://registry.npmjs.org/pacote/-/pacote-21.0.3.tgz", - "integrity": "sha512-itdFlanxO0nmQv4ORsvA9K1wv40IPfB9OmWqfaJWvoJ30VKyHsqNgDVeG+TVhI7Gk7XW8slUy7cA9r6dF5qohw==", + "version": "21.0.4", + "resolved": "https://registry.npmjs.org/pacote/-/pacote-21.0.4.tgz", + "integrity": "sha512-RplP/pDW0NNNDh3pnaoIWYPvNenS7UqMbXyvMqJczosiFWTeGGwJC2NQBLqKf4rGLFfwCOnntw1aEp9Jiqm1MA==", "license": "ISC", "dependencies": { "@npmcli/git": "^7.0.0", - "@npmcli/installed-package-contents": "^3.0.0", + "@npmcli/installed-package-contents": "^4.0.0", "@npmcli/package-json": "^7.0.0", - "@npmcli/promise-spawn": "^8.0.0", + "@npmcli/promise-spawn": "^9.0.0", "@npmcli/run-script": "^10.0.0", "cacache": "^20.0.0", "fs-minipass": "^3.0.0", @@ -9553,10 +9553,10 @@ "npm-packlist": "^10.0.1", "npm-pick-manifest": "^11.0.1", "npm-registry-fetch": "^19.0.0", - "proc-log": "^5.0.0", + "proc-log": "^6.0.0", "promise-retry": "^2.0.1", "sigstore": "^4.0.0", - "ssri": "^12.0.0", + "ssri": "^13.0.0", "tar": "^7.4.3" }, "bin": { @@ -9566,16 +9566,20 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/pacote/node_modules/@npmcli/promise-spawn": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-8.0.3.tgz", - "integrity": "sha512-Yb00SWaL4F8w+K8YGhQ55+xE4RUNdMHV43WZGsiTM92gS+lC0mGsn7I4hLug7pbao035S6bj3Y3w0cUNGLfmkg==", + "node_modules/pacote/node_modules/@npmcli/installed-package-contents": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/installed-package-contents/-/installed-package-contents-4.0.0.tgz", + "integrity": "sha512-yNyAdkBxB72gtZ4GrwXCM0ZUedo9nIbOMKfGjt6Cu6DXf0p8y1PViZAKDC8q8kv/fufx0WTjRBdSlyrvnP7hmA==", "license": "ISC", "dependencies": { - "which": "^5.0.0" + "npm-bundled": "^5.0.0", + "npm-normalize-package-bin": "^5.0.0" + }, + "bin": { + "installed-package-contents": "bin/index.js" }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/pacote/node_modules/minipass": { @@ -9587,19 +9591,46 @@ "node": ">=16 || 14 >=14.17" } }, - "node_modules/pacote/node_modules/which": { + "node_modules/pacote/node_modules/npm-bundled": { "version": "5.0.0", - "resolved": "https://registry.npmjs.org/which/-/which-5.0.0.tgz", - "integrity": "sha512-JEdGzHwwkrbWoGOlIHqQ5gtprKGOenpDHpxE9zVR1bWbOtYRyPPHMe9FaP6x61CmNaTThSkb0DAJte5jD+DmzQ==", + "resolved": "https://registry.npmjs.org/npm-bundled/-/npm-bundled-5.0.0.tgz", + "integrity": "sha512-JLSpbzh6UUXIEoqPsYBvVNVmyrjVZ1fzEFbqxKkTJQkWBO3xFzFT+KDnSKQWwOQNbuWRwt5LSD6HOTLGIWzfrw==", "license": "ISC", "dependencies": { - "isexe": "^3.1.1" + "npm-normalize-package-bin": "^5.0.0" }, - "bin": { - "node-which": "bin/which.js" + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/pacote/node_modules/npm-normalize-package-bin": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/npm-normalize-package-bin/-/npm-normalize-package-bin-5.0.0.tgz", + "integrity": "sha512-CJi3OS4JLsNMmr2u07OJlhcrPxCeOeP/4xq67aWNai6TNWWbTrlNDgl8NcFKVlcBKp18GPj+EzbNIgrBfZhsag==", + "license": "ISC", + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/pacote/node_modules/proc-log": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-6.1.0.tgz", + "integrity": "sha512-iG+GYldRf2BQ0UDUAd6JQ/RwzaQy6mXmsk/IzlYyal4A4SNFw54MeH4/tLkF4I5WoWG9SQwuqWzS99jaFQHBuQ==", + "license": "ISC", + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/pacote/node_modules/ssri": { + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/ssri/-/ssri-13.0.0.tgz", + "integrity": "sha512-yizwGBpbCn4YomB2lzhZqrHLJoqFGXihNbib3ozhqF/cIp5ue+xSmOQrjNasEE62hFxsCcg/V/z23t4n8jMEng==", + "license": "ISC", + "dependencies": { + "minipass": "^7.0.3" }, "engines": { - "node": "^18.17.0 || >=20.5.0" + "node": "^20.17.0 || >=22.9.0" } }, "node_modules/pako": { diff --git a/package.json b/package.json index eb27ab64a3..81e5ef7594 100644 --- a/package.json +++ b/package.json @@ -85,7 +85,7 @@ "nativescript-dev-xcode": "0.8.1", "open": "8.4.2", "ora": "5.4.1", - "pacote": "21.0.3", + "pacote": "21.0.4", "pbxproj-dom": "1.2.0", "plist": "3.1.0", "plist-merge-patch": "0.2.0", From 648c7ef8d49ed8873f3fc91a22bdff9da0b382ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:39:10 -0800 Subject: [PATCH 08/23] chore(deps): bump prettier from 3.6.2 to 3.7.3 (#5929) [skip ci] Bumps [prettier](https://github.com/prettier/prettier) from 3.6.2 to 3.7.3. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/3.6.2...3.7.3) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.7.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8e29593d81..e85abea7e0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -45,7 +45,7 @@ "pbxproj-dom": "1.2.0", "plist": "3.1.0", "plist-merge-patch": "0.2.0", - "prettier": "3.6.2", + "prettier": "3.7.3", "prompts": "2.4.2", "proper-lockfile": "4.1.2", "proxy-lib": "0.4.1", @@ -10023,9 +10023,9 @@ } }, "node_modules/prettier": { - "version": "3.6.2", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.6.2.tgz", - "integrity": "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==", + "version": "3.7.3", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.7.3.tgz", + "integrity": "sha512-QgODejq9K3OzoBbuyobZlUhznP5SKwPqp+6Q6xw6o8gnhr4O85L2U915iM2IDcfF2NPXVaM9zlo9tdwipnYwzg==", "license": "MIT", "bin": { "prettier": "bin/prettier.cjs" diff --git a/package.json b/package.json index 81e5ef7594..e446cb6823 100644 --- a/package.json +++ b/package.json @@ -89,7 +89,7 @@ "pbxproj-dom": "1.2.0", "plist": "3.1.0", "plist-merge-patch": "0.2.0", - "prettier": "3.6.2", + "prettier": "3.7.3", "prompts": "2.4.2", "proper-lockfile": "4.1.2", "proxy-lib": "0.4.1", From 8a4ee96187ae0917874ada974152308394f4f69a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:39:23 -0800 Subject: [PATCH 09/23] chore(deps-dev): bump @types/lodash from 4.17.20 to 4.17.21 (#5930) [skip ci] Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) --- updated-dependencies: - dependency-name: "@types/lodash" dependency-version: 4.17.21 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index e85abea7e0..b223ef22a4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -80,7 +80,7 @@ "@types/chai-as-promised": "8.0.2", "@types/color": "4.2.0", "@types/convert-source-map": "2.0.3", - "@types/lodash": "4.17.20", + "@types/lodash": "4.17.21", "@types/marked-terminal": "^6.1.1", "@types/node": "^22.0.0", "@types/npmcli__arborist": "^6.3.0", @@ -1750,9 +1750,9 @@ } }, "node_modules/@types/lodash": { - "version": "4.17.20", - "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.20.tgz", - "integrity": "sha512-H3MHACvFUEiujabxhaI/ImO6gUrd8oOurg7LQtS7mbwIXA/cUqWrvBsaeJ23aZEPk1TAYkurjfMbSELfoCXlGA==", + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-FOvQ0YPD5NOfPgMzJihoT+Za5pdkDJWcbpuj1DjaKZIr/gxodQjY/uWEFlTNqW2ugXHUiL8lRQgw63dzKHZdeQ==", "dev": true, "license": "MIT" }, diff --git a/package.json b/package.json index e446cb6823..20f6c7fcf4 100644 --- a/package.json +++ b/package.json @@ -118,7 +118,7 @@ "@types/chai-as-promised": "8.0.2", "@types/color": "4.2.0", "@types/convert-source-map": "2.0.3", - "@types/lodash": "4.17.20", + "@types/lodash": "4.17.21", "@types/marked-terminal": "^6.1.1", "@types/node": "^22.0.0", "@types/npmcli__arborist": "^6.3.0", From 3f213006669da9131b2fc7ed26db934407828a13 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:39:56 -0800 Subject: [PATCH 10/23] chore(deps): bump envinfo from 7.19.0 to 7.21.0 in /packages/nativescript-envinfo (#5931) [skip ci] chore(deps): bump envinfo in /packages/nativescript-envinfo Bumps [envinfo](https://github.com/tabrindle/envinfo) from 7.19.0 to 7.21.0. - [Release notes](https://github.com/tabrindle/envinfo/releases) - [Changelog](https://github.com/tabrindle/envinfo/blob/main/CHANGELOG.md) - [Commits](https://github.com/tabrindle/envinfo/compare/v7.19.0...v7.21.0) --- updated-dependencies: - dependency-name: envinfo dependency-version: 7.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/nativescript-envinfo/package.json | 2 +- packages/nativescript-envinfo/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/nativescript-envinfo/package.json b/packages/nativescript-envinfo/package.json index a5dad5ca5d..64e5f94477 100644 --- a/packages/nativescript-envinfo/package.json +++ b/packages/nativescript-envinfo/package.json @@ -10,6 +10,6 @@ }, "dependencies": { "@types/envinfo": "^7.8.4", - "envinfo": "^7.19.0" + "envinfo": "^7.21.0" } } diff --git a/packages/nativescript-envinfo/yarn.lock b/packages/nativescript-envinfo/yarn.lock index 8f4bc3a825..5be003ebbc 100644 --- a/packages/nativescript-envinfo/yarn.lock +++ b/packages/nativescript-envinfo/yarn.lock @@ -7,7 +7,7 @@ resolved "https://registry.yarnpkg.com/@types/envinfo/-/envinfo-7.8.4.tgz#f13ec1050b8e260d6d7c149ba5b99f65d2b74058" integrity sha512-K5WaRgSlqjc408IyPbxOFnz7rVG9E8ELhj7XR3Ncui15EgeyIXTcCfmwrRnU4uEOCJQhzZRAQurYznEEc1dD2g== -envinfo@^7.19.0: - version "7.19.0" - resolved "https://registry.yarnpkg.com/envinfo/-/envinfo-7.19.0.tgz#b4b4507a27e9900b0175f556167fd3a95f8623f1" - integrity sha512-DoSM9VyG6O3vqBf+p3Gjgr/Q52HYBBtO3v+4koAxt1MnWr+zEnxE+nke/yXS4lt2P4SYCHQ4V3f1i88LQVOpAw== +envinfo@^7.21.0: + version "7.21.0" + resolved "https://registry.yarnpkg.com/envinfo/-/envinfo-7.21.0.tgz#04a251be79f92548541f37d13c8b6f22940c3bae" + integrity sha512-Lw7I8Zp5YKHFCXL7+Dz95g4CcbMEpgvqZNNq3AmlT5XAV6CgAAk6gyAMqn2zjw08K9BHfcNuKrMiCPLByGafow== From f47fd0ced77c7935c3df5c6aacd899c54d1cb043 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:40:09 -0800 Subject: [PATCH 11/23] chore(deps-dev): bump rimraf from 6.1.0 to 6.1.2 in /packages/doctor (#5932) [skip ci] Bumps [rimraf](https://github.com/isaacs/rimraf) from 6.1.0 to 6.1.2. - [Changelog](https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/rimraf/compare/v6.1.0...v6.1.2) --- updated-dependencies: - dependency-name: rimraf dependency-version: 6.1.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/doctor/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/doctor/package.json b/packages/doctor/package.json index c74798ccb6..4a5feed089 100644 --- a/packages/doctor/package.json +++ b/packages/doctor/package.json @@ -59,7 +59,7 @@ "grunt-tslint": "5.0.2", "istanbul": "0.4.5", "mocha": "11.7.4", - "rimraf": "6.1.0", + "rimraf": "6.1.2", "tslint": "6.1.3", "tslint-microsoft-contrib": "6.2.0", "typescript": "~5.9.2" From 1831379142ed3a711e934485116e0c82f824f558 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:41:05 -0800 Subject: [PATCH 12/23] chore(deps-dev): bump mocha from 11.7.4 to 11.7.5 in /packages/doctor (#5933) [skip ci] Bumps [mocha](https://github.com/mochajs/mocha) from 11.7.4 to 11.7.5. - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/v11.7.5/CHANGELOG.md) - [Commits](https://github.com/mochajs/mocha/compare/v11.7.4...v11.7.5) --- updated-dependencies: - dependency-name: mocha dependency-version: 11.7.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nathan Walker --- packages/doctor/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/doctor/package.json b/packages/doctor/package.json index 4a5feed089..0b52e50914 100644 --- a/packages/doctor/package.json +++ b/packages/doctor/package.json @@ -58,7 +58,7 @@ "grunt-ts": "6.0.0-beta.22", "grunt-tslint": "5.0.2", "istanbul": "0.4.5", - "mocha": "11.7.4", + "mocha": "11.7.5", "rimraf": "6.1.2", "tslint": "6.1.3", "tslint-microsoft-contrib": "6.2.0", From 61ca879ce50e7451615bb96812c7f7e6cbfb6da2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 12:41:19 -0800 Subject: [PATCH 13/23] chore(deps-dev): bump @types/lodash from 4.17.20 to 4.17.21 in /packages/doctor (#5934) chore(deps-dev): bump @types/lodash in /packages/doctor Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) --- updated-dependencies: - dependency-name: "@types/lodash" dependency-version: 4.17.21 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/doctor/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/doctor/package.json b/packages/doctor/package.json index 0b52e50914..50bff723d6 100644 --- a/packages/doctor/package.json +++ b/packages/doctor/package.json @@ -42,7 +42,7 @@ "homepage": "https://github.com/NativeScript/nativescript-doctor#readme", "devDependencies": { "@types/chai": "5.2.2", - "@types/lodash": "4.17.20", + "@types/lodash": "4.17.21", "@types/mocha": "10.0.10", "@types/semver": "7.7.1", "@types/shelljs": "0.8.17", From 887e5f0037e53890a16b7a4603ec413745591715 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jan 2026 20:30:20 -0800 Subject: [PATCH 14/23] chore(deps): bump step-security/harden-runner from 2.13.2 to 2.14.0 (#5938) [skip ci] Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.2 to 2.14.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/95d9a5deda9de15063e7595e9719c11c38c90ae2...20cf305ff2072d973412fa9b1e3a4f227bda3c76) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/npm_release_cli.yml | 2 +- .github/workflows/npm_release_doctor.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/npm_release_cli.yml b/.github/workflows/npm_release_cli.yml index 2cd6857ca0..6cef3bb0d9 100644 --- a/.github/workflows/npm_release_cli.yml +++ b/.github/workflows/npm_release_cli.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/npm_release_doctor.yml b/.github/workflows/npm_release_doctor.yml index 1d9338bb68..1e0ecce0f2 100644 --- a/.github/workflows/npm_release_doctor.yml +++ b/.github/workflows/npm_release_doctor.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit From 1caf13bd81905eb141ce3cadad41c00c6a7b019b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jan 2026 20:30:34 -0800 Subject: [PATCH 15/23] chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#5939) [skip ci] Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-advanced.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/npm_release_cli.yml | 2 +- .github/workflows/npm_release_doctor.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-advanced.yml b/.github/workflows/codeql-advanced.yml index 9f731daa32..306c9dd029 100644 --- a/.github/workflows/codeql-advanced.yml +++ b/.github/workflows/codeql-advanced.yml @@ -60,7 +60,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 82ceae0442..2f8e435dd4 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,6 +17,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.3.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.3.0 - name: 'Dependency Review' uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 diff --git a/.github/workflows/npm_release_cli.yml b/.github/workflows/npm_release_cli.yml index 6cef3bb0d9..99f329a940 100644 --- a/.github/workflows/npm_release_cli.yml +++ b/.github/workflows/npm_release_cli.yml @@ -24,7 +24,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: diff --git a/.github/workflows/npm_release_doctor.yml b/.github/workflows/npm_release_doctor.yml index 1e0ecce0f2..3098c795a9 100644 --- a/.github/workflows/npm_release_doctor.yml +++ b/.github/workflows/npm_release_doctor.yml @@ -28,7 +28,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup run: npm install diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d5be119fe5..2ec3603c58 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.3.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.3.0 with: persist-credentials: false From 14288a4423bbc2a8824320b4a66170432dc8f143 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jan 2026 20:30:51 -0800 Subject: [PATCH 16/23] chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#5940) [skip ci] Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2ec3603c58..145d1698c0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif From 872a867119ee3ff9e814550a942a0832292d5723 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jan 2026 20:31:06 -0800 Subject: [PATCH 17/23] chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 (#5941) [skip ci] Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/2028fbc5c25fe9cf00d9f06a71cc4710d4507903...395ad3262231945c25e8478fd5baf05154b1d79f) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/npm_release_cli.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/npm_release_cli.yml b/.github/workflows/npm_release_cli.yml index 99f329a940..932ba984e7 100644 --- a/.github/workflows/npm_release_cli.yml +++ b/.github/workflows/npm_release_cli.yml @@ -26,7 +26,7 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: 22.14.0 From 08685cada70fa11d7d72fa6e80fc7725fea83386 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Jan 2026 20:31:26 -0800 Subject: [PATCH 18/23] chore(deps): bump github/codeql-action from 4.31.6 to 4.31.9 (#5942) [skip ci] Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.6 to 4.31.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/fe4161a26a8629af62121b670040955b330f9af2...5d4e8d1aca955e8d8589aabd499c5cae939e33c7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-advanced.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-advanced.yml b/.github/workflows/codeql-advanced.yml index 306c9dd029..23bea62599 100644 --- a/.github/workflows/codeql-advanced.yml +++ b/.github/workflows/codeql-advanced.yml @@ -70,7 +70,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 + uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -98,6 +98,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 + uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 145d1698c0..7595c41d05 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: results.sarif \ No newline at end of file From e892f48ea86510b1aafbb739a42bfd834fbdc12e Mon Sep 17 00:00:00 2001 From: Nathan Walker Date: Sat, 3 Jan 2026 22:50:50 -0800 Subject: [PATCH 19/23] fix: vite build and prepare (#5948) --- lib/services/bundler/bundler-compiler-service.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/services/bundler/bundler-compiler-service.ts b/lib/services/bundler/bundler-compiler-service.ts index e090e94079..91ddad3fe0 100644 --- a/lib/services/bundler/bundler-compiler-service.ts +++ b/lib/services/bundler/bundler-compiler-service.ts @@ -453,7 +453,7 @@ export class BundlerCompilerService const envParams = isVite ? [ `--mode=${prepareData.release ? "production" : "development"}`, - `--watch`, + ...(prepareData.watch ? [`--watch`] : []), "--", ...cliArgs, ] @@ -483,7 +483,7 @@ export class BundlerCompilerService } } - const stdio = prepareData.watch || isVite ? ["ipc"] : "inherit"; + const stdio = prepareData.watch ? ["ipc"] : "inherit"; const options: { [key: string]: any } = { cwd: projectData.projectDir, stdio, From 2040a5e9cfdcd38e4d52e65517b36855b49cc69a Mon Sep 17 00:00:00 2001 From: Nathan Walker Date: Sun, 4 Jan 2026 12:09:59 -0800 Subject: [PATCH 20/23] chore: oidc workflow --- .github/workflows/npm_release_cli.yml | 142 +++++++++++++++++++++++--- 1 file changed, 126 insertions(+), 16 deletions(-) diff --git a/.github/workflows/npm_release_cli.yml b/.github/workflows/npm_release_cli.yml index 932ba984e7..70dae07342 100644 --- a/.github/workflows/npm_release_cli.yml +++ b/.github/workflows/npm_release_cli.yml @@ -2,7 +2,10 @@ name: 'nativescript -> npm' on: push: - branches: [ 'main' ] + branches: + - main + tags: + - "v*" paths-ignore: - 'packages/**' workflow_dispatch: @@ -10,43 +13,150 @@ on: env: NPM_TAG: 'next' -permissions: - contents: read - jobs: - release: + build: + name: Build runs-on: macos-latest + outputs: + npm_version: ${{ steps.npm_version_output.outputs.NPM_VERSION }} + npm_tag: ${{ steps.npm_version_output.outputs.NPM_TAG }} steps: - - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - + with: + fetch-depth: 0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: 22.14.0 + registry-url: "https://registry.npmjs.org" - name: Setup run: npm i --ignore-scripts --legacy-peer-deps --no-package-lock - - name: Generate Version + - name: Get Current Version + run: | + NPM_VERSION=$(node -e "console.log(require('./package.json').version);") + echo NPM_VERSION=$NPM_VERSION >> $GITHUB_ENV + + - name: Bump version for dev release + if: ${{ !contains(github.ref, 'refs/tags/') }} run: | - echo NPM_VERSION=$(node -e "console.log(require('./package.json').version);")-$NPM_TAG-$(date +"%m-%d-%Y")-$GITHUB_RUN_ID >> $GITHUB_ENV + NPM_VERSION=$(node ./scripts/get-next-version.js) + echo NPM_VERSION=$NPM_VERSION >> $GITHUB_ENV + npm version $NPM_VERSION --no-git-tag-version - - name: Bump Version - run: npm version $NPM_VERSION + - name: Output NPM Version and tag + id: npm_version_output + run: | + NPM_TAG=$(node ./scripts/get-npm-tag.js) + echo NPM_VERSION=$NPM_VERSION >> $GITHUB_OUTPUT + echo NPM_TAG=$NPM_TAG >> $GITHUB_OUTPUT - name: Build nativescript run: npm pack - - name: Publish nativescript + - name: Upload npm package artifact + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: npm-package + path: nativescript-${{steps.npm_version_output.outputs.NPM_VERSION}}.tgz + + publish: + runs-on: ubuntu-latest + environment: npm-publish + needs: + - build + permissions: + contents: read + id-token: write + env: + NPM_VERSION: ${{needs.build.outputs.npm_version}} + NPM_TAG: ${{needs.build.outputs.npm_tag}} + steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + with: + egress-policy: audit + + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + with: + node-version: 22.14.0 + registry-url: "https://registry.npmjs.org" + + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + with: + name: npm-package + path: dist + + - name: Update npm (required for OIDC trusted publishing) + run: | + npm install -g npm@^11.5.1 + npm --version + + - name: Publish package (OIDC trusted publishing) + if: ${{ vars.USE_NPM_TOKEN != 'true' }} + run: | + echo "Publishing nativescript@$NPM_VERSION to NPM with tag $NPM_TAG via OIDC trusted publishing..." + unset NODE_AUTH_TOKEN + if [ -n "${NPM_CONFIG_USERCONFIG:-}" ]; then + rm -f "$NPM_CONFIG_USERCONFIG" + fi + npm publish ./dist/nativescript-${{env.NPM_VERSION}}.tgz --tag $NPM_TAG --access public --provenance env: - NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} + NODE_AUTH_TOKEN: "" + + - name: Publish package (granular token) + if: ${{ vars.USE_NPM_TOKEN == 'true' }} run: | - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - echo "Publishing nativescript@$NPM_VERSION to NPM with tag $NPM_TAG..." - npm publish nativescript-$NPM_VERSION.tgz --tag $NPM_TAG + echo "Publishing nativescript@$NPM_VERSION to NPM with tag $NPM_TAG via granular token..." + npm publish ./dist/nativescript-${{env.NPM_VERSION}}.tgz --tag $NPM_TAG --access public --provenance + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} + + github-release: + runs-on: ubuntu-latest + # only runs on tagged commits + if: ${{ contains(github.ref, 'refs/tags/') }} + permissions: + contents: write + needs: + - build + env: + NPM_VERSION: ${{needs.build.outputs.npm_version}} + steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + with: + egress-policy: audit + + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + fetch-depth: 0 + + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + with: + node-version: 22.14.0 + + - name: Setup + run: npm i --ignore-scripts --legacy-peer-deps --no-package-lock + + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + with: + name: npm-package + path: dist + + - name: Partial Changelog + run: npx conventional-changelog -p angular -r2 > body.md + + - uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 + with: + artifacts: "dist/nativescript-*.tgz" + bodyFile: "body.md" + prerelease: ${{needs.build.outputs.npm_tag != 'latest'}} + allowUpdates: true From b88f7c2c81ff473ce8688f5f25a70e569a7b3beb Mon Sep 17 00:00:00 2001 From: Nathan Walker Date: Sun, 4 Jan 2026 12:25:35 -0800 Subject: [PATCH 21/23] chore: oidc workflow and readme --- .gitignore | 2 ++ README.md | 46 +++++++++++++----------------- scripts/get-next-version.js | 57 +++++++++++++++++++++++++++++++++++++ scripts/get-npm-tag.js | 19 +++++++++++++ 4 files changed, 98 insertions(+), 26 deletions(-) create mode 100644 scripts/get-next-version.js create mode 100644 scripts/get-npm-tag.js diff --git a/.gitignore b/.gitignore index 310403ad93..0fd3dda24f 100644 --- a/.gitignore +++ b/.gitignore @@ -87,3 +87,5 @@ lib/common/test-reports.xml !lib/common/test-scripts/** !lib/common/scripts/** config/test-deps-versions-generated.json +!scripts/get-next-version.js +!scripts/get-npm-tag.js \ No newline at end of file diff --git a/README.md b/README.md index 07ca7c7b89..55da5866a1 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,6 @@

-
- Nativescript Logo -
-
- NativeScript Command-Line Interface -
+ Nativescript Logo

The NativeScript CLI lets you create, build, and deploy NativeScript apps.

@@ -14,7 +9,11 @@ --- -[![nativescript -> npm](https://github.com/NativeScript/nativescript-cli/actions/workflows/npm_release_cli.yml/badge.svg)](https://github.com/NativeScript/nativescript-cli/actions/workflows/npm_release_cli.yml) +

+ npm version + license + downloads +

Get it using: `npm install -g nativescript` @@ -67,10 +66,7 @@ Some popular use cases: To learn more about NativeScript, you can check the following resources: * [The NativeScript web page][2] -* [NativeScript - a Technical Overview][7] -* [Announcing NativeScript - cross-platform framework for building native mobile applications][8] -* The NativeScript [Documentation repo][3] and [Documentation portal][4] -* [The NativeScript FAQ][6] +* The NativeScript [Documentation][4] and contributing to [docs via the repo](https://github.com/NativeScript/docs) [Back to Top][1] @@ -104,9 +100,9 @@ System Requirements You can install and run the NativeScript CLI on Windows, macOS or Linux. -* [Windows](https://docs.nativescript.org/start/ns-setup-win) -* [macOS](https://docs.nativescript.org/start/ns-setup-os-x) -* [Linux](https://docs.nativescript.org/start/ns-setup-linux) +* [Windows](https://docs.nativescript.org/setup/windows) +* [macOS](https://docs.nativescript.org/setup/macos) +* [Linux](https://docs.nativescript.org/setup/linux) Installation === @@ -224,14 +220,14 @@ The CLI places the project in a new directory in the current directory. The newl ``` MyApp/ -├── app -│ ├── App_Resources +├── App_Resources +├── src │ └── ... └── platforms └── ... ``` -* The `app` directory is the **development space for your application**. You should modify all common and platform-specific code within this directory. When you run `prepare `, the NativeScript CLI prepares relevant content to the platform-specific folders for each target platform. +* The `src` directory (or sometimes `app` folder) is the **development space for your application**. You should modify all common and platform-specific code within this directory. When you run `prepare `, the NativeScript CLI prepares relevant content to the platform-specific folders for each target platform. * The `platforms` directory is created empty. When you add a target platform to your project, the NativeScript CLI creates a new subdirectory with the platform name. The subdirectory contains the ready-to-build resources of your app. When you run `prepare `, the NativeScript CLI prepares relevant content from the `app` directory to the platform-specific subdirectory for each target platform. [Back to Top][1] @@ -263,13 +259,13 @@ You can develop shared functionality or design in common files. To indicate that ### Modifying Configuration Files -The NativeScript CLI respects any platform configuration files placed inside `app/App_Resources`. +The NativeScript CLI respects any platform configuration files placed inside `App_Resources`. ### Modifying Entitlements File (iOS only) -To specify which capabilities are required by your App - Maps, Push Notifications, Wallet etc. you can add or edit the `app.entitlements` file placed inside `app/App_Resources/iOS`. When building the project, the default `app/App_Resources/iOS/app.entitlements` file gets merged with all Plugins entitlement files and a new `yourAppName.entitlements` is created in the platforms directory. The path would be `app/platforms/ios//.entitlements` and will be linked in the `build.xcconfig` file. +To specify which capabilities are required by your App - Maps, Push Notifications, Wallet etc. you can add or edit the `app.entitlements` file placed inside `App_Resources/iOS`. When building the project, the default `App_Resources/iOS/app.entitlements` file gets merged with all Plugins entitlement files and a new `yourAppName.entitlements` is created in the platforms directory. The path would be `platforms/ios//.entitlements` and will be linked in the `build.xcconfig` file. -You can always override the generated entitlements file, by pointing to your own entitlements file by setting the `CODE_SIGN_ENTITLEMENTS` property in the `app/App_Resources/iOS/build.xcconfig` file. +You can always override the generated entitlements file, by pointing to your own entitlements file by setting the `CODE_SIGN_ENTITLEMENTS` property in the `App_Resources/iOS/build.xcconfig` file. [Back to Top][1] @@ -314,11 +310,11 @@ ns run ios Extending the CLI === -The NativeScript CLI lets you extend its behavior and customize it to fit your needs by using [hooks](https://en.wikipedia.org/wiki/Hooking). +The NativeScript CLI lets you extend its behavior and customize it to fit your needs by using [hooks](https://docs.nativescript.org/guide/hooks). When you run one of the extendable commands (for example, `ns build`), the CLI checks for hooks and executes them. Plugins can also use hooks to control the compilation of the application package. -For more information, see the [Extending the CLI document](https://github.com/NativeScript/nativescript-cli/blob/master/extending-cli.md) +For more information, see the [Extending the CLI document](https://github.com/NativeScript/nativescript-cli/blob/main/extending-cli.md) [Back to Top][1] @@ -354,6 +350,7 @@ How to Build git clone https://github.com/NativeScript/nativescript-cli cd nativescript-cli npm run setup +npm run build ``` To use the locally built CLI instead of `ns` you can call `PATH_TO_CLI_FOLDER/bin/ns`. For example: @@ -379,7 +376,4 @@ This software is licensed under the Apache 2.0 license, quoted Date: Sun, 4 Jan 2026 12:29:44 -0800 Subject: [PATCH 22/23] chore: oidc workflow for next --- scripts/get-next-version.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/get-next-version.js b/scripts/get-next-version.js index 6006fa6bd9..5f6be10cbf 100644 --- a/scripts/get-next-version.js +++ b/scripts/get-next-version.js @@ -1,6 +1,5 @@ const semver = require("semver"); const child_process = require("child_process"); -const dayjs = require("dayjs"); const fs = require("fs"); const currentVersion = @@ -25,7 +24,11 @@ if (currentTag === "pr" && process.env.GITHUB_EVENT_PATH) { } } -const preRelease = `${currentTag}.${prPrerelease}${dayjs().format("YYYY-MM-DD")}-${runID}`; +// Format date as YYYY-MM-DD using native Date +const now = new Date(); +const dateStr = `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}-${String(now.getDate()).padStart(2, "0")}`; + +const preRelease = `${currentTag}.${prPrerelease}${dateStr}-${runID}`; let lastTagVersion = ( process.env.LAST_TAGGED_VERSION || From b5dd689a92a09e64e3f10cc224d958bee129e1f8 Mon Sep 17 00:00:00 2001 From: Nathan Walker Date: Sun, 4 Jan 2026 12:40:54 -0800 Subject: [PATCH 23/23] release: 9.0.2 --- CHANGELOG.md | 9 +++++++++ package.json | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 36e4202482..a4ce9d17da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [9.0.2](https://github.com/NativeScript/nativescript-cli/compare/v9.0.1...v9.0.2) (2026-01-04) + + +### Bug Fixes + +* vite build and prepare ([#5948](https://github.com/NativeScript/nativescript-cli/issues/5948)) ([e892f48](https://github.com/NativeScript/nativescript-cli/commit/e892f48ea86510b1aafbb739a42bfd834fbdc12e)) + + + ## [9.0.1](https://github.com/NativeScript/nativescript-cli/compare/v9.0.0...v9.0.1) (2025-11-18) diff --git a/package.json b/package.json index 20f6c7fcf4..01617377e9 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "nativescript", "main": "./lib/nativescript-cli-lib.js", - "version": "9.0.1", + "version": "9.0.2", "author": "NativeScript ", "description": "Command-line interface for building NativeScript projects", "bin": {