chore(deps): bump the dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates in the / directory:

Package	From	To
@nodesecure/js-x-ray	9.2.0	10.0.0
@nodesecure/npm-registry-sdk	3.0.0	4.1.0
@nodesecure/scanner	6.12.1	7.0.0
@openally/mutex	1.1.0	2.0.0
dotenv	16.6.1	17.2.2

Updates @nodesecure/js-x-ray from 9.2.0 to 10.0.0

Release notes

Sourced from @​nodesecure/js-x-ray's releases.

@​nodesecure/js-x-ray@​10.0.0

Major Changes

• #383 09c3575 Thanks @​clemgbld! - feat(tracer): support tracking function return values

Minor Changes

• #399 857308c Thanks @​clemgbld! - feat(probes) add minimal implementation of data-exfiltration

• #392 02a2d05 Thanks @​fraxken! - Simplify tracing validation & add new spread test for the probe

• #398 b6d2474 Thanks @​fraxken! - Implement new pipeline mechanism with a built-in deobfuscate

• #382 bc62d3e Thanks @​clemgbld! - feat(probes): add finalize callback

• #397 283d5b6 Thanks @​fraxken! - Integrate estree-walker natively using meriyah ESTree types

• #387 4d097cc Thanks @​fraxken! - Move trojan-source detection from SourceFile to AstAnalyser

• #396 f66af80 Thanks @​fraxken! - Move Signals into probe.main context

• #380 99fd4fe Thanks @​clemgbld! - refactor(probes): isFetch detect fetch re-assigment

• #395 fad019f Thanks @​fraxken! - Implement context for Probe and ProbeRunner

• #389 f037105 Thanks @​clemgbld! - feat(probes): isLiteral detect api.ipify.org with shady link

• #384 728d744 Thanks @​fraxken! - move ProbeRunner from SourceFile to AstAnalyser class

Patch Changes

• #376 d5b98de Thanks @​tony-go! - Handle uname as unsafe-command

• #400 14cb982 Thanks @​fraxken! - Properly deep clone and reset probe context

• #381 ca954d8 Thanks @​tony-go! - Handle curl and ping for unsafe-command probe

• Updated dependencies [91031f8, 7927535, 09c3575, facb858, 53b25a4]:

  • @​nodesecure/tracer@​3.0.0
  • @​nodesecure/estree-ast-utils@​4.2.0

Commits

• f61651b chore: update versions (#378)
• 857308c feat(probes): add minimal implementation of data exfiltration (#399)
• b6d2474 feat: implement pipelines with built-in deobfuscate (#398)
• 14cb982 fix(js-x-ray): properly deep clone and reset probe context in ProbeRunner (#400)
• 283d5b6 refactor: integrate estree-walker using meriyah ESTree types (#397)
• f66af80 refactor: move Signals to the probe.main context (#396)
• fad019f feat(ProbeRunner): implement context (#395)
• 8300966 chore(scripts): add clean script to remove dist folder and tsconfig.tsbuildi...
• 02a2d05 refactor(probe/isSerializeEnv): simplify tracing & add new UT with a spread (...
• facb858 chore(tracer): enhance docs, types and syntax (#391)
• Additional commits viewable in compare view

Updates @nodesecure/npm-registry-sdk from 3.0.0 to 4.1.0

Release notes

Sourced from @​nodesecure/npm-registry-sdk's releases.

v4.1.0

What's Changed

• refactor: use @​openally/httpie instead of @​myunisoft/httpie by @​fraxken in NodeSecure/npm-registry-sdk#182

Full Changelog: NodeSecure/npm-registry-sdk@v4.0.0...v4.1.0

v4.0.0

What's Changed

• Update Node.js versions to v20 and v22 by @​fabnguess in NodeSecure/npm-registry-sdk#166
• Update eslint tsconfig by @​fraxken in NodeSecure/npm-registry-sdk#167
• ci: automatically merge dependabot PR by @​fraxken in NodeSecure/npm-registry-sdk#169
• Update copyright by @​fabnguess in NodeSecure/npm-registry-sdk#170
• Fetch registry keys by @​fabnguess in NodeSecure/npm-registry-sdk#180
• Dependencies and Github actions updates (by @​dependabot)

Full Changelog: NodeSecure/npm-registry-sdk@v3.0.0...v4.0.0

Commits

• 6ac5695 4.1.0
• e7027c0 refactor: use @​openally/httpie instead of @​myunisoft/httpie (#182)
• ff4624c 4.0.0
• 21f162a feat: implement NPM keys() API (#180)
• 5546e59 chore(deps): bump the github-actions group with 2 updates (#181)
• d24c07d chore(deps): bump the github-actions group with 2 updates (#178)
• 4af36e7 chore(deps-dev): bump @​types/node in the development-dependencies group (#177)
• dd03a6b chore(deps): bump the github-actions group with 2 updates (#176)
• aed0d95 chore(deps): bump the github-actions group with 3 updates (#175)
• 7f681af chore(deps): bump the github-actions group with 4 updates (#174)
• Additional commits viewable in compare view

Updates @nodesecure/scanner from 6.12.1 to 7.0.0

Release notes

Sourced from @​nodesecure/scanner's releases.

@​nodesecure/scanner@​7.0.0

Major Changes

• #509 979c469 Thanks @​fraxken! - Extend global warning with multi-properties objects

Patch Changes

• Updated dependencies [06b599f, 045c378]:
  • @​nodesecure/npm-types@​1.3.0
  • @​nodesecure/mama@​2.0.2

Commits

• 6a0d941 chore: update versions (#512)
• ffbbca1 chore(deps-dev): bump the development-dependencies group with 2 updates (#520)
• 426eb15 chore(deps): bump the dependencies group with 3 updates (#519)
• 06b599f chore(npm-types): improve dist-tags definition (#518)
• a7834e5 chore(deps): bump cacache in the dependencies group (#517)
• 0eecc55 chore(deps-dev): bump the development-dependencies group with 2 updates (#516)
• 645ce54 feat: assert types and modules resolution using @​arethetypeswrong/cli (#515)
• 7536387 chore(deps-dev): bump the development-dependencies group with 5 updates (#514)
• 045c378 fix(mama): always remove ./node_modules/.bin from integrity hash (#513)
• 979c469 refactor(scanner)!: improve global warning implementation (#509)
• See full diff in compare view

Updates @openally/mutex from 1.1.0 to 2.0.0

Updates dotenv from 16.6.1 to 17.2.2

Changelog

Sourced from dotenv's changelog.

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"

// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)

$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
</tr></table> 

... (truncated)

Commits

• 2ea1a76 17.2.2
• 0947a83 changelog 🪵
• c8fb4aa changelog 🪵
• a2b13d2 update README
• d92a91e remove
• 37cf55a 17.2.1
• f2d92e9 changelog 🪵
• bd27017 Merge pull request #897 from motdotla/adjust-tip-for-click
• 8a9ce45 add to tests
• 19e5ad9 adjust clickable tip
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions