Skip to content

deps(deps): bump the production-dependencies group across 1 directory with 2 updates#268

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-94d0ac3600
Open

deps(deps): bump the production-dependencies group across 1 directory with 2 updates#268
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-94d0ac3600

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown

Bumps the production-dependencies group with 2 updates in the / directory: @ff-labs/fff-bun and sharp.

Updates @ff-labs/fff-bun from 0.6.4 to 0.9.6

Release notes

Sourced from @​ff-labs/fff-bun's releases.

0.9.6

Release 0.9.6

npm packages, rust crates and python wheels are available under this version 0.9.6

Neovim Plugin

  • {target}.so / .dylib / .dll - Lua module for Neovim

C FFI Library (for Bun/Node/Python)

  • c-lib-{target}.so / .dylib / .dll - C FFI library

MCP Server

  • fff-mcp-{target} - MCP server binary

Python Package

  • python/*.whl / python/*.tar.gz - Python wheels and sdist
  • Install from PyPI: pip install fff-search (when published)

Update mcp via:

curl -fsSL https://raw.githubusercontent.com/dmtrKovalenko/fff.nvim/main/install-mcp.sh | bash

What's Changed

New Contributors

Full Changelog: dmtrKovalenko/fff@v0.9.5...v0.9.6

0.9.6-nightly.797c045

Nightly release from commit: 797c045aa93e03e3cec3497a76afe7cb0106bdc2

npm packages, rust crates and python wheels are available under this version 0.9.6-nightly.797c045

Neovim Plugin

  • {target}.so / .dylib / .dll - Lua module for Neovim

C FFI Library (for Bun/Node/Python)

  • c-lib-{target}.so / .dylib / .dll - C FFI library

MCP Server

  • fff-mcp-{target} - MCP server binary

Python Package

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ff-labs/fff-bun since your current version.


Updates sharp from 0.34.5 to 0.35.3

Release notes

Sourced from sharp's releases.

v0.35.3

  • Tighten verification of text dimensions, TIFF tile dimensions and extend values.

  • Improve code bundler support by resolving path to libvips binary.

  • Increase default concurrency when use of MALLOC_ARENA_MAX is detected.

  • Emit warning about binaries provided by Electron for use on Linux.

  • Add hasAlpha property to output info. #4500

  • TypeScript: Return more precise Buffer<ArrayBuffer> from toBuffer. #4520 @​Andarist

  • Bound clahe width and height to avoid signed overflow. #4551 @​metsw24-max

  • Bound trim margin to avoid signed overflow. #4552 @​metsw24-max

  • Reject infinite values when validating numbers. #4553 @​metsw24-max

  • Bound extract region to libvips coordinate limit. #4555 @​metsw24-max

  • Verify background colour values are numbers. #4556 @​metsw24-max

  • Bound create and raw input dimensions to coordinate limit. #4558 @​metsw24-max

  • Tighten recomb and affine matrix verification. #4560 @​chatman-media

  • Verify cache memory limit to avoid overflow. #4561 @​metsw24-max

v0.35.3-rc.2

  • Tighten verification of text dimensions, TIFF tile dimensions and extend values.

... (truncated)

Commits
  • 1018449 Release v0.35.3
  • ba303a7 Prerelease v0.35.3-rc.2
  • 4f94fc5 Upgrade to sharp-libvips v1.3.2
  • c5e7a3f Bump devDeps, fix Deno/Windows smoke tests
  • 9a8d002 Docs: Add changelog entry and note about transferable #4520
  • 8694db0 TypeScript: Return more precise Buffer\<ArrayBuffer> from toBuffer (#4520)
  • e000d0b Prerelease v0.35.3-rc.1
  • 9554ca9 Prerelease v0.35.3-rc.0
  • 6a29fd5 Emit warning about native binaries on Linux Electron
  • 540d2ea Increase default concurrency when use of MALLOC_ARENA_MAX detected
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot changed the title deps(deps): bump the production-dependencies group with 2 updates deps(deps): bump the production-dependencies group across 1 directory with 2 updates Jun 28, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-94d0ac3600 branch from 0080107 to aa36098 Compare June 28, 2026 21:04
… with 2 updates

Bumps the production-dependencies group with 2 updates in the / directory: [@ff-labs/fff-bun](https://github.com/dmtrKovalenko/fff/tree/HEAD/packages/fff) and [sharp](https://github.com/lovell/sharp).


Updates `@ff-labs/fff-bun` from 0.6.4 to 0.9.6
- [Release notes](https://github.com/dmtrKovalenko/fff/releases)
- [Commits](https://github.com/dmtrKovalenko/fff/commits/v0.9.6/packages/fff)

Updates `sharp` from 0.34.5 to 0.35.3
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.3)

---
updated-dependencies:
- dependency-name: "@ff-labs/fff-bun"
  dependency-version: 0.9.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-94d0ac3600 branch from aa36098 to 0442827 Compare July 5, 2026 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants