Bump semver and npm in /npm_and_yarn/helpers

[dependabot]

Bumps semver to 7.7.2 and updates ancestor dependency npm. These dependencies need to be updated together.

Updates semver from 5.7.1 to 7.7.2

Release notes

Sourced from semver's releases.

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

• fcafb61 #780 add missing 'use strict' directives (#780) (@​Fdawgs)
• c99f336 #781 prerelease identifier starting with digits (#781) (@​mbtools)

Chores

• c760403 #784 template-oss-apply for workflow permissions (#784) (@​wraithgar)
• 2677f2a #778 bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@​dependabot[bot], @​npm-cli-bot)

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

... (truncated)

Changelog

Sourced from semver's changelog.

7.7.2 (2025-05-12)

Bug Fixes

• fcafb61 #780 add missing 'use strict' directives (#780) (@​Fdawgs)
• c99f336 #781 prerelease identifier starting with digits (#781) (@​mbtools)

Chores

• c760403 #784 template-oss-apply for workflow permissions (#784) (@​wraithgar)
• 2677f2a #778 bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@​dependabot[bot], @​npm-cli-bot)

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

... (truncated)

Commits

• 281055e chore: release 7.7.2 (#783)
• fcafb61 fix: add missing 'use strict' directives (#780)
• c760403 chore: template-oss-apply for workflow permissions (#784)
• c99f336 fix: prerelease identifier starting with digits (#781)
• 2677f2a chore: bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778)
• 0b98655 chore: bump @​npmcli/template-oss from 4.23.4 to 4.23.6 (#760)
• 30c438b chore: release 7.7.1 (#765)
• af761c0 fix(inc): fully capture prerelease identifier (#764)
• 2cfcbb5 chore: release 7.7.0 (#750)
• d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates npm from 6.14.18 to 11.9.0

Release notes

Sourced from npm's releases.

v11.9.0

11.9.0 (2026-02-04)

Features

• f5f6cf7 #8943 config: add --allow-git (@​wraithgar)

Bug Fixes

• 2242f25 #8952 webauth: improve error messages around webauth in non-TTY (#8952) (@​Andarist)

Dependencies

• 332c9f3 #8960 glob@13.0.1
• eca02c7 #8960 minimatch@10.1.2 @isaacs/brace-expansion@5.0.1
• b3f8475 #8951 minipass-fetch@5.0.1
• 924171b #8951 is-cidr@6.0.2
• 4404002 #8951 ci-info@4.4.0
• b65af73 #8951 lru-cache@11.2.5
• 164c355 #8951 tar@7.5.7
• a74a19c #8951 node-gyp@12.2.0
• e0bc212 #8943 pacote@21.1.0

Chores

• 4a82a8f #8951 dev dependency updates (@​wraithgar)
• workspace: @npmcli/arborist@9.2.0
• workspace: @npmcli/config@10.6.0
• workspace: libnpmdiff@8.1.0
• workspace: libnpmexec@10.2.0
• workspace: libnpmfund@7.0.14
• workspace: libnpmpack@9.1.0

v11.8.0

11.8.0 (2026-01-21)

Features

• 545e861 #8828 show proxy environment variables in npm config list (Max Black)

Bug Fixes

• c2f784d #8859 preserve serialNumber UUID in CycloneDX SBOM output #8837 (#8859) (@​saksham-malhotra-27)
• f2c3af7 #8840 more intuitive byte formatting boundaries for rounding (#8840) (@​watilde)

Documentation

• 3474ec3 #8866 fix typo/logic error in npm-dedupe docs (#8866) (@​Schweinepriester)
• 5552e46 #8797 npm-install: explain package-lock.json behavior (#8797) (@​MaxBlack-dev, Max Black)

Dependencies

• f478ca0 #8919 postcss-selector-parser@7.1.1
• 2b6a71f #8919 path-scurry@2.0.1
• 19096f2 #8919 sigstore@4.1.0
• e7f5d1e #8919 lru-cache@11.2.4
• 9e756ae #8919 ip-address@10.1.0
• f951820 #8919 common-ancestor-path@2.0.0
• 7a949ad #8919 @sigstore/verify@3.1.0
• 6979ce1 #8919 @sigstore/sign@4.1.0
• b4a6a41 #8919 @sigstore/core@3.1.0
• dc8a8e8 #8919 @sigstore/tuf@4.0.1
• be221ea #8919 validate-npm-package-name@7.0.2
• 149823d #8919 diff@8.0.3
• 32b2001 #8919 tar@7.5.4

Chores

... (truncated)

Changelog

Sourced from npm's changelog.

11.9.0 (2026-02-04)

Features

• f5f6cf7 #8943 config: add --allow-git (@​wraithgar)

Bug Fixes

• 2242f25 #8952 webauth: improve error messages around webauth in non-TTY (#8952) (@​Andarist)

Dependencies

• 332c9f3 #8960 glob@13.0.1
• eca02c7 #8960 minimatch@10.1.2 @isaacs/brace-expansion@5.0.1
• b3f8475 #8951 minipass-fetch@5.0.1
• 924171b #8951 is-cidr@6.0.2
• 4404002 #8951 ci-info@4.4.0
• b65af73 #8951 lru-cache@11.2.5
• 164c355 #8951 tar@7.5.7
• a74a19c #8951 node-gyp@12.2.0
• e0bc212 #8943 pacote@21.1.0

Chores

• 4a82a8f #8951 dev dependency updates (@​wraithgar)
• workspace: @npmcli/arborist@9.2.0
• workspace: @npmcli/config@10.6.0
• workspace: libnpmdiff@8.1.0
• workspace: libnpmexec@10.2.0
• workspace: libnpmfund@7.0.14
• workspace: libnpmpack@9.1.0

11.8.0 (2026-01-21)

Features

• 545e861 #8828 show proxy environment variables in npm config list (Max Black)

Bug Fixes

• c2f784d #8859 preserve serialNumber UUID in CycloneDX SBOM output #8837 (#8859) (@​saksham-malhotra-27)
• f2c3af7 #8840 more intuitive byte formatting boundaries for rounding (#8840) (@​watilde)

Documentation

• 3474ec3 #8866 fix typo/logic error in npm-dedupe docs (#8866) (@​Schweinepriester)
• 5552e46 #8797 npm-install: explain package-lock.json behavior (#8797) (@​MaxBlack-dev, Max Black)

Dependencies

• f478ca0 #8919 postcss-selector-parser@7.1.1
• 2b6a71f #8919 path-scurry@2.0.1
• 19096f2 #8919 sigstore@4.1.0
• e7f5d1e #8919 lru-cache@11.2.4
• 9e756ae #8919 ip-address@10.1.0
• f951820 #8919 common-ancestor-path@2.0.0
• 7a949ad #8919 @sigstore/verify@3.1.0
• 6979ce1 #8919 @sigstore/sign@4.1.0
• b4a6a41 #8919 @sigstore/core@3.1.0
• dc8a8e8 #8919 @sigstore/tuf@4.0.1
• be221ea #8919 validate-npm-package-name@7.0.2
• 149823d #8919 diff@8.0.3
• 32b2001 #8919 tar@7.5.4

Chores

• 8f599df #8919 pin jsdom to 27.0.0 (@​wraithgar)
• f4f1161 #8919 dev dependency updates (@​wraithgar)

... (truncated)

Commits

• 417daa7 chore: release 11.9.0
• 332c9f3 deps: glob@13.0.1
• eca02c7 deps: minimatch@10.1.2 @​isaacs/brace-expansion@​5.0.1
• 2242f25 fix(webauth): improve error messages around webauth in non-TTY (#8952)
• b3f8475 deps: minipass-fetch@5.0.1
• 4a82a8f chore: dev dependency updates
• 924171b deps: is-cidr@6.0.2
• 4404002 deps: ci-info@4.4.0
• b65af73 deps: lru-cache@11.2.5
• 164c355 deps: tar@7.5.7
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
npm	[>= 7.a, < 8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.