chore(deps): bump otplib from 12.0.1 to 13.4.0 in /back-end by dependabot[bot] · Pull Request #2658 · hashgraph/hedera-transaction-tool

dependabot · 2026-04-10T17:52:13Z

Bumps otplib from 12.0.1 to 13.4.0.

Release notes

v13.4.0

What's Changed

fix(deps): resolve markdown-it ReDoS vulnerability by @yeojz in yeojz/otplib#798

chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @dependabot[bot] in yeojz/otplib#800

chore: update dependabot to monthly cadence by @yeojz in yeojz/otplib#802

chore: upgrade dependencies to latest versions by @Copilot in yeojz/otplib#804

Upgrade pnpm to 10.30.1 to fix audit endpoint issue by @Copilot in yeojz/otplib#805

chore: override minimatch by @yeojz in yeojz/otplib#806

docs: improve package READMEs with accurate API context and usage examples by @yeojz in yeojz/otplib#803

Fix docs by @BobTheShoplifter in yeojz/otplib#807

ci: skip reporting job on fork PRs by @yeojz in yeojz/otplib#808

chore: override ajv to fix moderate ReDoS vulnerability by @yeojz in yeojz/otplib#809

feat: add IIFE/CDN build support to otplib by @yeojz in yeojz/otplib#810

fix: update release titles to use version-prefixed format by @yeojz in yeojz/otplib#811

chore: move otplib-cli to packages/ and sync versioning by @yeojz in yeojz/otplib#812

docs(totp): add string secrets and authenticator compatibility notes to README by @yeojz in yeojz/otplib#813

chore(deps-dev): bump the dev-dependencies-patch group with 5 updates by @dependabot[bot] in yeojz/otplib#814

chore(deps): bump the github-actions group with 3 updates by @dependabot[bot] in yeojz/otplib#816

chore(deps-dev): bump @eslint/js from 9.39.2 to 9.39.3 by @dependabot[bot] in yeojz/otplib#815

fix: override undici package security alert by @yeojz in yeojz/otplib#818

release(packages): v13.4.0 by @github-actions[bot] in yeojz/otplib#819

New Contributors

@BobTheShoplifter made their first contribution in yeojz/otplib#807

Full Changelog: yeojz/otplib@v13.3.0...v13.4.0

v13.3.0

What's Changed

ci: standardize workflow naming and add release artifacts by @yeojz in yeojz/otplib#775

chore(deps-dev): bump turbo from 2.7.5 to 2.7.6 in the dev-dependencies-patch group by @dependabot[bot] in yeojz/otplib#773

chore(deps): bump changesets/action from 1.5.3 to 1.6.0 in the github-actions group by @dependabot[bot] in yeojz/otplib#774

chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @dependabot[bot] in yeojz/otplib#772

feat(cli): add otplib-cli application by @yeojz in yeojz/otplib#771

Potential fix for code scanning alert no. 2: Workflow does not contain permissions by @yeojz in yeojz/otplib#776

Implement least privilege permissions across all GitHub workflows by @Copilot in yeojz/otplib#777

feat(test): add distribution tests package for cross-runtime testing by @yeojz in yeojz/otplib#778

chore(deps): bump commander from 14.0.2 to 14.0.3 in the dependencies-patch group by @dependabot[bot] in yeojz/otplib#781

chore(deps): bump actions/checkout from 4 to 6 in the github-actions group by @dependabot[bot] in yeojz/otplib#785

chore(deps-dev): bump turbo from 2.7.6 to 2.8.1 in the dev-dependencies-minor group by @dependabot[bot] in yeojz/otplib#782

chore(deps-dev): bump lefthook from 2.0.15 to 2.0.16 in the dev-dependencies-patch group by @dependabot[bot] in yeojz/otplib#783

feat: security improvements and HOTP update-counter command by @yeojz in yeojz/otplib#780

chore: update docs by @yeojz in yeojz/otplib#786

Pin GitHub Actions to commit SHAs and update dependencies by @yeojz in yeojz/otplib#787

fix: harden OTP validation and URI parsing; bubble up TOTP replay controls through otplib by @yeojz in yeojz/otplib#788

feat: add OTPHooks for custom token encoding and validation by @yeojz in yeojz/otplib#790

chore(deps-dev): bump the dev-dependencies-minor group with 5 updates by @dependabot[bot] in yeojz/otplib#791

chore(deps-dev): bump turbo from 2.8.1 to 2.8.3 in the dev-dependencies-patch group by @dependabot[bot] in yeojz/otplib#792

release(cli): v2.0.0 by @github-actions[bot] in yeojz/otplib#795

chore: upgrade development Node.js baseline to 24 by @yeojz in yeojz/otplib#794

... (truncated)

Commits

e5490bb release(packages): v13.4.0 (#819)
3352eeb docs(totp): add string secrets and authenticator compatibility notes to READM...
9038272 feat: add IIFE/CDN build support to otplib (#810)
4fd86b5 chore: update readme tip/important blocks
6c9ed1c docs: improve package READMEs with accurate API context and usage examples (#...
fe462ac release(packages): v13.3.0 (#796)
09f301f feat: add OTPHooks for custom token encoding and validation (#790)
476f345 fix: harden OTP validation and URI parsing; bubble up TOTP replay controls th...
972d355 Pin GitHub Actions to commit SHAs and update dependencies (#787)
ada9445 feat(test): add distribution tests package for cross-runtime testing (#778)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for otplib since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [otplib](https://github.com/yeojz/otplib/tree/HEAD/packages/otplib) from 12.0.1 to 13.4.0. - [Release notes](https://github.com/yeojz/otplib/releases) - [Commits](https://github.com/yeojz/otplib/commits/v13.4.0/packages/otplib) --- updated-dependencies: - dependency-name: otplib dependency-version: 13.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 10, 2026

dependabot bot requested a review from a team as a code owner April 10, 2026 17:52

dependabot bot added the javascript Pull requests that update Javascript code label Apr 10, 2026

dependabot bot requested a review from steven-sheehy April 10, 2026 17:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump otplib from 12.0.1 to 13.4.0 in /back-end#2658

chore(deps): bump otplib from 12.0.1 to 13.4.0 in /back-end#2658
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/back-end/otplib-13.4.0

dependabot bot commented on behalf of github Apr 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 10, 2026

v13.4.0

What's Changed

New Contributors

v13.3.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants