Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: googleapis/release-please
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v17.3.0
Choose a base ref
...
head repository: googleapis/release-please
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v17.4.0
Choose a head ref
  • 14 commits
  • 9 files changed
  • 7 contributors

Commits on Feb 25, 2026

  1. build(deps): bump minimatch (#2690) 

    Bumps  and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together.

Updates `minimatch` from 5.1.6 to 5.1.7
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v5.1.6...v5.1.7)

Updates `minimatch` from 3.1.2 to 3.1.3
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v5.1.6...v5.1.7)

Updates `minimatch` from 9.0.4 to 9.0.6
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v5.1.6...v5.1.7)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 5.1.7
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 3.1.3
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 9.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 25, 2026
    Configuration menu
    Copy the full SHA
    c4bc3ce View commit details
    Browse the repository at this point in the history

Commits on Mar 3, 2026

  1. build(deps): bump minimatch (#2692) 

    Bumps  and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together.

Updates `minimatch` from 5.1.7 to 5.1.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v5.1.7...v5.1.9)

Updates `minimatch` from 3.1.3 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v5.1.7...v5.1.9)

Updates `minimatch` from 9.0.6 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v5.1.7...v5.1.9)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 5.1.9
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 3, 2026
    Configuration menu
    Copy the full SHA
    6fc1fd3 View commit details
    Browse the repository at this point in the history

Commits on Mar 23, 2026

  1. build(deps-dev): bump flatted from 3.2.7 to 3.4.2 (#2711) 

    Bumps [flatted](https://github.com/WebReflection/flatted) from 3.2.7 to 3.4.2.
- [Commits](WebReflection/flatted@v3.2.7...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 23, 2026
    Configuration menu
    Copy the full SHA
    abd6133 View commit details
    Browse the repository at this point in the history

Commits on Mar 30, 2026

  1. build(deps): bump brace-expansion (#2724) 

    Bumps  and [brace-expansion](https://github.com/juliangruber/brace-expansion). These dependencies needed to be updated together.

Updates `brace-expansion` from 2.0.2 to 2.0.3
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.2...v2.0.3)

Updates `brace-expansion` from 1.1.12 to 1.1.13
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.2...v2.0.3)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 2.0.3
  dependency-type: indirect
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Mar 30, 2026
    Configuration menu
    Copy the full SHA
    3f13f5b View commit details
    Browse the repository at this point in the history

Commits on Apr 1, 2026

  1. build(deps): bump handlebars from 4.7.7 to 4.7.9 (#2721) 

    Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.7.7 to 4.7.9.
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.7...v4.7.9)

---
updated-dependencies:
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 1, 2026
    Configuration menu
    Copy the full SHA
    4e0d5bd View commit details
    Browse the repository at this point in the history

  2. chore(deps): update dependency @xmldom/xmldom to v0.8.12 [security] (#… 

    …2727)
    @renovate-bot
    renovate-bot authored Apr 1, 2026
    Configuration menu
    Copy the full SHA
    ff13e12 View commit details
    Browse the repository at this point in the history

  3. build(deps): bump @xmldom/xmldom from 0.8.6 to 0.8.12 (#2726) 

    Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.6 to 0.8.12.
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](xmldom/xmldom@0.8.6...0.8.12)

---
updated-dependencies:
- dependency-name: "@xmldom/xmldom"
  dependency-version: 0.8.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 1, 2026
    Configuration menu
    Copy the full SHA
    910ed5b View commit details
    Browse the repository at this point in the history

  4. build(deps): bump yaml from 2.3.1 to 2.8.3 (#2718) 

    Bumps [yaml](https://github.com/eemeli/yaml) from 2.3.1 to 2.8.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.3.1...v2.8.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 1, 2026
    Configuration menu
    Copy the full SHA
    7e7d1ba View commit details
    Browse the repository at this point in the history

  5. build(deps): bump picomatch from 2.3.1 to 2.3.2 (#2717) 

    Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 1, 2026
    Configuration menu
    Copy the full SHA
    3795aa8 View commit details
    Browse the repository at this point in the history

Commits on Apr 6, 2026

  1. feat: resolve Dependabot security alerts (#2709) 

    * fix: resolve critical Dependabot security alerts

Addresses multiple high and moderate vulnerabilities found via `npm audit` in devDependencies:
- Moderate: ajv (ReDoS) - Resolved via automatic fixes
- High: flatted (DoS) - Resolved via automatic fixes
- High: serialize-javascript (RCE) - Resolved via manual override

Changes:
1. Run `npm audit fix` for automatic resolution of patchable transitive dependencies.
2. Update `snap-shot-it` to `^7.9.10` in `package.json`.
3. Add `overrides` in `package.json` to force a safe version of `serialize-javascript` to `^7.0.4`.

Verified with `npm audit` (0 critical/high vulnerabilities).

* chore: update ci to be 20+

Note the kokoro images for release had a next tagged version as 22
so I chose that.

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
    @codyoss @gcf-owl-bot
    codyoss and gcf-owl-bot[bot] authored Apr 6, 2026
    Configuration menu
    Copy the full SHA
    7f2e4ec View commit details
    Browse the repository at this point in the history

  2. feat(java-yoshi-mono-repo): look for Version.java files (#2730)

    @chingor13
    chingor13 authored Apr 6, 2026
    Configuration menu
    Copy the full SHA
    5126fee View commit details
    Browse the repository at this point in the history

  3. build(deps): bump lodash from 4.17.23 to 4.18.1 (#2732) 

    Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Apr 6, 2026
    Configuration menu
    Copy the full SHA
    04200da View commit details
    Browse the repository at this point in the history

  4. build: use npm ci instead of npm install in CI workflows (#2728) 

    Co-authored-by: Jeff Ching <[email protected]>
    @suztomo @chingor13
    suztomo and chingor13 authored Apr 6, 2026
    Configuration menu
    Copy the full SHA
    2bcb715 View commit details
    Browse the repository at this point in the history

  5. chore(main): release 17.4.0 (#2731) 

    Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
    @release-please
    release-please[bot] authored Apr 6, 2026
    Configuration menu
    Copy the full SHA
    5800e47 View commit details
    Browse the repository at this point in the history
Loading