deps(deps): bump otplib from 12.0.1 to 13.3.0 in the auth group by dependabot[bot] · Pull Request #65 · Aloklok/blinko

dependabot · 2026-02-23T01:18:03Z

Bumps the auth group with 1 update: otplib.

Updates otplib from 12.0.1 to 13.3.0

Release notes

otplib 13.3.0

What's Changed

ci: standardize workflow naming and add release artifacts by @yeojz in yeojz/otplib#775

chore(deps-dev): bump turbo from 2.7.5 to 2.7.6 in the dev-dependencies-patch group by @dependabot[bot] in yeojz/otplib#773

chore(deps): bump changesets/action from 1.5.3 to 1.6.0 in the github-actions group by @dependabot[bot] in yeojz/otplib#774

chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @dependabot[bot] in yeojz/otplib#772

feat(cli): add otplib-cli application by @yeojz in yeojz/otplib#771

Potential fix for code scanning alert no. 2: Workflow does not contain permissions by @yeojz in yeojz/otplib#776

Implement least privilege permissions across all GitHub workflows by @Copilot in yeojz/otplib#777

feat(test): add distribution tests package for cross-runtime testing by @yeojz in yeojz/otplib#778

chore(deps): bump commander from 14.0.2 to 14.0.3 in the dependencies-patch group by @dependabot[bot] in yeojz/otplib#781

chore(deps): bump actions/checkout from 4 to 6 in the github-actions group by @dependabot[bot] in yeojz/otplib#785

chore(deps-dev): bump turbo from 2.7.6 to 2.8.1 in the dev-dependencies-minor group by @dependabot[bot] in yeojz/otplib#782

chore(deps-dev): bump lefthook from 2.0.15 to 2.0.16 in the dev-dependencies-patch group by @dependabot[bot] in yeojz/otplib#783

feat: security improvements and HOTP update-counter command by @yeojz in yeojz/otplib#780

chore: update docs by @yeojz in yeojz/otplib#786

Pin GitHub Actions to commit SHAs and update dependencies by @yeojz in yeojz/otplib#787

fix: harden OTP validation and URI parsing; bubble up TOTP replay controls through otplib by @yeojz in yeojz/otplib#788

feat: add OTPHooks for custom token encoding and validation by @yeojz in yeojz/otplib#790

chore(deps-dev): bump the dev-dependencies-minor group with 5 updates by @dependabot[bot] in yeojz/otplib#791

chore(deps-dev): bump turbo from 2.8.1 to 2.8.3 in the dev-dependencies-patch group by @dependabot[bot] in yeojz/otplib#792

release(cli): v2.0.0 by @github-actions[bot] in yeojz/otplib#795

chore: upgrade development Node.js baseline to 24 by @yeojz in yeojz/otplib#794

chore(deps-dev): bump @types/node from 20.19.30 to 25.2.2 by @dependabot[bot] in yeojz/otplib#793

release(packages): v13.3.0 by @github-actions[bot] in yeojz/otplib#796

New Contributors

@Copilot made their first contribution in yeojz/otplib#777

Full Changelog: yeojz/otplib@v13.2.1...v13.3.0

v13.2.1

What's Changed

docs: refine mobile hero and base32 guidance by @yeojz in yeojz/otplib#767

docs: improve plugin guides and light mode UI contrast by @yeojz in yeojz/otplib#768

ci: update package versions by @github-actions[bot] in yeojz/otplib#769

Full Changelog: yeojz/otplib@v13.2.0...v13.2.1

v13.2.0

What's Changed

docs: add legacy Google Authenticator troubleshooting guide by @yeojz in yeojz/otplib#754

feat: add tuple semantics for counterTolerance with look-ahead default by @yeojz in yeojz/otplib#753

docs: clarify Base32 as default encoding for string secrets by @yeojz in yeojz/otplib#755

feat(docs): improve landing page UI with cipher theme by @yeojz in yeojz/otplib#757

feat(plugin-base32-bypass): add base32 bypass plugin by @yeojz in yeojz/otplib#756

chore(deps-dev): bump prettier from 3.7.4 to 3.8.0 in the dev-dependencies-minor group by @dependabot[bot] in yeojz/otplib#758

feat(totp): add afterTimeStep parameter for replay protection by @yeojz in yeojz/otplib#749

feat(adapters): initialize guardrails once in v11/v12 adapter constructors by @yeojz in yeojz/otplib#763

... (truncated)

Commits

fe462ac release(packages): v13.3.0 (#796)
09f301f feat: add OTPHooks for custom token encoding and validation (#790)
476f345 fix: harden OTP validation and URI parsing; bubble up TOTP replay controls th...
972d355 Pin GitHub Actions to commit SHAs and update dependencies (#787)
ada9445 feat(test): add distribution tests package for cross-runtime testing (#778)
99485e6 feat(cli): add otplib-cli application (#771)
5847b3e ci: update package versions (#769)
5ffba5c docs: improve plugin guides and light mode UI contrast (#768)
23db7ac ci: update package versions (#766)
cdbd622 feat(plugin-base32-alt): add hex and base64 bypass plugins (#765)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for otplib since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the auth group with 1 update: [otplib](https://github.com/yeojz/otplib/tree/HEAD/packages/otplib). Updates `otplib` from 12.0.1 to 13.3.0 - [Release notes](https://github.com/yeojz/otplib/releases) - [Changelog](https://github.com/yeojz/otplib/blob/main/release.config.json) - [Commits](https://github.com/yeojz/otplib/commits/v13.3.0/packages/otplib) --- updated-dependencies: - dependency-name: otplib dependency-version: 13.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: auth ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 23, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/auth-4f7fa9d931 branch from fd9f92a to 0c71d53 Compare March 2, 2026 01:12

dependabot bot force-pushed the dependabot/npm_and_yarn/auth-4f7fa9d931 branch from 0c71d53 to d9d3095 Compare March 9, 2026 01:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump otplib from 12.0.1 to 13.3.0 in the auth group#65

deps(deps): bump otplib from 12.0.1 to 13.3.0 in the auth group#65
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/auth-4f7fa9d931

dependabot bot commented on behalf of github Feb 23, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

otplib 13.3.0

What's Changed

New Contributors

v13.2.1

What's Changed

v13.2.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Feb 23, 2026 •

edited

Loading