-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the npm_and_yarn group across 5 directories with 10 updates #139868
Open
dependabot
wants to merge
1
commit into
main
Choose a base branch
from
dependabot/npm_and_yarn/npm_and_yarn-da3d19ca82
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the npm_and_yarn group with 3 updates in the / directory: [nanoid](https://github.com/ai/nanoid), [tough-cookie](https://github.com/salesforce/tough-cookie) and [webpack](https://github.com/webpack/webpack). Bumps the npm_and_yarn group with 3 updates in the /services/app-api directory: [braces](https://github.com/micromatch/braces), [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [micromatch](https://github.com/micromatch/micromatch). Bumps the npm_and_yarn group with 3 updates in the /services/ui-src directory: [nanoid](https://github.com/ai/nanoid), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [rollup](https://github.com/rollup/rollup). Bumps the npm_and_yarn group with 4 updates in the /services/uploads directory: [cross-spawn](https://github.com/moxystudio/node-cross-spawn), [semver](https://github.com/npm/node-semver), [ws](https://github.com/websockets/ws) and [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Bumps the npm_and_yarn group with 2 updates in the /tests/cypress directory: [cross-spawn](https://github.com/moxystudio/node-cross-spawn) and [tough-cookie](https://github.com/salesforce/tough-cookie). Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `tough-cookie` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.1.3...v4.1.4) Updates `webpack` from 5.91.0 to 5.97.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.91.0...v5.97.1) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `micromatch` from 4.0.4 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.4...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `path-to-regexp` from 1.8.0 to 1.9.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0) Updates `rollup` from 4.22.2 to 4.28.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.22.2...v4.28.1) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `semver` from 7.5.4 to 7.6.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.4...v7.6.3) Updates `ws` from 8.14.2 to 8.18.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.14.2...8.18.0) Updates `path-to-regexp` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `tough-cookie` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.1.3...v4.1.4) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
requested review from
BearHanded,
braxex and
ntsummers1
as code owners
December 18, 2024 17:25
dependabot
bot
added
dependencies
Pull requests that update a dependency file
javascript
Pull requests that update Javascript code
labels
Dec 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
javascript
Pull requests that update Javascript code
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 3 updates in the / directory: nanoid, tough-cookie and webpack.
Bumps the npm_and_yarn group with 3 updates in the /services/app-api directory: braces, cross-spawn and micromatch.
Bumps the npm_and_yarn group with 3 updates in the /services/ui-src directory: nanoid, path-to-regexp and rollup.
Bumps the npm_and_yarn group with 4 updates in the /services/uploads directory: cross-spawn, semver, ws and path-to-regexp.
Bumps the npm_and_yarn group with 2 updates in the /tests/cypress directory: cross-spawn and tough-cookie.
Updates
nanoid
from 3.3.7 to 3.3.8Changelog
Sourced from nanoid's changelog.
Commits
3044cd5
Release 3.3.8 version4fe3495
Update size limitd643045
Fix pool pollution, infinite loop (#510)Updates
tough-cookie
from 4.1.3 to 4.1.4Release notes
Sourced from tough-cookie's releases.
Commits
cacbc37
Bump version to 4.1.4a48fb3a
Add tests for url validation50e69bf
Merge pull request #261 from postmanlabs/fix/url-string-validation1253d58
Merge pull request #409 from corvidism/validators-to-string238367e
Add local alias fortoString
cf6debd
Fix incorrect string validation for URLMaintainer changes
This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.
Updates
webpack
from 5.91.0 to 5.97.1Release notes
Sourced from webpack's releases.
... (truncated)
Commits
3612d36
chore(release): 5.97.1eb7ac6f
fix: perf regression554be24
fix: sub define key should't be renamed when it's a defined variable5e0e780
refactor: issue #1903058fb035
fix: sub define key should't be renamed when it's a defined variableaf1fd12
perf: regression34f19cb
fix: package.json0ec7f5d
refactor: issue #190305e7b8a2
fix:package.json
644f1d1
refactor: no extra work for CSS unescapingUpdates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
cross-spawn
from 7.0.3 to 7.0.6Changelog
Sourced from cross-spawn's changelog.
Commits
77cd97f
chore(release): 7.0.66717de4
chore: upgrade standard-versionf700743
fix: update cross-spawn version to 7.0.5 in package-lock.json9a7e3b2
chore: fix build status badge0852683
chore(release): 7.0.5640d391
fix: fix escaping bug introduced by backtrackingbff0c87
chore: remove codecova7c6abc
chore: replace travis with github workflows9b9246e
chore(release): 7.0.45ff3a07
fix: disable regexp backtracking (#160)Updates
micromatch
from 4.0.4 to 4.0.8Release notes
Sourced from micromatch's releases.
Changelog
Sourced from micromatch's changelog.
... (truncated)
Commits
8bd704e
4.0.8a0e6841
run verb to generate README documentation4ec2884
Merge branch 'v4' into hauserkristof-feature/v4.0.803aa805
Merge pull request #266 from hauserkristof/feature/v4.0.8814f5f7
lint67fcce6
fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3
fix: CVE numbers in CHANGELOGd9dbd9a
feat: updated CHANGELOG2ab1315
fix: use actions/setup-node@v41406ea3
feat: rework test to work on macos with node 10,12 and 14Updates
nanoid
from 3.3.7 to 3.3.8Changelog
Sourced from nanoid's changelog.
Commits
3044cd5
Release 3.3.8 version4fe3495
Update size limitd643045
Fix pool pollution, infinite loop (#510)Updates
path-to-regexp
from 1.8.0 to 1.9.0Release notes
Sourced from path-to-regexp's releases.
Commits
c75eb10
1.9.0925ac8e
Add backtrack protection to 1.x release (#320)32a14b0
Fixre.exec('/test/route')
result (#267)Updates
rollup
from 4.22.2 to 4.28.1Release notes
Sourced from rollup's releases.
... (truncated)
Changelog
Sourced from rollup's changelog.
... (truncated)
Commits
e60fb1c
4.28.1224247b
chore(deps): lock file maintenance minor/patch updates (#5755)c3283cf
Test if saving the Cargo cache can speed up FreeBSD (#5756)87a911c
feat: AdddebugId
toSourceMap
types (#5751)1b78f74
chore(deps): update dependency mocha to v11 (#5752)89e1c70
chore(deps): update dependency vite to v6 (#5753)4d6b077
feat: add support for LoongArch (#5749)d3464e4
fix(deps): update swc monorepo (major) (#5754)0595e43
4.28.05053019
fix: supports modify the import attributes key in the config file (#5743)Updates
cross-spawn
from 7.0.3 to 7.0.6Changelog
Sourced from cross-spawn's changelog.
Commits
77cd97f
chore(release): 7.0.66717de4
chore: upgrade standard-versionf700743
fix: update cross-spawn version to 7.0.5 in package-lock.json9a7e3b2
chore: fix build status badge0852683
chore(release): 7.0.5640d391
fix: fix escaping bug introduced by backtrackingbff0c87
chore: remove codecova7c6abc
chore: replace travis with github workflows9b9246e
chore(release): 7.0.45ff3a07
fix: disable regexp backtracking (#160)Updates
semver
from 7.5.4 to 7.6.3Release notes
Sourced from semver's releases.
... (truncated)
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
0a12d6c
chore: release 7.6.3 (#720)73a3d79
fix: optimize Range parsing and formatting (#726)2975ece
docs: fix extra backtick typo (#719)eb1380b
chore: release 7.6.2 (#714)6466ba9
fix(lru): use map.delete() directly (#713)d777418
chore: release 7.6.1 (#706)988a8de
deps: uninstalllru-cache
(#709)5feeb7f
chore: postinstall for dependabot template-oss PRdd09b60
chore: bump@npmcli/template-oss
to 4.22.0c570a34
fix(linting): no-unused-varsUpdates
ws
from 8.14.2 to 8.18.0Release notes
Sourced from ws's releases.
... (truncated)
Commits
976c53c
[dist] 8.18.059b9629
[feature] Add support forBlob
(#2229)0d1b5e6
[security] Use more descriptive text for 2017 vulnerability link15f11a0
[security] Add new DoS vulnerability to SECURITY.md3c56601
[dist] 8.17.1e55e510
[security] Fix crash when the Upgrade header cannot be read (#2231)6a00029
[test] Increase code coverageddfe4a8
[perf] Reduce the amount ofcrypto.randomFillSync()
callsb73b118
[dist] 8.17.029694a5
[test] Use thehighWaterMark
variableUpdates
path-to-regexp
from 6.2.0 to 6.3.0Release notes
Sourced from path-to-regexp's releases.
Commits
c75eb10
1.9.0925ac8e
Add backtrack protection to 1.x release (#320)32a14b0
Fixre.exec('/test/route')
result (#267)Updates
cross-spawn
from 7.0.3 to 7.0.6Changelog
Sourced from cross-spawn's changelog.
Commits
77cd97f
chore(release): 7.0.66717de4
chore: upgrade standard-versionf700743
fix: update cross-spawn version to 7.0.5 in package-lock.json9a7e3b2
chore: fix build status badge0852683
chore(release): 7.0.5640d391
fix: fix escaping bug introduced by backtrackingbff0c87
chore: remove codecova7c6abc
chore: replace travis with github workflows9b9246e
chore(release): 7.0.45ff3a07
fix: disable regexp backtracking (#160)Updates
tough-cookie
from 4.1.3 to 4.1.4Release notes
Sourced from tough-cookie's releases.
Commits
cacbc37
Bump version to 4.1.4a48fb3a
Add tests for url validation50e69bf
Merge pull request #261 from postmanlabs/fix/url-string-validation1253d58
Merge pull request #409 from corvidism/validators-to-string238367e
Add local alias fortoString
cf6debd
Fix incorrect string validation for URLMaintainer changes
This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot action...
Description has been truncated