-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the npm_and_yarn group across 1 directory with 13 updates #7
Closed
dependabot
wants to merge
1
commit into
master
from
dependabot/npm_and_yarn/npm_and_yarn-security-group-1c85ba0f44
Closed
Bump the npm_and_yarn group across 1 directory with 13 updates #7
dependabot
wants to merge
1
commit into
master
from
dependabot/npm_and_yarn/npm_and_yarn-security-group-1c85ba0f44
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the npm_and_yarn group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.8.4` | `7.24.1` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.19.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.10.0` | `1.15.6` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [terser](https://github.com/terser/terser) | `4.6.3` | `4.8.1` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `@babel/traverse` from 7.8.4 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `express` from 4.17.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.1...4.19.2) Updates `follow-redirects` from 1.10.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.10.0...v1.15.6) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `lodash` from 4.17.15 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `terser` from 4.6.3 to 4.8.1 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v4.6.3...v4.8.1) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: terser dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
Pull requests that update a dependency file
label
Mar 26, 2024
Superseded by #8. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/npm_and_yarn-security-group-1c85ba0f44
branch
April 23, 2024 00:22
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 13 updates in the / directory:
7.8.4
7.24.1
4.0.4
4.2.3
0.2.0
0.2.2
0.10.53
0.10.64
4.17.1
4.19.2
1.10.0
1.15.6
1.1.5
1.1.9
1.0.1
1.0.2
4.17.15
4.17.21
6.5.2
6.5.3
5.7.1
5.7.2
4.6.3
4.8.1
1.2.3
1.2.5
Updates
@babel/traverse
from 7.8.4 to 7.24.1Release notes
Sourced from
@babel/traverse
's releases.... (truncated)
Changelog
Sourced from
@babel/traverse
's changelog.... (truncated)
Commits
822b025
v7.24.1fc0d5ad
Update typescript and lint tools (#16351)69e7928
Consider well-known and registered symbols as literals (#16342)40110e9
Update source map deps (#16327)ce59160
v7.24.0bd5abd5
fix: avoidpopContext
on unvisited node paths (#16305)08a057c
UseObject.hasOwn
when available (#16248)a0dd614
v7.23.91200542
fix: Don't throw ingetTypeAnnotation
when using TS+inference (#15383)e428a6d
v7.23.7Updates
browserify-sign
from 4.0.4 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
... (truncated)
Commits
bf2c3ec
v4.2.39247adf
[patch] widen support to 0.12f427270
[Deps] update `parse-asn187f3a35
[Dev Deps] updateaud
,npmignore
,tape
fb261ce
[Deps] updateelliptic
4d0ee49
[patch] drop minimum node support to v19e2bf12
[Deps] pinhash-base
to ~3.0, due to a breaking change168e16f
[Deps] pinelliptic
due to a breaking change37a4758
[actions] remove redundant finisher4af5a90
v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
decode-uri-component
from 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea46
0.2.2980e0bf
Prevent overwriting previously decoded tokens3c8a373
0.2.176abc93
Switch to GitHub workflows746ca5d
Fix issue where decode throws - fixes #6486d7e2
Update license (#1)a650457
Tidelift tasks66e1c28
Meta tweaksUpdates
es5-ext
from 0.10.53 to 0.10.64Release notes
Sourced from es5-ext's releases.
... (truncated)
Changelog
Sourced from es5-ext's changelog.
... (truncated)
Commits
f76b03d
chore: Release v0.10.642881acd
chore: Bump dependenciesc2e2bb9
fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72
docs: Fix date in the changelogde4e03c
chore: Release v0.10.633fd53b7
chore: Upgradelint-staged
to v13bf8ed79
chore: Ensure postinstall script does not crash on Windows2cbbb07
chore: Bump dependencies22d0416
chore: Bump LICENSE yeara52e957
fix: Support ES2015+ function definitions infunction#toStringTokens()
Updates
express
from 4.17.1 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: [email protected]Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
follow-redirects
from 1.10.0 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
ip
from 1.1.5 to 1.1.9Commits
1ecbf2f
1.1.96a3ada9
lib: fixed CVE-2023-42282 and added unit test5dc3b2f
1.1.88e6f28b
lib: even better node 6 support088c9e5
1.1.71a4ca35
lib: add back support for Node.js 6af82ef4
1.1.6dba19f6
package: exclude test folder from publishing7cd7f30
ci: use github workflows4de50ae
lib: node 18 supportUpdates
json5
from 1.0.1 to 1.0.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e
1.0.2e0c23fe
docs: update CHANGELOG for v1.0.262a6540
fix: add proto to objects and arraysUpdates
lodash
from 4.17.15 to 4.17.21Commits
f299b52
Bump to v4.17.21c4847eb
Improve performance oftoNumber
,trim
andtrimEnd
on large input strings3469357
Prevent command injection through_.template
'svariable
optionded9bc6
Bump to v4.17.20.63150ef
Documentation fixes.00f0f62
test.js: Remove trailing comma.846e434
Temporarily use a custom fork oflodash-cli
.5d046f3
Re-enable Travis tests on4.17
branch.aa816b3
Remove/npm-package
.d7fbc52
Bump to v4.17.19Maintainer changes
This version was pushed to npm by bnjmnt4n, a new releaser for lodash since y...
Description has been truncated