-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the npm_and_yarn group across 1 directory with 21 updates #3
Open
dependabot
wants to merge
1
commit into
master
Choose a base branch
from
dependabot/npm_and_yarn/npm_and_yarn-security-group-c7ae6609ef
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Bump the npm_and_yarn group across 1 directory with 21 updates #3
dependabot
wants to merge
1
commit into
master
from
dependabot/npm_and_yarn/npm_and_yarn-security-group-c7ae6609ef
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the npm_and_yarn group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [ejs](https://github.com/mde/ejs) | `2.5.7` | `` | | [size-limit](https://github.com/ai/size-limit) | `0.11.6` | `11.1.1` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.0.10` | `4.7.8` | | [postcss](https://github.com/postcss/postcss) | `5.2.18` | `8.4.35` | | [css-loader](https://github.com/webpack-contrib/css-loader) | `0.28.7` | `6.10.0` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.3.1` | `1.4.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.4` | `4.17.21` | | [ini](https://github.com/npm/ini) | `1.3.4` | `1.3.8` | | [david](https://github.com/alanshaw/david) | `11.0.0` | `11.1.0` | | [got](https://github.com/sindresorhus/got) | `6.7.1` | `` | | [david](https://github.com/alanshaw/david) | `11.1.0` | `11.1.1` | | [https-proxy-agent](https://github.com/TooTallNate/proxy-agents/tree/HEAD/packages/https-proxy-agent) | `1.0.0` | `2.2.4` | | [nsp](https://github.com/nodesecurity/nsp) | `2.8.1` | `3.2.1` | | [url-parse](https://github.com/unshiftio/url-parse) | `1.1.9` | `1.5.10` | | [original](https://github.com/unshiftio/original) | `1.0.0` | `1.0.2` | Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Removes `ejs` Updates `size-limit` from 0.11.6 to 11.1.1 - [Release notes](https://github.com/ai/size-limit/releases) - [Changelog](https://github.com/ai/size-limit/blob/main/CHANGELOG.md) - [Commits](ai/size-limit@0.11.6...11.1.1) Updates `handlebars` from 4.0.10 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.0.10...v4.7.8) Updates `postcss` from 5.2.18 to 8.4.35 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/commits/8.4.35) Updates `css-loader` from 0.28.7 to 6.10.0 - [Release notes](https://github.com/webpack-contrib/css-loader/releases) - [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md) - [Commits](webpack-contrib/css-loader@v0.28.7...v6.10.0) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `jsprim` from 1.3.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `lodash` from 4.17.4 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.4...4.17.21) Updates `ini` from 1.3.4 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.4...v1.3.8) Updates `david` from 11.0.0 to 11.1.0 - [Changelog](https://github.com/alanshaw/david/blob/master/CHANGELOG.md) - [Commits](alanshaw/david@v11.0.0...v11.1.0) Updates `npm-user-validate` from 0.1.5 to 1.0.1 - [Release notes](https://github.com/npm/npm-user-validate/releases) - [Changelog](https://github.com/npm/npm-user-validate/blob/main/CHANGELOG.md) - [Commits](npm/npm-user-validate@v0.1.5...v1.0.1) Updates `tough-cookie` from 2.3.2 to 2.3.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.3.2...v2.3.3) Updates `tar` from 2.2.1 to 4.4.19 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v2.2.1...v4.4.19) Updates `dot-prop` from 4.1.1 to 4.2.1 - [Release notes](https://github.com/sindresorhus/dot-prop/releases) - [Commits](sindresorhus/dot-prop@v4.1.1...v4.2.1) Removes `got` Updates `david` from 11.1.0 to 11.1.1 - [Changelog](https://github.com/alanshaw/david/blob/master/CHANGELOG.md) - [Commits](alanshaw/david@v11.0.0...v11.1.0) Updates `https-proxy-agent` from 1.0.0 to 2.2.4 - [Release notes](https://github.com/TooTallNate/proxy-agents/releases) - [Changelog](https://github.com/TooTallNate/proxy-agents/blob/main/packages/https-proxy-agent/CHANGELOG.md) - [Commits](https://github.com/TooTallNate/proxy-agents/commits/2.2.4/packages/https-proxy-agent) Updates `nsp` from 2.8.1 to 3.2.1 - [Commits](https://github.com/nodesecurity/nsp/commits/v3.2.1) Updates `url-parse` from 1.1.9 to 1.5.10 - [Commits](unshiftio/url-parse@1.1.9...1.5.10) Updates `original` from 1.0.0 to 1.0.2 - [Commits](unshiftio/original@1.0.0...1.0.2) --- updated-dependencies: - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: size-limit dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: handlebars dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: css-loader dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ini dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: david dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: npm-user-validate dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: dot-prop dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: got dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: david dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: https-proxy-agent dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: nsp dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: url-parse dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: original dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
Pull requests that update a dependency file
label
Mar 17, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 17 updates in the / directory:
4.0.4
4.2.3
2.5.7
0.11.6
11.1.1
4.0.10
4.7.8
5.2.18
8.4.35
0.28.7
6.10.0
1.1.5
1.1.9
0.2.3
0.4.0
1.4.1
1.4.2
1.3.1
1.4.2
4.17.4
4.17.21
1.3.4
1.3.8
11.0.0
11.1.0
6.7.1
11.1.0
11.1.1
1.0.0
2.2.4
2.8.1
3.2.1
1.1.9
1.5.10
1.0.0
1.0.2
Updates
browserify-sign
from 4.0.4 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
... (truncated)
Commits
bf2c3ec
v4.2.39247adf
[patch] widen support to 0.12f427270
[Deps] update `parse-asn187f3a35
[Dev Deps] updateaud
,npmignore
,tape
fb261ce
[Deps] updateelliptic
4d0ee49
[patch] drop minimum node support to v19e2bf12
[Deps] pinhash-base
to ~3.0, due to a breaking change168e16f
[Deps] pinelliptic
due to a breaking change37a4758
[actions] remove redundant finisher4af5a90
v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Removes
ejs
Updates
size-limit
from 0.11.6 to 11.1.1Release notes
Sourced from size-limit's releases.
Changelog
Sourced from size-limit's changelog.
... (truncated)
Commits
2d063b9
Release 11.1.1 versionbf49080
Update dependencies1d07215
Fix config file path resolution on windows (#359)20ba5da
Release 11.1 version388845b
Add TS docsb36e823
Add support for TypeScript config files (.size-limit.ts
,.size-limit.mts
,...4ffac80
Fix ensure compatibility with ES and CommonJS module systems for StatoscopeWe...986857c
Revert "Fix StatoscopeWebpackPlugin import to support default export (#357)"cb1844f
Fix StatoscopeWebpackPlugin import to support default export (#357)450ae46
Release 11.0.3 versionUpdates
handlebars
from 4.0.10 to 4.7.8Release notes
Sourced from handlebars's releases.
Changelog
Sourced from handlebars's changelog.
... (truncated)
Commits
8dc3d25
v4.7.8668c4fb
Fix browser tests in CI pipelinec65c6cc
Test on Node 183d3796c
Make library compatible with workers075b354
Fix sync issue with npm lock-file30dbf04
Fix compiling of each block params in strict modee3a5448
Fix bundler issue with webpack 58e23642
Fix integration-tests issue with npm >= 788ac068
use https instead of git for mustache submodulec68bc08
Fix typoMaintainer changes
This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.
Updates
postcss
from 5.2.18 to 8.4.35Release notes
Sourced from postcss's releases.
... (truncated)
Changelog
Sourced from postcss's changelog.
... (truncated)
Commits
Updates
css-loader
from 0.28.7 to 6.10.0Release notes
Sourced from css-loader's releases.
... (truncated)
Changelog
Sourced from css-loader's changelog.
... (truncated)
Commits
7bbb57c
chore(release): 6.10.0d641c4d
feat: pass theresourceQuery
andresourceFragment
to theauto
and `mode...3924679
feat: add@rspack/core
as an optional peer dependency (#1568)6f43929
feat: support named exports with any charactersf9192ee
chore(release): 6.9.16515be0
fix: css nesting support and@scope
at-rule0751f7a
docs: update (#1562)2d17551
chore(release): 6.9.0e38116f
chore: update dependencies to latest version (#1561)d09ff73
test: getLocalIdent and node type (#1560)Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for css-loader since your current version.
Updates
ip
from 1.1.5 to 1.1.9Commits
1ecbf2f
1.1.96a3ada9
lib: fixed CVE-2023-42282 and added unit test5dc3b2f
1.1.88e6f28b
lib: even better node 6 support088c9e5
1.1.71a4ca35
lib: add back support for Node.js 6af82ef4
1.1.6dba19f6
package: exclude test folder from publishing7cd7f30
ci: use github workflows4de50ae
lib: node 18 supportUpdates
json-schema
from 0.2.3 to 0.4.0Commits
f6f6a3b
Use a little more robust method of checking instancesef60987
Update versionb62f1da
Protect against constructor modification, #84fb427cd
Link to json-schema-org repository in addition to site, fixes #5422f1461
Don't allow proto property to be used for schema default/coerce, fixes #84c52a27c
Get basic test to passb3f42b3
Add security policy3b0cec3
Update versionc28470f
Update readme to acknowledge the state of the package7dff9cd
Merge pull request #81 from hodovani/patch-1Updates
jsprim
from 1.4.1 to 1.4.2Changelog
Sourced from jsprim's changelog.
Commits
5c8475f
joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.xMaintainer changes
This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.
Updates
jsprim
from 1.3.1 to 1.4.2Changelog
Sourced from jsprim's changelog.
Commits
5c8475f
joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.xMaintainer changes
This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.
Updates
lodash
from 4.17.4 to 4.17.21Commits
f299b52
Bump to v4.17.21c4847eb
Improve performance oftoNumber
,trim
andtrimEnd
on large input strings3469357
Prevent command injection through_.template
'svariable
optionded9bc6
Bump to v4.17.20.63150ef
Documentation fixes.00f0f62
test.js: Remove trailing comma.846e434
Temporarily use a custom fork oflodash-cli
.5d046f3
Re-enable Travis tests on4.17
branch.aa816b3
Remove/npm-package
.d7fbc52
Bump to v4.17.19Maintainer changes
This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.
Updates
ini
from 1.3.4 to 1.3.8Commits
a2c5da8
1.3.8af5c6bb
Do not use Object.create(null)8b648a1
don't test where our devdeps don't even workc74c8af
1.3.7024b8b5
update deps, add linting032fbaf
Use Object.create(null) to avoid default object property hazards2da9039
1.3.6cfea636
better git push script, before publish instead of after56d2805
do not allow invalid hazardous string as section name738eca5
v1.3.5Maintainer changes
This version was pushed to npm by isaacs, a new releaser for ini since your current version.
Updates
david
from 11.0.0 to 11.1.0Changelog
Sourced from david's changelog.
Commits
73fc671
11.1.08497cae
chore: update dependenciesa198ada
feat: ignore dependencies via globs (#144)c29013f
chore: update deps and README (#154)008beaf
Merge pull request #146 from DanielRuf/chore/cache-node-modulesd0a2e19
Merge branch 'master' into chore/cache-node-modulesd180e8d
Merge pull request #147 from DanielRuf/chore/add-nodejs-8-10cc5db9f
Merge pull request #145 from DanielRuf/chore/clone-last-5-commits9aeda4e
chore: cache node_modulesd4bf0e6
chore: clone last 5 commitsUpdates
npm-user-validate
from 0.1.5 to 1.0.1Changelog
Sourced from npm-user-validate's changelog.
Commits
5c5471c
1.0.1c8a87da
fix: update email validationcd75393
Publish only the minimum of filesdf602d6
1.0.0ac3b200
fix: added regex for blocking illegal characters in usernamesc800063
fix: update build environmentUpdates
tough-cookie
from 2.3.2 to 2.3.3Commits
12d4266
2.3.398e0916
Merge pull request #97 from salesforce/spaces-ReDoS4e2fb0b
Document the 256 spaces limitf1ed420
Constrain spaces before = to 256fcc8abf
Merge pull request #96 from YevhenLukomskyi/fix-test1002fb4
fix testa928b54
Merge pull request #83 from awaterma/public-suffixed31ba4
Updates to public suffix list.92d5448
Dockerized project. Added .npmignore for docker files.ee60643
CookieJar.deserialize does not modify its inputUpdates
tar
from 2.2.1 to 4.4.19Changelog
Sourced from tar's changelog.
... (truncated)
Commits
9a6faa0
4.4.1970ef812
drop dirCache for symlink on all platforms3e35515
4.4.1852b09e3
fix: prevent path escape using drive-relative pathsbb93ba2
fix: reserve paths properly for unicode, windows2f1bca0
fix: prune dirCache properly for unicode, windows9bf70a8
4.4.176aafff0
fix: skip extract if linkpath is stripped entirely5c5059a
fix: reserve paths case-insensitivelyfd6accb
4.4.16Maintainer changes
This version was pushed to npm by isaacs, a new releaser for tar since your current version.
Updates
dot-prop
from 4.1.1 to 4.2.1Release notes
Sourced from dot-prop's releases.
Commits
c914124
feat: patch 4.2.0 with fixes for CVE-2020-811670f7ed8
4.2.0df49d33
Return object from the.set()
method (#42)Removes
got
Updates
david
from 11.1.0 to 11.1.1Changelog
Sourced from david's changelog.
Commits
73fc671
11.1.08497cae
chore: update dependenciesa198ada
feat: ignore dependencies via globs (#144)c29013f
chore: update deps and README (#154)008beaf
Merge pull request #146 from DanielRuf/chore/cache-node-modulesd0a2e19
Merge branch 'master' into chore/cache-node-modulesd180e8d
Merge pull request #147 from DanielRuf/chore/add-nodejs-8-10cc5db9f
Merge pull request #145 from DanielRuf/chore/clone-last-5-commits9aeda4e
chore: cache node_modulesd4bf0e6
chore: clone last 5 commitsUpdates
https-proxy-agent
from 1.0.0 to 2.2.4Commits
Updates
nsp
from 2.8.1 to 3.2.1Commits
Updates
url-parse
from 1.1.9 to 1.5.10Commits
8cd4c6c
1.5.10ce7a01f
[fix] Improve handling of empty port0071490
[doc] Update JSDoc commenta7044e3
[minor] Use more descriptive variable named547792
[security] Add credits for CVE-2022-0691ad23357
1.5.90e3fb54
[fix] Strip all control characters from the beginning of the URL61864a8
[security] Add credits for CVE-2022-0686bb0104d
1.5.8d5c6479
[fix] Handle the case where the port is specified but emptyUpdates
original
from 1.0.0 to 1.0.2Commits
3a6b7df
[dist] 1.0.27658407
[pkg] Bump url-parse to latestf060834
[dist] 1.0.1da879e4
chore(package): update assume to version 2.0.1 (#14)