-
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump the npm_and_yarn group across 3 directories with 25 updates #1619
base: master
Are you sure you want to change the base?
chore(deps): bump the npm_and_yarn group across 3 directories with 25 updates #1619
Conversation
… updates Bumps the npm_and_yarn group with 1 update in the /definitelyTypedTests directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 2 updates in the /performance directory: [minimatch](https://github.com/isaacs/minimatch) and [braces](https://github.com/micromatch/braces). Bumps the npm_and_yarn group with 18 updates in the /ui directory: | Package | From | To | | --- | --- | --- | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [minimist](https://github.com/minimistjs/minimist) | `0.2.1` | `1.2.8` | | [node-sass](https://github.com/sass/node-sass) | `4.14.1` | `9.0.0` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.7.4` | `7.25.6` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.9.6` | `7.25.6` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.11.5` | `7.25.6` | | [ajv](https://github.com/ajv-validator/ajv) | `6.10.2` | `6.12.6` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.2` | `6.12.6` | | [async](https://github.com/caolan/async) | `2.6.3` | `2.6.4` | | [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.20.0` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.3` | `6.5.7` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.5.10` | `1.15.9` | | [gatsby](https://github.com/gatsbyjs/gatsby) | `2.24.57` | `2.32.13` | | [lodash-es](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` | | [moment](https://github.com/moment/moment) | `2.28.0` | `2.30.1` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` | | [thenify](https://github.com/thenables/thenify) | `3.3.0` | `3.3.1` | | [url-parse](https://github.com/unshiftio/url-parse) | `1.4.7` | `1.5.10` | Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `minimist` from 0.2.1 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `node-sass` from 4.14.1 to 9.0.0 - [Release notes](https://github.com/sass/node-sass/releases) - [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md) - [Commits](sass/node-sass@v4.14.1...v9.0.0) Updates `@babel/traverse` from 7.7.4 to 7.25.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.6/packages/babel-traverse) Updates `@babel/traverse` from 7.9.6 to 7.25.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.6/packages/babel-traverse) Updates `@babel/traverse` from 7.11.5 to 7.25.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.6/packages/babel-traverse) Updates `ajv` from 6.10.2 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.2...v6.12.6) Updates `ajv` from 6.12.2 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.2...v6.12.6) Updates `async` from 2.6.3 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `express` from 4.17.1 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.1...4.20.0) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `elliptic` from 6.5.3 to 6.5.7 - [Commits](indutny/elliptic@v6.5.3...v6.5.7) Updates `express` from 4.17.1 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.1...4.20.0) Updates `follow-redirects` from 1.5.10 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.5.10...v1.15.9) Updates `gatsby` from 2.24.57 to 2.32.13 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/compare/[email protected]@2.32.13) Updates `gatsby` from 2.24.57 to 2.32.13 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/compare/[email protected]@2.32.13) Updates `lodash-es` from 4.17.15 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) Updates `moment` from 2.28.0 to 2.30.1 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.28.0...2.30.1) Updates `node-forge` from 0.9.0 to 0.10.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@0.9.0...0.10.0) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `send` from 0.17.1 to 0.18.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.18.0) Updates `serve-static` from 1.14.1 to 1.16.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...1.16.0) Updates `shelljs` from 0.8.4 to 0.8.5 - [Release notes](https://github.com/shelljs/shelljs/releases) - [Changelog](https://github.com/shelljs/shelljs/blob/master/CHANGELOG.md) - [Commits](shelljs/shelljs@v0.8.4...v0.8.5) Updates `socket.io` from 2.3.0 to 3.1.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/3.1.1/CHANGELOG.md) - [Commits](socketio/socket.io@2.3.0...3.1.1) Updates `socket.io-parser` from 3.3.0 to 4.0.5 - [Release notes](https://github.com/Automattic/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.0.5/CHANGELOG.md) - [Commits](socketio/socket.io-parser@3.3.0...4.0.5) Updates `thenify` from 3.3.0 to 3.3.1 - [Changelog](https://github.com/thenables/thenify/blob/master/History.md) - [Commits](thenables/thenify@3.3.0...3.3.1) Updates `url-parse` from 1.4.7 to 1.5.10 - [Commits](unshiftio/url-parse@1.4.7...1.5.10) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-sass dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: gatsby dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: gatsby dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash-es dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: moment dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shelljs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: thenify dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: url-parse dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
Report too large to display inline |
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is a critical CVE?Contains a Critical Common Vulnerability and Exposure (CVE). Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Bumps the npm_and_yarn group with 1 update in the /definitelyTypedTests directory: minimatch.
Bumps the npm_and_yarn group with 2 updates in the /performance directory: minimatch and braces.
Bumps the npm_and_yarn group with 18 updates in the /ui directory:
1.2.5
1.2.8
0.2.1
1.2.8
4.14.1
9.0.0
7.7.4
7.25.6
7.9.6
7.25.6
7.11.5
7.25.6
6.10.2
6.12.6
6.12.2
6.12.6
2.6.3
2.6.4
1.19.0
1.20.3
4.17.1
4.20.0
4.0.4
4.2.3
0.2.0
0.2.2
6.5.3
6.5.7
1.5.10
1.15.9
2.24.57
2.32.13
4.17.15
4.17.21
2.28.0
2.30.1
6.5.2
6.5.3
0.8.4
0.8.5
3.3.0
3.3.1
1.4.7
1.5.10
Updates
minimatch
from 3.0.4 to 3.1.2Commits
699c459
3.1.22f2b5ff
fix: trim pattern25d7c0d
3.1.155dda29
fix: treat nocase:true as always having magic5e1fb8d
3.1.0f8145c5
Add 'allowWindowsEscape' option570e8b1
add publishConfig for v3 publishes5b7cd33
3.0.620b4b56
[fix] revert all breaking syntax changes2ff0388
document, expose, and test 'partial:true' optionUpdates
minimatch
from 3.0.4 to 3.1.2Commits
699c459
3.1.22f2b5ff
fix: trim pattern25d7c0d
3.1.155dda29
fix: treat nocase:true as always having magic5e1fb8d
3.1.0f8145c5
Add 'allowWindowsEscape' option570e8b1
add publishConfig for v3 publishes5b7cd33
3.0.620b4b56
[fix] revert all breaking syntax changes2ff0388
document, expose, and test 'partial:true' optionUpdates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
minimist
from 1.2.5 to 1.2.8Changelog
Sourced from minimist's changelog.
... (truncated)
Commits
6901ee2
v1.2.8a026794
Merge tag 'v0.2.3'c0b2661
v0.2.363b8fee
[Fix] Fix long option followed by single dash (#17)72239e6
[Tests] Remove duplicate test (#12)34b0f1c
[eslint] fix indentation3226afa
[Dev Deps] add missingnpmignore
dev dep098873c
[Dev Deps] update@ljharb/eslint-config
,aud
9ec4d27
[Fix] Fix long option followed by single dashba92fe6
[actions] Avoid 0.6 tests due to build failuresMaintainer changes
This version was pushed to npm by ljharb, a new releaser for minimist since your current version.
Updates
minimist
from 0.2.1 to 1.2.8Changelog
Sourced from minimist's changelog.
... (truncated)
Commits
6901ee2
v1.2.8a026794
Merge tag 'v0.2.3'c0b2661
v0.2.363b8fee
[Fix] Fix long option followed by single dash (#17)72239e6
[Tests] Remove duplicate test (#12)34b0f1c
[eslint] fix indentation3226afa
[Dev Deps] add missingnpmignore
dev dep098873c
[Dev Deps] update@ljharb/eslint-config
,aud
9ec4d27
[Fix] Fix long option followed by single dashba92fe6
[actions] Avoid 0.6 tests due to build failuresMaintainer changes
This version was pushed to npm by ljharb, a new releaser for minimist since your current version.
Updates
node-sass
from 4.14.1 to 9.0.0Release notes
Sourced from node-sass's releases.
... (truncated)
Commits
87f3899
feat: Node 20 support (#3355)06ae4c7
build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)e069f73
build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0c34837d
build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0ee13eb9
8.0.098e75b3
feat: Node 18 and 19 support and drop Node 17 (#3257)e9bb866
Bump node-gyp and nan for node 19 support (#3314)ab7840b
Fix binaries being partially downloaded (#3313)d595abf
7.0.33b556c1
7.0.2Updates
@babel/traverse
from 7.7.4 to 7.25.6Release notes
Sourced from
@babel/traverse
's releases.... (truncated)
Changelog
Sourced from
@babel/traverse
's changelog.... (truncated)
Commits
2f72b97
v7.25.6faceae9
fix:path.getAssignmentIdentifiers
may beundefined
(#16727)46ee612
Remove someNodePath
methods (#16655)2fdc8b5
fix: Generate sequence expression parentheses correctly (#16764)cbf124c
v7.25.42b289fb
fix: skip computed key when renaming (#16756)575863c
Avoid unnecessary parens around sequence expressions (#16722)5174ad1
Clean all always enabled parser plugins (#16572)52718ab
Discontinue babel-eslint-config-internal (#16718)dba45d3
IgnoredevDependencies
when generatingtsconfig.json
(#16659)Updates
@babel/traverse
from 7.9.6 to 7.25.6Release notes
Sourced from
@babel/traverse
's releases.... (truncated)
Changelog
Sourced from
@babel/traverse
's changelog.... (truncated)
Commits
2f72b97
v7.25.6faceae9
fix:path.getAssignmentIdentifiers
may beundefined
(#16727)46ee612
Remove someNodePath
methods (#16655)2fdc8b5
fix: Generate sequence expression parentheses correctly (#16764)cbf124c
v7.25.42b289fb
fix: skip computed key when renaming (#16756)575863c
Avoid unnecessary parens around sequence expressions (#16722)5174ad1
Clean all always enabled parser plugins (#16572)52718ab
Discontinue babel-eslint-config-internal (#16718)dba45d3
IgnoredevDependencies
when generatingtsconfig.json
(#16659)Updates
@babel/traverse
from 7.11.5 to 7.25.6Release notes
Sourced from
@babel/traverse
's releases.