Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directories with 3 updates #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directories with 3 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 22, 2024

Bumps the npm_and_yarn group with 3 updates in the /. directory: axios, react-dev-utils and electron.

Updates axios from 0.19.2 to 1.6.7

Release notes

Sourced from axios's releases.

Release v1.6.7

Release notes:

Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Release v1.6.6

Release notes:

Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Release v1.6.5

Release notes:

Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

Release v1.6.4

Release notes:

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

Release v1.6.3

Release notes:

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.7 (2024-01-25)

Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

1.6.6 (2024-01-24)

Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

1.6.5 (2024-01-05)

Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

1.6.4 (2024-01-03)

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.


Updates react-dev-utils from 10.2.1 to 12.0.1

Changelog

Sourced from react-dev-utils's changelog.

2.0.3 and Newer Versions

Please refer to CHANGELOG-2.x.md for the 2.x range, and https://github.com/facebook/create-react-app/blob/main/CHANGELOG.md for the newer versions.

1.1.5 (August 24, 2018)

  • react-scripts

    • Update the webpack-dev-server dependency

  • react-dev-utils

    • #4866 Fix a Windows-only vulnerability (CVE-2018-6342) in the development server (@​acdlite)
    • Update the sockjs-client dependency

Committers: 1

Migrating from 1.1.4 to 1.1.5

Inside any created project that has not been ejected, run:

npm install --save --save-exact [email protected]

or

yarn add --exact [email protected]

1.1.4 (April 3, 2018)

🐛 Bug Fix

Committers: 1

Migrating from 1.1.3 to 1.1.4

Inside any created project that has not been ejected, run:

</tr></table>

... (truncated)

Commits

Updates electron from 8.5.5 to 29.0.1

Release notes

Sourced from electron's releases.

electron v29.0.1

Release Notes for v29.0.1

Fixes

  • Fixed an issue where the -webkit-app-region: drag property was not respected on some windows. #41388

Other Changes

  • Updated Chromium to 122.0.6261.57. #41390

electron v29.0.0

Release Notes for v29.0.0

Stack Upgrades

Breaking Changes

  • Functions called over the contextBridge are now called with the expected receiver (this). #39978 (Also in 27, 28)
  • The gpu-process-crashed event on app has been deprecated. #40169 (Also in 28)
  • The deprecated gpu-process-crashed event on app has been removed. #40255
  • The deprecated renderer-process-crashed event on app and crashed event on WebContents and <webview> have been removed. #40115

Features

Additions

  • Added WebContentsView and BaseWindow, replacing the now-deprecated BrowserView APIs. #40759
  • Added keyboardLock to ses.setPermissionRequestHandler(handler). #40369 (Also in 26, 27, 28)
  • Added an option in protocol.registerSchemesAsPrivileged to allow V8 code cache in custom schemes. #40544 (Also in 27, 28)
  • Added net module to utility process. #40890 (Also in 27, 28)
  • Added new Electron Fuse that opts the file:// protocol into more secure and restrictive behaviour that matches Chromium. #40372
  • Added new webUtils.getPathForFile method to replace File.path augmentation. #38776
  • Added support for configuring use_remote_checksums via .npmrc. #40253
  • Migrated app.{set|get}LoginItemSettings(settings) to use Apple's new recommended underlying framework on macOS. #37244
  • This PR adds several properties to the display object including detected, maximumCursorSize, and nativeOrigin. #40497 (Also in 28)

Removed/Deprecated

  • Removed extraneous dlls from Windows zip files. #41129 (Also in 28)

Fixes

  • Added support for ThumbnailCapturerMac and ScreenCaptureKitStreamPickerSonoma chromium feature flags to bypass deprecated API warning on macOS 14.4. #41329
  • Fixed Electron 29.0.0-beta.3 regression that could pop up context menus in the wrong location. #41296
  • Fixed an issue where import.meta.url did not work in the renderer process with contextIsolation enabled. #41265
  • Fixed an issue where original-fs methods were not properly corrected for patched imports. #41238
  • Fixed an issue where draggable regions didn't work across platforms. #41112
  • Fixed an issue where some dependencies using CommonJS would cause ESM apps to fail to open. #41371
  • Fixed crash in MessagePort::close. #41237

... (truncated)

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

  • API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
  • Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
  • Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
  • Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
  • Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (30.0)

Behavior Changed: cross-origin iframes now use Permission Policy to access features

Cross-origin iframes must now specify features available to a given iframe via the allow attribute in order to access them.

See documentation for more information.

Removed: The --disable-color-correct-rendering switch

This switch was never formally documented but it's removal is being noted here regardless. Chromium itself now has better support for color spaces so this flag should not be needed.

Behavior Changed: BrowserView.setAutoResize behavior on macOS

In Electron 30, BrowserView is now a wrapper around the new WebContentsView API.

Previously, the setAutoResize function of the BrowserView API was backed by autoresizing on macOS, and by a custom algorithm on Windows and Linux. For simple use cases such as making a BrowserView fill the entire window, the behavior of these two approaches was identical. However, in more advanced cases, BrowserViews would be autoresized differently on macOS than they would be on other platforms, as the custom resizing algorithm for Windows and Linux did not perfectly match the behavior of macOS's autoresizing API. The autoresizing behavior is now standardized across all platforms.

If your app uses BrowserView.setAutoResize to do anything more complex than making a BrowserView fill the entire window, it's likely you already had custom logic in place to handle this difference in behavior on macOS. If so, that logic will no longer be needed in Electron 30 as autoresizing behavior is consistent.

Planned Breaking API Changes (29.0)

Behavior Changed: ipcRenderer can no longer be sent over the contextBridge

Attempting to send the entire ipcRenderer module as an object over the contextBridge will now result in an empty object on the receiving side of the bridge. This change was made to remove / mitigate a security footgun. You should not directly expose ipcRenderer or its methods over the bridge. Instead, provide a safe wrapper like below:

</tr></table>

... (truncated)

Commits
  • c779f19 chore: bump chromium to 122.0.6261.57 (29-x-y) (#41390)
  • 09fbee9 fix: check for draggable regions outside of main frame (#41388)
  • 69d371f fix: revert to legacyMainResolve in JavaScript for asar compatibility (#41371)
  • b6db80c fix: properly stream uploadData in protocol.handle() (#41359)
  • b87cf56 ci: fix helperPath calls in ci configs (#41365)
  • bc40a1a chore: bump chromium to 122.0.6261.39 (29-x-y) (#41349)
  • d8606ef fix: Ignore -webkit-app-region: drag; when window is in full screen mode. (...
  • 523e0d4 refactor: inline simple getters, pt . 2 (#41254) (#41341)
  • 3b23911 chore: bump chromium to 122.0.6261.29 (29-x-y) (#41279)
  • 516cbfa fix: skip the first two invalid updates when SCK is enabled (#41344)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directories with 3 updates
000501d 
Bumps the npm_and_yarn group with 3 updates in the /. directory: [axios](https://github.com/axios/axios), [react-dev-utils](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-dev-utils) and [electron](https://github.com/electron/electron).


Updates `axios` from 0.19.2 to 1.6.7
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.19.2...v1.6.7)

Updates `react-dev-utils` from 10.2.1 to 12.0.1
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-1.x.md)
- [Commits](https://github.com/facebook/create-react-app/commits/[email protected]/packages/react-dev-utils)

Updates `electron` from 8.5.5 to 29.0.1
- [Release notes](https://github.com/electron/electron/releases)
- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)
- [Commits](electron/electron@v8.5.5...v29.0.1)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: react-dev-utils
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: electron
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants