-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the npm_and_yarn group across 1 directory with 31 updates #46
Open
dependabot
wants to merge
1
commit into
develop
Choose a base branch
from
dependabot/npm_and_yarn/npm_and_yarn-e0b7dc9a5a
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Bump the npm_and_yarn group across 1 directory with 31 updates #46
dependabot
wants to merge
1
commit into
develop
from
dependabot/npm_and_yarn/npm_and_yarn-e0b7dc9a5a
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the npm_and_yarn group with 21 updates in the / directory: | Package | From | To | | --- | --- | --- | | [jszip](https://github.com/Stuk/jszip) | `3.1.3` | `3.8.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.4` | `4.17.21` | | [moment](https://github.com/moment/moment) | `2.17.1` | `2.29.4` | | [express](https://github.com/expressjs/express) | `4.14.1` | `4.19.2` | | [karma](https://github.com/karma-runner/karma) | `1.4.1` | `6.3.16` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.0` | `1.2.6` | | [node-sass](https://github.com/sass/node-sass) | `4.5.0` | `7.0.0` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `1.10.0` | `5.3.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.6` | `1.1.11` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.0` | `4.2.3` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.12` | `0.10.64` | | [extend](https://github.com/justmoon/node-extend) | `3.0.0` | `3.0.2` | | [fsevents](https://github.com/fsevents/fsevents) | `1.0.15` | `1.2.13` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.0.6` | `4.7.8` | | [hosted-git-info](https://github.com/npm/hosted-git-info) | `2.1.5` | `2.8.9` | | [is-my-json-valid](https://github.com/mafintosh/is-my-json-valid) | `2.15.0` | `2.20.6` | | [lodash-es](https://github.com/lodash/lodash) | `4.17.2` | `4.17.21` | | [macaddress](https://github.com/scravy/node-macaddress) | `0.2.8` | `0.2.9` | | [sshpk](https://github.com/joyent/node-sshpk) | `1.10.1` | `1.18.0` | | [thenify](https://github.com/thenables/thenify) | `3.2.1` | `3.3.1` | | [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` | Updates `jszip` from 3.1.3 to 3.8.0 - [Changelog](https://github.com/Stuk/jszip/blob/main/CHANGES.md) - [Commits](Stuk/jszip@v3.1.3...v3.8.0) Updates `lodash` from 4.17.4 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.4...4.17.21) Updates `moment` from 2.17.1 to 2.29.4 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.17.1...2.29.4) Updates `express` from 4.14.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.14.1...4.19.2) Updates `karma` from 1.4.1 to 6.3.16 - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](karma-runner/karma@v1.4.1...v6.3.16) Updates `minimist` from 1.2.0 to 1.2.6 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.0...v1.2.6) Updates `node-sass` from 4.5.0 to 7.0.0 - [Release notes](https://github.com/sass/node-sass/releases) - [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md) - [Commits](sass/node-sass@v4.5.0...v7.0.0) Updates `webpack-dev-middleware` from 1.10.0 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v1.10.0...v5.3.4) Updates `brace-expansion` from 1.1.6 to 1.1.11 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.6...1.1.11) Updates `braces` from 0.1.5 to 1.8.5 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/1.8.5) Updates `browserify-sign` from 4.0.0 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.0...v4.2.3) Updates `es5-ext` from 0.10.12 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.12...v0.10.64) Updates `extend` from 3.0.0 to 3.0.2 - [Changelog](https://github.com/justmoon/node-extend/blob/main/CHANGELOG.md) - [Commits](justmoon/node-extend@v3.0.0...v3.0.2) Updates `forwarded` from 0.1.0 to 0.2.0 - [Release notes](https://github.com/jshttp/forwarded/releases) - [Changelog](https://github.com/jshttp/forwarded/blob/master/HISTORY.md) - [Commits](jshttp/forwarded@v0.1.0...v0.2.0) Updates `fresh` from 0.3.0 to 0.5.2 - [Changelog](https://github.com/jshttp/fresh/blob/master/HISTORY.md) - [Commits](jshttp/fresh@v0.3.0...v0.5.2) Updates `fsevents` from 1.0.15 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.0.15...v1.2.13) Updates `handlebars` from 4.0.6 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.0.6...v4.7.8) Updates `hosted-git-info` from 2.1.5 to 2.8.9 - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](npm/hosted-git-info@v2.1.5...v2.8.9) Updates `is-my-json-valid` from 2.15.0 to 2.20.6 - [Commits](mafintosh/is-my-json-valid@v2.15.0...v2.20.6) Updates `jsonpointer` from 4.0.0 to 5.0.1 - [Release notes](https://github.com/janl/node-jsonpointer/releases) - [Commits](janl/node-jsonpointer@4.0.0...v5.0.1) Updates `lodash-es` from 4.17.2 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.2...4.17.21) Updates `log4js` from 0.6.38 to 6.9.1 - [Changelog](https://github.com/log4js-node/log4js-node/blob/master/CHANGELOG.md) - [Commits](log4js-node/log4js-node@v0.6.38...v6.9.1) Updates `macaddress` from 0.2.8 to 0.2.9 - [Release notes](https://github.com/scravy/node-macaddress/releases) - [Commits](scravy/node-macaddress@0.2.8...0.2.9) Updates `qs` from 6.2.0 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.2.0...v6.5.3) Updates `request` from 2.79.0 to 2.88.2 - [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md) - [Commits](https://github.com/request/request/commits) Updates `semver` from 4.3.6 to 5.0.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v4.3.6...v5.0.3) Updates `sshpk` from 1.10.1 to 1.18.0 - [Release notes](https://github.com/joyent/node-sshpk/releases) - [Commits](https://github.com/joyent/node-sshpk/commits) Updates `tar` from 2.2.1 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v2.2.1...v6.2.1) Updates `thenify` from 3.2.1 to 3.3.1 - [Changelog](https://github.com/thenables/thenify/blob/master/History.md) - [Commits](thenables/thenify@3.2.1...3.3.1) Updates `ua-parser-js` from 0.7.12 to 0.7.37 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md) - [Commits](faisalman/ua-parser-js@0.7.12...0.7.37) Updates `y18n` from 3.2.1 to 3.2.2 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) --- updated-dependencies: - dependency-name: jszip dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: moment dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: karma dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: node-sass dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: extend dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: forwarded dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fresh dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hosted-git-info dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: is-my-json-valid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonpointer dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash-es dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: log4js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: macaddress dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: request dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sshpk dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: thenify dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ua-parser-js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
This was referenced Apr 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 21 updates in the / directory:
3.1.3
3.8.0
4.17.4
4.17.21
2.17.1
2.29.4
4.14.1
4.19.2
1.4.1
6.3.16
1.2.0
1.2.6
4.5.0
7.0.0
1.10.0
5.3.4
1.1.6
1.1.11
4.0.0
4.2.3
0.10.12
0.10.64
3.0.0
3.0.2
1.0.15
1.2.13
4.0.6
4.7.8
2.1.5
2.8.9
2.15.0
2.20.6
4.17.2
4.17.21
0.2.8
0.2.9
1.10.1
1.18.0
3.2.1
3.3.1
3.2.1
3.2.2
Updates
jszip
from 3.1.3 to 3.8.0Changelog
Sourced from jszip's changelog.
... (truncated)
Commits
3b98cfc
3.8.02edab36
Sanitize filenames withloadAsync
to prevent zip slip attacks1f631b0
Update contributing459ff79
Add tests for utils that remove leading slashd4702a7
Merge pull request #541 from PatricSteffen/patch-12ebb7e8
Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions85c4989
Merge pull request #796 from Stuk/ghci40cc7f4
Add dependency caching5ee321e
Install deps needed for Playwright on Github Actionseeb841e
Remove code and dependencies used for SaucelabsUpdates
lodash
from 4.17.4 to 4.17.21Commits
f299b52
Bump to v4.17.21c4847eb
Improve performance oftoNumber
,trim
andtrimEnd
on large input strings3469357
Prevent command injection through_.template
'svariable
optionded9bc6
Bump to v4.17.20.63150ef
Documentation fixes.00f0f62
test.js: Remove trailing comma.846e434
Temporarily use a custom fork oflodash-cli
.5d046f3
Re-enable Travis tests on4.17
branch.aa816b3
Remove/npm-package
.d7fbc52
Bump to v4.17.19Maintainer changes
This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.
Updates
moment
from 2.17.1 to 2.29.4Changelog
Sourced from moment's changelog.
... (truncated)
Commits
000ac18
Build 2.24.4f2006b6
Bump version to 2.24.4536ad0c
Update changelog for 2.29.49a3b589
[bugfix] Fix redos in preprocessRFC2822 regex (#6015)6374fd8
Merge branch 'master' into developb4e6153
Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"7aebb16
[bugfix] Fix redos in preprocessRFC2822 regex (#6015)57c9062
Build 2.29.3aaf50b6
Fixup release complaints26f4aef
Bump version to 2.29.3Updates
express
from 4.14.1 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: [email protected]Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
karma
from 1.4.1 to 6.3.16Release notes
Sourced from karma's releases.
... (truncated)
Changelog
Sourced from karma's changelog.
... (truncated)
Commits
ab4b328
chore(release): 6.3.16 [skip ci]ff7edbb
fix(security): mitigate the "Open Redirect Vulnerability"c1befa0
chore(release): 6.3.15 [skip ci]d9dade2
fix(helper): make mkdirIfNotExists helper resilient to concurrent calls653c762
ci: prevent duplicate CI tasks on creating a PRc97e562
chore(release): 6.3.14 [skip ci]91d5acd
fix: remove string template from client code69cfc76
fix: warn whensingleRun
andautoWatch
arefalse
839578c
fix(security): remove XSS vulnerability inreturnUrl
query paramdb53785
chore(release): 6.3.13 [skip ci]Updates
minimist
from 1.2.0 to 1.2.6Changelog
Sourced from minimist's changelog.
Commits
7efb22a
1.2.6ef88b93
security notice for additional prototype pollution issuec2b9819
isConstructorOrProto adapted from PRbc8ecee
test from prototype pollution PRaeb3e27
1.2.5278677b
1.2.44cf1354
security notice1043d21
additional test for constructor prototype pollution6457d74
1.2.338a4d1c
even more aggressive checks for protocol pollutionUpdates
node-sass
from 4.5.0 to 7.0.0Release notes
Sourced from node-sass's releases.
... (truncated)
Changelog
Sourced from node-sass's changelog.
... (truncated)
Commits
918dcb3
Lint fix0a21792
Set rejectUnauthorized to true by default (#3149)e80d4af
chore: Drop EOL Node 15 (#3122)d753397
feat: Add Node 17 support (#3195)dcf2e75
build(deps-dev): bump eslint from 7.32.0 to 8.0.0bfa1a3c
build(deps): bump actions/setup-node from 2.4.0 to 2.4.180d6c00
chore: Windows x86 on GitHub Actions (#3041)566dc27
build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)7bb5157
build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)2efb38f
build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)Updates
webpack-dev-middleware
from 1.10.0 to 5.3.4Release notes
Sourced from webpack-dev-middleware's releases.
... (truncated)
Changelog
Sourced from webpack-dev-middleware's changelog.
... (truncated)
Commits
86071ea
chore(release): 5.3.4189c4ac
fix(security): do not allow to read files above (#1779)f3c62b8
chore(release): 5.3.3eeb8aa8
fix: types forRequest
andResponse
(#1271)1a45388
chore(release): 5.3.2b8fb945
chore(deps): memfs force update (#1269)f88067d
chore: update deps and ci (#1260)7186318
chore(deps-dev): bump@commitlint/cli
57c50ef
ci: updatecheckout
,setup-node
, andcodecov
actions (#1267)840146a
chore(deps-dev): bump@babel/preset-env
Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-middleware since your current version.
Updates
brace-expansion
from 1.1.6 to 1.1.11Release notes
Sourced from brace-expansion's releases.
... (truncated)
Commits
e52ad1c
Merge pull request #42 from juliangruber/greenkeeper/update-to-node-10fb4c692
Update to node 10 in .travis.yml01a21de
1.1.11d7c93ee
sponsors54a6176
1.1.10327c729
Merge pull request #40 from Parcley/add-license-1b6ba2e0
create LICENSE file0f82dab
1.1.9acd1754
support40ff02d
Merge pull request #39 from EdwardBetts/spellingUpdates
braces
from 0.1.5 to 1.8.5Changelog
Sourced from braces's changelog.
... (truncated)
Commits
Updates
browserify-sign
from 4.0.0 to 4.2.3Changelog
Sourced from browserify-sign's changelog.