Skip to content

Bump the npm_and_yarn group across 1 directories with 13 updates #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directories with 13 updates #8

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 13, 2024
edited
Loading

Bumps the npm_and_yarn group with 13 updates in the /. directory:

Package From To
semver 5.7.1 5.7.2
@babel/traverse 7.17.0 7.23.7
json5 1.0.1 1.0.2
loader-utils 1.4.0 1.4.2
decode-uri-component 0.2.0 0.2.2
minimatch 3.0.4 3.1.2
recursive-readdir 2.2.2 2.2.3
serve 13.0.2 14.2.1
follow-redirects 1.15.1 1.15.5
terser 5.10.0 5.26.0
tough-cookie 4.0.0 4.1.3
webpack 5.68.0 5.89.0
word-wrap 1.2.3 1.2.5

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates @babel/traverse from 7.17.0 to 7.23.7

Release notes

Sourced from @​babel/traverse's releases.

v7.23.7 (2023-12-29)

🐛 Bug Fix

🏠 Internal

  • babel-helper-create-class-features-plugin
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

Committers: 4

v7.23.6 (2023-12-11)

Thanks @​martinez-hugo and @​odinho for your first pull requests!

👓 Spec Compliance

  • babel-generator, babel-parser, babel-types
  • babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-types

🐛 Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-proposal-explicit-resource-management
  • babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
    • #16161 Ensure the [[@@toPrimitive]] call of a decorated class member key is invoked once (@​JLHwung)
    • #16148 Support named evaluation for decorated anonymous class exp (@​JLHwung)
  • babel-plugin-transform-for-of, babel-preset-env
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-plugin-transform-typescript

🔬 Output optimization

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.23.7 (2023-12-29)

🐛 Bug Fix

🏠 Internal

  • babel-helper-create-class-features-plugin
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

v7.23.6 (2023-12-11)

👓 Spec Compliance

  • babel-generator, babel-parser, babel-types
  • babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-types

🐛 Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-proposal-explicit-resource-management
  • babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
    • #16161 Ensure the [[@@toPrimitive]] call of a decorated class member key is invoked once (@​JLHwung)
    • #16148 Support named evaluation for decorated anonymous class exp (@​JLHwung)
  • babel-plugin-transform-for-of, babel-preset-env
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-plugin-transform-typescript

🔬 Output optimization

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-helpers, babel-plugin-proposal-decorators

v7.23.5 (2023-11-29)

👓 Spec Compliance

... (truncated)

Commits

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Updates loader-utils from 1.4.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

1.4.1 (2022-11-07)

Bug Fixes

Commits

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates minimatch from 3.0.4 to 3.1.2

Commits

Updates recursive-readdir from 2.2.2 to 2.2.3

Changelog

Sourced from recursive-readdir's changelog.

v2.2.3 - Mon, 19 Sep 2016 21:55:22 GMT

v2.1.0 - Mon, 19 Sep 2016 21:55:22 GMT

v2.0.0 - Wed, 06 Apr 2016 04:31:02 GMT

v1.3.0 - Wed, 14 Oct 2015 14:35:55 GMT

v1.2.1 - Wed, 14 Jan 2015 16:49:55 GMT

Commits
Maintainer changes

This version was pushed to npm by bnb, a new releaser for recursive-readdir since your current version.


Updates serve from 13.0.2 to 14.2.1

Release notes

Sourced from serve's releases.

14.2.1

Patches

  • Set Access-Control-Allow-Headers: * default response header: #775

Credits

Huge thanks to @​hood for helping!

14.2.0

Minor Changes

  • Update CORS headers to support PNA spec: #753
  • Bump @zeit/schemas package: #756

Patches

  • Update the license year: #752

Credits

Huge thanks to @​k-yle and @​IcedMonk for helping!

14.1.2

Patches

  • Fix: add missing CLI option to argv parser: #742

Credits

Huge thanks to @​casperx for helping!

14.1.1

Patches

  • Infra: move c8 (coverage) to devDeps: #743

Credits

Huge thanks to @​AviVahl for helping!

14.1.0

Minor Changes

  • Feat: Add support for PFX or PKCS12 encoded certificates: #708
  • Feat: add request logging: #716

Patches

  • Docs(readme): add note about using node 14+: #715

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for serve since your current version.


Updates follow-redirects from 1.15.1 to 1.15.5

Commits
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • 3d42aec Add bracket tests.
  • bcbb096 Do not directly set Error properties.
  • 192dbe7 Release version 1.15.3 of the npm package.
  • Additional commits viewable in compare view

Updates terser from 5.10.0 to 5.26.0

Changelog

Sourced from terser's changelog.

v5.26.0

  • Do not take the /*#__PURE__*/ annotation into account when the side_effects compress option is off.
  • The preserve_annotations option now automatically opts annotation comments in, instead of requiring the comments option to be configured for this.
  • Refuse to parse empty parenthesized expressions (())

v5.25.0

  • Regex properties added to reserved property mangler (#1471)
  • pure_new option added to drop unused new expressions.

v5.24.0

  • Improve formatting performance in V8 by keeping a small work string and a large output string

v5.23.0

  • When top_retain will keep a variable assignment around, inline the assignee when it's shorter than the name (#1434)
  • Remove empty class static {} blocks.

v5.22.0

  • Do not unsafely shorten expressions like a?.toString() when they're conditional.
  • Avoid running drop_unused in nodes that aren't scopes. Fixes a rare crash.
  • When 'module' is enabled, assume strict mode when figuring out scopes.

v5.21.0

  • Do not inline functions that would be retained in the toplevel (as this would cause code duplication).
  • Fix precedence of arrow function and ternary operator when formatting output.

v5.20.0

  • Passing minify() zero files will now throw a clean exception (#1450)
  • drop_console supports passing in an array of console.* method names (#1445)
  • New DOM properties from the WebGPU API have been added for use in the property mangler (#1436)
  • Internal code simplification (#1437)

v5.19.4

  • Prevent creating very deeply nested ternaries from a long list of if..return
  • Prevent inlining classes into other functions, to avoid constructors being compared.

v5.19.3

  • Fix side effect detection of optional?.chains.
  • Add roundRect to domprops.js (#1426)

v5.19.2

  • fix performance hit from avoiding HTML comments in the output

v5.19.1

  • Better avoid outputting </script> and HTML comments.
  • Fix unused variables in class static blocks not being dropped correctly.
  • Fix sourcemap names of methods that are async or static

v5.19.0

  • Allow /*@__MANGLE_PROP__*/ annotation in object.property, in addition to property declarations.

... (truncated)

Commits

Updates tough-cookie from 4.0.0 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • b1a8898 fix: allow set cookies with localhost (#253)
  • ec70796 4.1.1 Patch -- allow special use domains by default (#250)
  • d4ac580 fix: allow special use domains by default (#249)
  • 79c2f7d 4.1.0 release to NPM (#245)
  • 4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
  • aa4396d fix: distinguish between no samesite and samesite=none (#240)
  • b8d7511 Modernize README (#234)
  • Additional commits viewable in compare view

Updates webpack from 5.68.0 to 5.89.0

Release notes

Sourced from webpack's releases.

v5.89.0

New Features

Dependencies & Maintenance

Full Changelog: webpack/webpack@v5.88.2...v5.89.0

v5.88.2

Bug Fixes

Full Changelog: webpack/webpack@v5.88.1...v5.88.2

v5.88.1

Developer Experience

Full Changelog: webpack/webpack@v5.88.0...v5.88.1

v5.88.0

New Features

Bug Fixes

Developer Experience

Dependencies & Maintenance

... (truncated)

Commits
  • 8766092 5.89.0
  • 21c80e4 Merge pull request #17718 from bworline/require-preserve-chains
  • b14922c Refactor shared code
  • dc66572 update types
  • d36804e update types
  • d4e8485 initial
  • 1f13ff9 Merge pull request #17666 from webpack/dependabot/npm_and_yarn/types/node-20.6.0
  • f00e6e2 chore(deps-dev): bump @​types/node from 20.4.9 to 20.6.0
  • 853bfda Merge pull request #17427 from webpack/dependabot/npm_and_yarn/simple-git-3.19.1
  • 64707c9 Merge pull request #17483 from webpack/dependabot/npm_and_yarn/semver-5.7.2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by thelarkinn, a new releaser for webpack since your current version.


Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

@dependabot
Bump the npm_and_yarn group across 1 directories with 13 updates
c70395d 
Bumps the npm_and_yarn group with 13 updates in the /. directory:

| Package | From | To |
| --- | --- | --- |
| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.17.0` | `7.23.7` |
| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |
| [loader-utils](https://github.com/webpack/loader-utils) | `1.4.0` | `1.4.2` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |
| [recursive-readdir](https://github.com/jergason/recursive-readdir) | `2.2.2` | `2.2.3` |
| [serve](https://github.com/vercel/serve) | `13.0.2` | `14.2.1` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.1` | `1.15.5` |
| [terser](https://github.com/terser/terser) | `5.10.0` | `5.26.0` |
| [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.3` |
| [webpack](https://github.com/webpack/webpack) | `5.68.0` | `5.89.0` |
| [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` |


Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `@babel/traverse` from 7.17.0 to 7.23.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.7/packages/babel-traverse)

Updates `json5` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

Updates `loader-utils` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.4.0...v1.4.2)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `recursive-readdir` from 2.2.2 to 2.2.3
- [Changelog](https://github.com/jergason/recursive-readdir/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jergason/recursive-readdir/commits/v2.2.3)

Updates `serve` from 13.0.2 to 14.2.1
- [Release notes](https://github.com/vercel/serve/releases)
- [Commits](vercel/serve@13.0.2...14.2.1)

Updates `follow-redirects` from 1.15.1 to 1.15.5
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.1...v1.15.5)

Updates `terser` from 5.10.0 to 5.26.0
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](terser/terser@v5.10.0...v5.26.0)

Updates `tough-cookie` from 4.0.0 to 4.1.3
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.0.0...v4.1.3)

Updates `webpack` from 5.68.0 to 5.89.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.68.0...v5.89.0)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: loader-utils
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: recursive-readdir
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: serve
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: terser
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: word-wrap
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 13, 2024
@dependabot dependabot bot mentioned this pull request Jan 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant