Bump the npm_and_yarn group across 1 directory with 3 updates #213

dependabot · 2024-12-13T19:04:52Z

Bumps the npm_and_yarn group with 3 updates in the / directory: cookie, express and @wordpress/scripts.

Updates cookie from 0.4.2 to 0.7.1

Release notes

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

Commits

cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.21.0 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
See full diff in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates @wordpress/scripts from 27.9.0 to 30.7.0

Changelog

Sourced from @wordpress/scripts's changelog.

30.7.0 (2024-12-11)

Internal

The bundled sass dependency has been updated from ^1.35.2 to ^1.50.1 (#67572).

The bundled sass-loader dependency has been updated from ^12.1.0 to ^16.0.3 (#67572).

The bundled mini-css-extract-plugin dependency has been updated from ^2.5.1 to ^2.9.2 (#67572).

The bundled webpack dependency has been updated from ^5.95.0 to ^5.97.0 (#67572).

The bundled cross-spawn dependency has been updated from ^5.1.0 to ^7.0.6 (#67708).

The bundled jest-dev-server dependency has been updated from ^9.0.1 to ^10.1.4 (#67708).

The bundled puppeteer-core dependency has been updated from ^23.1.0 to ^23.10.1 (#67708).

Bug Fix

Make React Fast Refresh in the start command work with multiple blocks (64924).

30.6.0 (2024-11-27)

30.5.1 (2024-11-18)

Bug Fix

Revert changes from #61121 that inlined CSS files imported from other CSS files before optimization in the build command.

30.5.0 (2024-11-16)

Bug Fix

Make start script more resilient for developer errors (#66752).

30.4.0 (2024-10-30)

Enhancements

Add BlueOak-1.0.0 the GPLv2-compatible licenses recognized by check-licenses (#66139).

Add an optional --root-folder argument to the plugin-zip command (#61375). By default, the command will use the plugin's name as the root folder of the zip. If the change in the behavior impacted your workflow, you could pass --no-root-folder to remove the root folder.

Internal

Refactor to extract license related logic to a reusable module (#66179).

30.3.0 (2024-10-17)

New Features

Add new build-blocks-manifest command to generate a PHP file containing block metadata from all block.json files in a project (#65866).

30.2.0 (2024-10-16)

30.1.0 (2024-10-03)

... (truncated)

Commits

b432c18 chore(release): publish
f38cb4d Update changelog files
e5570ea Merge changes published in the Gutenberg plugin "release/19.9" branch
cce81c1 chore(release): publish
6db1992 Update changelog files
b24995a chore(release): publish
b25f82f Update changelog files
fdbe988 WP Scripts: Revert changes that inline CSS imports early in the build process...
510540d chore(release): publish
854d8c7 Update changelog files
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 3 updates in the / directory: [cookie](https://github.com/jshttp/cookie), [express](https://github.com/expressjs/express) and [@wordpress/scripts](https://github.com/WordPress/gutenberg/tree/HEAD/packages/scripts). Updates `cookie` from 0.4.2 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.1) Updates `express` from 4.21.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.21.0...4.21.2) Updates `@wordpress/scripts` from 27.9.0 to 30.7.0 - [Release notes](https://github.com/WordPress/gutenberg/releases) - [Changelog](https://github.com/WordPress/gutenberg/blob/trunk/packages/scripts/CHANGELOG.md) - [Commits](https://github.com/WordPress/gutenberg/commits/@wordpress/[email protected]/packages/scripts) --- updated-dependencies: - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@wordpress/scripts" dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from jeffpaul as a code owner December 13, 2024 19:04

dependabot bot added the type:dependency An issue with a separate library that this project relies upon. label Dec 13, 2024

dependabot bot requested a review from dkotter as a code owner December 13, 2024 19:04

jeffpaul added this to the 1.3.6 milestone Dec 13, 2024

jeffpaul requested review from faisal-alvi and removed request for dkotter and jeffpaul December 13, 2024 20:27

faisal-alvi approved these changes Dec 18, 2024

View reviewed changes

jeffpaul merged commit 80a0d05 into develop Dec 23, 2024
11 checks passed

jeffpaul deleted the dependabot/npm_and_yarn/npm_and_yarn-e8799b871c branch December 23, 2024 19:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 3 updates #213

Bump the npm_and_yarn group across 1 directory with 3 updates #213

dependabot bot commented on behalf of github Dec 13, 2024

Bump the npm_and_yarn group across 1 directory with 3 updates #213

Bump the npm_and_yarn group across 1 directory with 3 updates #213

Conversation

dependabot bot commented on behalf of github Dec 13, 2024

0.7.1

0.7.0

0.6.0

0.5.0

4.21.2

What's Changed

4.21.1

What's Changed

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

30.7.0 (2024-12-11)

Internal

Bug Fix

30.6.0 (2024-11-27)

30.5.1 (2024-11-18)

Bug Fix

30.5.0 (2024-11-16)

Bug Fix

30.4.0 (2024-10-30)

Enhancements

Internal

30.3.0 (2024-10-17)

New Features

30.2.0 (2024-10-16)

30.1.0 (2024-10-03)