Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group with 23 updates #51

Closed
wants to merge 1 commit into from
Closed

Bump the npm_and_yarn group with 23 updates #51

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 13, 2024

Bumps the npm_and_yarn group with 23 updates:

Package From To
immer 8.0.1 9.0.6
semver 7.3.2 7.6.2
react-scripts 4.0.3 5.0.1
ansi-html 0.0.7 0.0.9
ansi-regex 2.1.1 5.0.0
async 2.6.3 3.2.5
json5 1.0.1 1.0.2
loader-utils 1.2.3 2.0.4
braces 2.3.2 3.0.3
browserslist 4.14.2 4.23.1
decode-uri-component 0.2.0 0.2.2
ejs 2.7.4 3.1.10
glob-parent 3.1.0 5.1.2
minimatch 3.0.4 3.1.2
minimist 1.2.5 1.2.8
nanoid 3.1.23 3.3.7
node-forge 0.10.0 1.3.1
path-parse 1.0.6 1.0.7
postcss 7.0.21 7.0.39
shell-quote 1.7.2 1.8.1
terser 4.8.0 5.31.1
tmpl 1.0.4 1.0.5
webpack-dev-middleware 3.7.3 5.3.4

Updates immer from 8.0.1 to 9.0.6

Release notes

Sourced from immer's releases.

v9.0.6

9.0.6 (2021-08-31)

Bug Fixes

  • security: Follow up on CVE-2020-28477 where path: [["__proto__"], "x"] could still pollute the prototype (fa671e5)

v9.0.5

9.0.5 (2021-07-05)

Bug Fixes

  • release missing dist/ folder (bfb8dec)

v9.0.4

9.0.4 (2021-07-05)

Bug Fixes

  • #791 return 'nothing' should produce undefined patch (5412c9f)
  • #807 new undefined properties should end up in result object (dc3f66c)
  • Better applyPatches type (#810) (09ac097), closes #809

v9.0.3

9.0.3 (2021-06-09)

Bug Fixes

  • isPlainObject: add quick comparison between input and Object to short-circuit taxing Function.toString invocations (#805) (07575f3)

v9.0.2

9.0.2 (2021-04-25)

Bug Fixes

  • #785 fix type inference for produce incorrectly inferring promise (#786) (6555173)

v9.0.1

9.0.1 (2021-03-20)

Bug Fixes

  • #768 immerable field being lost during patch value cloning (#771) (e0b7c01)

... (truncated)

Commits

Updates semver from 7.3.2 to 7.6.2

Release notes

Sourced from semver's releases.

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Commits
  • eb1380b chore: release 7.6.2 (#714)
  • 6466ba9 fix(lru): use map.delete() directly (#713)
  • d777418 chore: release 7.6.1 (#706)
  • 988a8de deps: uninstall lru-cache (#709)
  • 5feeb7f chore: postinstall for dependabot template-oss PR
  • dd09b60 chore: bump @​npmcli/template-oss to 4.22.0
  • c570a34 fix(linting): no-unused-vars
  • ad8ff11 fix: use internal cache implementation
  • 3fabe4d deps: remove lru-cache
  • ec49cdc chore: chore: chore: postinstall for dependabot template-oss PR
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.


Updates react-scripts from 4.0.3 to 5.0.1

Commits

Updates ansi-html from 0.0.7 to 0.0.9

Commits

Updates ansi-regex from 2.1.1 to 5.0.0

Release notes

Sourced from ansi-regex's releases.

v5.0.0

Breaking

  • Require Node.js 8 166a0d5

Enhancements

  • Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

  • Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

Updates async from 2.6.3 to 3.2.5

Changelog

Sourced from async's changelog.

v3.2.5

  • Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

  • Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
  • Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

  • Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

  • Fix potential prototype pollution exploit

v3.2.1

v3.2.0

  • Fix a bug in Safari related to overwriting func.name
  • Remove built-in browserify configuration (#1653)
  • Varios doc fixes (#1688, #1703, #1704)

v3.1.1

  • Allow redefining name property on wrapped functions.

v3.1.0

  • Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)
  • Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)
  • Fixed a parsing bug in autoInject with complicated function bodies (#1663)
  • Added ES6+ configuration for Browserify bundlers (#1653)
  • Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

  • Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)
  • Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.

</tr></table>

... (truncated)

Commits

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Updates loader-utils from 1.2.3 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

  • security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

  • base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

  • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
  • the getOptions method returns empty object on empty query (#167) (b595cfb)
  • Use md4 by default

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

... (truncated)

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

2.0.3 (2022-10-20)

Bug Fixes

  • security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

  • base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

  • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
  • the getOptions method returns empty object on empty query (#167) (b595cfb)
  • Use md4 by default

1.4.0 (2020-02-19)

Features

  • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

... (truncated)

Commits

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed

Non-breaking changes

  • Caching was removed
Commits

Updates browserslist from 4.14.2 to 4.23.1

Release notes

Sourced from browserslist's releases.

4.23.1

  • Fixed feature query with mobile to desktop when caniuse lags (by @​steverep).

4.23.0

Changelog

Sourced from browserslist's changelog.

4.23.1

  • Fixed feature query with mobile to desktop when caniuse lags (by @​steverep).

4.23.0

4.22.3

  • Fixed white spaces support in supports query (@​g-plane).
  • Fixed shared config like @company/package/browserslist-config (@​boucodes).

4.22.2

  • Fixed idempotency in time queries with mobileToDesktop (by Aliaksei Sapach).

4.22.1

4.22

  • Added fully supports query (by Ben Scott).
  • Added partially supports alias for supports query (by Ben Scott).

4.21.11

  • Added warning to --update-db to move to new CLI (by Ivan Vasilev).
  • Fixed docs (by Tatsunori Uchino).

4.21.10

  • Updated Firefox ESR.

4.21.9

  • Fixed Opera Mobile edge cases (by Steve Repsher).

4.21.8

  • Fixed supports query and mobileToDesktop (by Steve Repsher).

4.21.7

  • Fixed last queries for Android (by Steve Repsher).

4.21.6

  • Fixed time queries with mobileToDesktop (by Steve Repsher).
  • Fixed docs (by Tatsunori Uchino, Will Stone, and Dominik Pschenitschni).

4.21.5

  • Fixed running Browserslist in browser environment.

4.21.4

  • Updated Firefox ESR.

4.21.3

  • Improved unknown region and unknown feature error (by Alexander Chabin).

4.21.2

... (truncated)

Commits

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

Updates glob-parent from 3.1.0 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

v5.1.1

Bug Fixes

v5.1.0

Features

  • add flipBackslashes option to disable auto conversion of slashes (closes #24) (

@dependabot
Bump the npm_and_yarn group with 23 updates
0088005 
Bumps the npm_and_yarn group with 23 updates:

| Package | From | To |
| --- | --- | --- |
| [immer](https://github.com/immerjs/immer) | `8.0.1` | `9.0.6` |
| [semver](https://github.com/npm/node-semver) | `7.3.2` | `7.6.2` |
| [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts) | `4.0.3` | `5.0.1` |
| [ansi-html](https://github.com/Tjatse/ansi-html) | `0.0.7` | `0.0.9` |
| [ansi-regex](https://github.com/chalk/ansi-regex) | `2.1.1` | `5.0.0` |
| [async](https://github.com/caolan/async) | `2.6.3` | `3.2.5` |
| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |
| [loader-utils](https://github.com/webpack/loader-utils) | `1.2.3` | `2.0.4` |
| [braces](https://github.com/micromatch/braces) | `2.3.2` | `3.0.3` |
| [browserslist](https://github.com/browserslist/browserslist) | `4.14.2` | `4.23.1` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [ejs](https://github.com/mde/ejs) | `2.7.4` | `3.1.10` |
| [glob-parent](https://github.com/gulpjs/glob-parent) | `3.1.0` | `5.1.2` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |
| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |
| [nanoid](https://github.com/ai/nanoid) | `3.1.23` | `3.3.7` |
| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |
| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |
| [postcss](https://github.com/postcss/postcss) | `7.0.21` | `7.0.39` |
| [shell-quote](https://github.com/ljharb/shell-quote) | `1.7.2` | `1.8.1` |
| [terser](https://github.com/terser/terser) | `4.8.0` | `5.31.1` |
| [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` |
| [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `3.7.3` | `5.3.4` |


Updates `immer` from 8.0.1 to 9.0.6
- [Release notes](https://github.com/immerjs/immer/releases)
- [Commits](immerjs/immer@v8.0.1...v9.0.6)

Updates `semver` from 7.3.2 to 7.6.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.3.2...v7.6.2)

Updates `react-scripts` from 4.0.3 to 5.0.1
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-4.x.md)
- [Commits](https://github.com/facebook/create-react-app/commits/[email protected]/packages/react-scripts)

Updates `ansi-html` from 0.0.7 to 0.0.9
- [Commits](https://github.com/Tjatse/ansi-html/commits)

Updates `ansi-regex` from 2.1.1 to 5.0.0
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@2.1.1...v5.0.0)

Updates `async` from 2.6.3 to 3.2.5
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](caolan/async@v2.6.3...v3.2.5)

Updates `json5` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

Updates `loader-utils` from 1.2.3 to 2.0.4
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.2.3...v2.0.4)

Updates `braces` from 2.3.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/commits/3.0.3)

Updates `browserslist` from 4.14.2 to 4.23.1
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)
- [Commits](browserslist/browserslist@4.14.2...4.23.1)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `ejs` from 2.7.4 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v2.7.4...v3.1.10)

Updates `glob-parent` from 3.1.0 to 5.1.2
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](gulpjs/glob-parent@v3.1.0...v5.1.2)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `minimist` from 1.2.5 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

Updates `nanoid` from 3.1.23 to 3.3.7
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.1.23...3.3.7)

Updates `node-forge` from 0.10.0 to 1.3.1
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@0.10.0...v1.3.1)

Updates `path-parse` from 1.0.6 to 1.0.7
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

Updates `postcss` from 7.0.21 to 7.0.39
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/7.0.39/CHANGELOG.md)
- [Commits](postcss/postcss@7.0.21...7.0.39)

Updates `shell-quote` from 1.7.2 to 1.8.1
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.7.2...v1.8.1)

Updates `terser` from 4.8.0 to 5.31.1
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](terser/terser@v4.8.0...v5.31.1)

Updates `tmpl` from 1.0.4 to 1.0.5
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5)

Updates `webpack-dev-middleware` from 3.7.3 to 5.3.4
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v3.7.3...v5.3.4)

---
updated-dependencies:
- dependency-name: immer
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: react-scripts
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ansi-html
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ansi-regex
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: async
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: loader-utils
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: browserslist
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: glob-parent
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimist
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-parse
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: terser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmpl
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 13, 2024
This was referenced Jun 13, 2024
Closed
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 18, 2024

Superseded by #53.

@dependabot dependabot bot closed this Jun 18, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-5a467da70e branch June 18, 2024 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants