-
Notifications
You must be signed in to change notification settings - Fork 647
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates #1019
Closed
dependabot
wants to merge
1
commit into
main
from
dependabot/npm_and_yarn/npm_and_yarn-security-group-736a493c39
Closed
chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates #1019
dependabot
wants to merge
1
commit into
main
from
dependabot/npm_and_yarn/npm_and_yarn-security-group-736a493c39
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…pdates Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [debug](https://github.com/debug-js/debug) | `4.3.1` | `4.3.2` | | [express](https://github.com/expressjs/express) | `4.16.4` | `4.19.2` | | [plotly.js](https://github.com/plotly/plotly.js) | `1.48.3` | `2.25.2` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.50` | `0.10.64` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [moment](https://github.com/moment/moment) | `2.26.0` | `2.30.1` | | [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.0` | `2.7.0` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.6` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `6.1.1` | `6.1.2` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` | Updates `debug` from 4.3.1 to 4.3.2 - [Release notes](https://github.com/debug-js/debug/releases) - [Commits](debug-js/debug@4.3.1...4.3.2) Updates `express` from 4.16.4 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.16.4...4.19.2) Updates `plotly.js` from 1.48.3 to 2.25.2 - [Release notes](https://github.com/plotly/plotly.js/releases) - [Changelog](https://github.com/plotly/plotly.js/blob/master/CHANGELOG.md) - [Commits](plotly/plotly.js@v1.48.3...v2.25.2) Updates `es5-ext` from 0.10.50 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.50...v0.10.64) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `moment` from 2.26.0 to 2.30.1 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.26.0...2.30.1) Updates `node-fetch` from 2.6.0 to 2.7.0 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.0...v2.7.0) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `static-eval` from 0.2.4 to 2.1.1 - [Release notes](https://github.com/browserify/static-eval/releases) - [Changelog](https://github.com/browserify/static-eval/blob/master/CHANGELOG.md) - [Commits](browserify/static-eval@0.2.4...v2.1.1) Updates `underscore` from 1.9.1 to 1.13.6 - [Commits](jashkenas/underscore@1.9.1...1.13.6) Updates `webpack-dev-middleware` from 6.1.1 to 6.1.2 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v6.1.2/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v6.1.1...v6.1.2) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `y18n` from 4.0.0 to 4.0.3 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3) --- updated-dependencies: - dependency-name: debug dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: plotly.js dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: moment dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: node-fetch dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: static-eval dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: underscore dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: y18n dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
Pull requests that update a dependency file
label
Mar 26, 2024
Superseded by #1025. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/npm_and_yarn-security-group-736a493c39
branch
April 10, 2024 11:38
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 12 updates in the / directory:
4.3.1
4.3.2
4.16.4
4.19.2
1.48.3
2.25.2
0.10.50
0.10.64
1.1.5
1.1.9
2.26.0
2.30.1
2.6.0
2.7.0
6.5.2
6.5.3
1.9.1
1.13.6
6.1.1
6.1.2
1.2.3
1.2.5
4.0.0
4.0.3
Updates
debug
from 4.3.1 to 4.3.2Release notes
Sourced from debug's releases.
Commits
e47f96d
4.3.21e9d38c
cache enabled status per-logger (#799)Updates
express
from 4.16.4 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: [email protected]Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
plotly.js
from 1.48.3 to 2.25.2Release notes
Sourced from plotly.js's releases.
... (truncated)
Changelog
Sourced from plotly.js's changelog.
... (truncated)
Commits
e824199
2.25.2920a50e
update readme and changelog for v2.25.227932d6
Merge pull request #6705 from plotly/reduce-flakiness0249840
Merge pull request #6704 from plotly/nestedProperty-protoa4a69d5
reduce flakiness on CIa860a32
Merge pull request #6690 from Mkranj/croatian_translation5cfbd6e
add test2bec998
guard against polluting proto in nestedProperty5efd2a1
Merge pull request #6703 from plotly/expandObjectPaths-protoe1e3175
fix delay in testMaintainer changes
This version was pushed to npm by archmoj, a new releaser for plotly.js since your current version.
Updates
es5-ext
from 0.10.50 to 0.10.64Release notes
Sourced from es5-ext's releases.
... (truncated)
Changelog
Sourced from es5-ext's changelog.
... (truncated)
Commits
f76b03d
chore: Release v0.10.642881acd
chore: Bump dependenciesc2e2bb9
fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72
docs: Fix date in the changelogde4e03c
chore: Release v0.10.633fd53b7
chore: Upgradelint-staged
to v13bf8ed79
chore: Ensure postinstall script does not crash on Windows2cbbb07
chore: Bump dependencies22d0416
chore: Bump LICENSE yeara52e957
fix: Support ES2015+ function definitions infunction#toStringTokens()
Updates
ip
from 1.1.5 to 1.1.9Commits
1ecbf2f
1.1.96a3ada9
lib: fixed CVE-2023-42282 and added unit test5dc3b2f
1.1.88e6f28b
lib: even better node 6 support088c9e5
1.1.71a4ca35
lib: add back support for Node.js 6af82ef4
1.1.6dba19f6
package: exclude test folder from publishing7cd7f30
ci: use github workflows4de50ae
lib: node 18 supportUpdates
moment
from 2.26.0 to 2.30.1Changelog
Sourced from moment's changelog.
... (truncated)
Commits
485d9a7
Build 2.30.1e048b09
Bump version to 2.30.1f9f2d58
Update changelog for 2.30.1a52ffb2
Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"ddd6809
Build 2.30.0be64d00
Bump version to 2.30.0ad41179
Update changelog for 2.30.063fe479
[misc] Make code ES6 compatible0f0195f
Revert "Merge pull request #5599 from Alanscut:issue_4985"15b82f5
Revert "Merge pull request #5597 from Alanscut:issue-5596"Updates
node-fetch
from 2.6.0 to 2.7.0Release notes
Sourced from node-fetch's releases.
... (truncated)
Commits
9b9d458
feat:AbortError
(#1744)65ae25a
fix: Remove the default connection close header (#1765)8bc3a7c
fix: socket variable testing for undefined (#1726)afb36f6
Revert "fix: handle bom in text and json (#1739)" (#1741)29909d7
fix: handle bom in text and json (#1739)70f592d
fix: "global is not defined" (#1704)0f1ebb0
Prevent error when response is null (#1699)6e9464d
ci(release): install dependenciesdd2a0ba
ci(release): install dependencies49bef02
ci(release): use latest Node LTSMaintainer changes
This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.
Updates
qs
from 6.5.2 to 6.5.3Changelog
Sourced from qs's changelog.
Commits
298bfa5
v6.5.3ed0f5dc
[Fix]parse
: ignore__proto__
keys (#428)691e739
[Robustness]stringify
: avoid relying on a globalundefined
(#427)1072d57
[readme] remove travis badge; add github actions/codecov badges; update URLs12ac1c4
[meta] fix README.md (#399)0338716
[actions] backport actions from main5639c20
Clean up license text so it’s properly detected as BSD-3-Clause51b8a0b
add FUNDING.yml45f6759
[Fix] fix for an impossible situation: when the formatter is called with a no...f814a7f
[Dev Deps] backport from mainUpdates
static-eval
from 0.2.4 to 2.1.1Release notes
Sourced from static-eval's releases.
Changelog
Sourced from static-eval's changelog.
Commits
c682147
2.1.122fc478
Merge pull request #43 from FabianWarnecke/patch-1cdf877d
Update dependency "escodegen".aff732b
maybe they will email me about "security" issues if i put this in there1a4d734
2.1.0054adac
ci: add node 1409c4b83
Merge pull request #31 from archmoj/allow-cwise-transforme619afc
make option to enable allowAccessToMethodsOnFunctions namely to be used by cw...36587c2
remove trailing spaces798b0d5
ci: add node 12 and 13Maintainer changes
This version was pushed to npm by goto-bus-stop, a new releaser for static-eval since your current version.
Updates
underscore
from 1.9.1 to 1.13.6Commits
bd2d35c
Merge remote-tracking branch 'upstream/master'2e7c0f2
Update generated files, tag 1.13.6 release732cafe
Underscore 1.13.6e8f86fb
Add changelog entry for versioin 1.13.643e827a
Bump the version to 1.13.6 (hotfix)1c1d1a2
Remove patch-package postinstall script4eb6894
Merge pull request #2974 from paulsmithkc/patch-12edcdc1
Hostfix for broken builds66ee70d
Verify that production and doc builds still work in CI68e5eb6
Update generated sources, tag 1.13.5 releaseMaintainer changes
This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.
Updates
webpack-dev-middleware
from 6.1.1 to 6.1.2Release notes
Sourced from webpack-dev-middleware's releases.
Changelog
Sourced from webpack-dev-middleware's changelog.
Commits
54e4a96
chore(release): 6.1.29670b34
fix(security): do not allow to read files above (#1778)Updates
word-wrap
from 1.2.3 to 1.2.5Release notes
Sourced from word-wrap's releases.
Commits
207044e
1.2.59894315
revert default indentf64b188
run verb to generate README03ea082
Merge pull request #42 from jonschlinkert/chore/publish-workflow420dce9
Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2bfa694e
Update .github/workflows/publish.ymlace0b3c
chore: bump version to 1.2.46fd7275
chore: add publish workflow30d6daf
chore: fix test655929c
chore: remove package-lockUpdates
y18n
from 4.0.0 to 4.0.3Changelog
Sourced from y18n's changelog.
Commits
0aa97c5
chore: release 4.x.x (#128)a8e7f04
build(release-please): configure branch properly (#127)1e21a53
fix(release): 4.x.x should not enforce Node 10 (#126)8dc7580
docs: update CHANGELOG7de58ca
fix: address prototype pollution issueMaintainer changes
This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manuallyDescription has been truncated