chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates #127

dependabot · 2024-06-18T05:03:37Z

Bumps the npm_and_yarn group with 2 updates in the / directory: braces and ws.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates ws from 7.5.0 to 7.5.10

Release notes

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

Backported 0fdcc0af to the 7.x release line (2758ed35).

Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

Backported b8186dd1 to the 7.x release line (73dec34b).

Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

Backported 6a72da3e to the 7.x release line (76087fbf).

Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).

Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).

Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

... (truncated)

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
8a78f87 [dist] 7.5.9
0435e6e [security] Fix same host check for ws+unix: redirects
4271f07 [dist] 7.5.8
dc1781b [security] Drop sensitive headers when following insecure redirects
2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
a370613 [dist] 7.5.7
1f72e2e [security] Drop sensitive headers when following redirects (#2013)
8ecd890 [dist] 7.5.6
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates Bumps the npm_and_yarn group with 2 updates in the / directory: [braces](https://github.com/micromatch/braces) and [ws](https://github.com/websockets/ws). Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `ws` from 7.5.0 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.0...7.5.10) --- updated-dependencies: - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

…5 (main) (#19653) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [dlavrenuek/conventional-changelog-action](https://togithub.com/dlavrenuek/conventional-changelog-action) | action | patch | `v1.2.4` -> `v1.2.5` | --- ### Release Notes <details> <summary>dlavrenuek/conventional-changelog-action (dlavrenuek/conventional-changelog-action)</summary> ### [`v1.2.5`](https://togithub.com/dlavrenuek/conventional-changelog-action/releases/tag/v1.2.5): 1.2.5 [Compare Source](https://togithub.com/dlavrenuek/conventional-changelog-action/compare/v1.2.4...v1.2.5) #### What's Changed - chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dlavrenuek/conventional-changelog-action/pull/127](https://togithub.com/dlavrenuek/conventional-changelog-action/pull/127) **Full Changelog**: dlavrenuek/conventional-changelog-action@v1.2.4...v1.2.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/camunda).

…5 (main) (#20985) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [dlavrenuek/conventional-changelog-action](https://togithub.com/dlavrenuek/conventional-changelog-action) | action | patch | `v1.2.4` -> `v1.2.5` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>dlavrenuek/conventional-changelog-action (dlavrenuek/conventional-changelog-action)</summary> ### [`v1.2.5`](https://togithub.com/dlavrenuek/conventional-changelog-action/releases/tag/v1.2.5): 1.2.5 [Compare Source](https://togithub.com/dlavrenuek/conventional-changelog-action/compare/v1.2.4...v1.2.5) #### What's Changed - chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dlavrenuek/conventional-changelog-action/pull/127](https://togithub.com/dlavrenuek/conventional-changelog-action/pull/127) **Full Changelog**: dlavrenuek/conventional-changelog-action@v1.2.4...v1.2.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled because a matching PR was automerged previously. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/camunda/camunda).

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 18, 2024

dependabot bot mentioned this pull request Jun 18, 2024

chore(deps): bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory #126

Closed

dlavrenuek approved these changes Jun 22, 2024

View reviewed changes

dlavrenuek merged commit 061702b into main Jun 22, 2024
3 checks passed

dlavrenuek deleted the dependabot/npm_and_yarn/npm_and_yarn-9218438be0 branch June 22, 2024 14:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates #127

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates #127

dependabot bot commented on behalf of github Jun 18, 2024

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates #127

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates #127

Conversation

dependabot bot commented on behalf of github Jun 18, 2024

7.5.10

Bug fixes

7.5.9

Bug fixes

7.5.8

Bug fixes

7.5.7

Bug fixes

7.5.6

Bug fixes

7.5.5

Bug fixes

7.5.4

Bug fixes

7.5.3

Bug fixes

7.5.2

Bug fixes