build(deps): bump the npm_and_yarn group across 1 directory with 21 updates#3
Open
dependabot[bot] wants to merge 1 commit into
Open
build(deps): bump the npm_and_yarn group across 1 directory with 21 updates#3dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
…pdates Bumps the npm_and_yarn group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.2.0` | | [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.16.7` | `7.29.7` | | [body-parser](https://github.com/expressjs/body-parser) | `1.19.2` | `1.20.5` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` | | [socket.io](https://github.com/socketio/socket.io) | `4.4.1` | `4.8.3` | | [flatted](https://github.com/WebReflection/flatted) | `3.2.5` | `3.4.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.8` | `1.16.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [phin](https://github.com/ethanent/phin) | `2.9.3` | `removed` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [postcss](https://github.com/postcss/postcss) | `8.4.6` | `8.5.15` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.7` | | [underscore](https://github.com/jashkenas/underscore) | `1.13.2` | `1.13.8` | Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `js-yaml` from 4.1.0 to 4.2.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `@babel/plugin-transform-modules-systemjs` from 7.16.7 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs) Updates `@babel/traverse` from 7.17.3 to 7.20.5 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.20.5/packages/babel-traverse) Updates `body-parser` from 1.19.2 to 1.20.5 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md) - [Commits](expressjs/body-parser@1.19.2...1.20.5) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.4.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `socket.io` from 4.4.1 to 4.8.3 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/4.4.1...socket.io@4.8.3) Updates `flatted` from 3.2.5 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.5...v3.4.2) Updates `follow-redirects` from 1.14.8 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.8...v1.16.0) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `min-document` from 2.19.0 to 2.19.2 - [Commits](Raynos/min-document@v2.19.0...v2.19.2) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Removes `phin` Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `postcss` from 8.4.6 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.6...8.5.15) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `socket.io-parser` from 4.0.4 to 4.2.6 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/commits/socket.io-parser@4.2.6) Updates `socket.io` from 4.4.1 to 4.8.3 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/4.4.1...socket.io@4.8.3) Updates `tmp` from 0.2.1 to 0.2.7 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.1...v0.2.7) Updates `underscore` from 1.13.2 to 1.13.8 - [Commits](jashkenas/underscore@1.13.2...1.13.8) Updates `ws` from 8.2.3 to 8.20.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.2.3...8.20.1) Updates `xml2js` from 0.4.23 to 0.5.0 - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits/0.5.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/plugin-transform-modules-systemjs" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.20.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-version: 4.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: min-document dependency-version: 2.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: phin dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 5.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-version: 4.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-version: 4.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: underscore dependency-version: 1.13.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.20.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: xml2js dependency-version: 0.5.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 17 updates in the / directory:
3.14.13.14.24.1.04.2.07.16.77.29.71.19.21.20.53.0.23.0.30.4.20.7.24.4.14.8.33.2.53.4.21.14.81.16.04.17.214.18.12.19.02.19.23.1.23.1.52.9.3removed2.3.12.3.28.4.68.5.155.7.15.7.20.2.10.2.71.13.21.13.8Updates
js-yamlfrom 3.14.1 to 3.14.2Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)Updates
js-yamlfrom 4.1.0 to 4.2.0Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)Updates
@babel/plugin-transform-modules-systemjsfrom 7.16.7 to 7.29.7Release notes
Sourced from @babel/plugin-transform-modules-systemjs's releases.
... (truncated)
Commits
4fba754v7.29.7a458f66v7.29.432ebd5a[7.x backport]fix(systemjs): improve module string name support (#17974)aa8394ev7.29.00053db6Update polyfill packages (#17727)61647aev7.28.5a177d55[Babel 8] Uset.traverseFastto replace somepath.traverse(#17518)eebd3a0v7.27.1317e332Enforce node protocol import (#17207)fdc0fb5[Babel 8] Bump nodejs requirements to^20.19.0 || >= 22.12.0(#17204)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/plugin-transform-modules-systemjssince your current version.Updates
@babel/traversefrom 7.17.3 to 7.20.5Commits
29a97b8v7.20.5c78fc49fix: Edge cases for async functions andnoNewArrowassumption (#15181)f8b47f9Improve array destructuring spec compliance (#15183)e7405b9fix: Throw error when compilingsuper()in arrow functions with default / r...5f19f62Bump babel deps (#15187)7272f23Registerswitch'sdiscriminantin the outer scope (#15167)1893249v7.20.1e4bc031Do not markinandinstanceofas constant expressions (#15106)04509a3v7.20.08300960Parseusingdeclaration (explicit resource management) (#14968)Updates
body-parserfrom 1.19.2 to 1.20.5Release notes
Sourced from body-parser's releases.
... (truncated)
Changelog
Sourced from body-parser's changelog.
... (truncated)
Commits
0defdberelease(patch): 1.20.5cd0e7a0deps(qs): bump qs to 6.15.16f24d7efix: correct off-by-one error in parameterCount (#716)b849bd5deps: qs@~6.14.1 (#690)2c55e2frefactor(json): simplify strict mode error string construction (#692)7db202c1.20.4 (#672)d8f8adbci: add CodeQL (SAST) (#670)6d133c1chore: remove SECURITY.md (#669)fcd1535deps: use tilde notation and update certain dependencies (#668)ec5fa29deps: qs@~6.14.0 (#664)Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for body-parser since your current version.
Updates
bracesfrom 3.0.2 to 3.0.3Commits
74b2db23.0.388f1429update eslint. lint, fix unit tests.415d660Snyk js braces 6838727 (#40)190510ffix tests, skip 1 test in test/braces.expand716eb9freadme bumpa5851e5Merge pull request #37 from coderaiser/fix/vulnerability2092bd1feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cffix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9remove funding file665ab5dupdate keepEscaping doc (#27)Updates
cookiefrom 0.4.2 to 0.7.2Release notes
Sourced from cookie's releases.
Commits
d19eaa10.7.2bc38ffdFix object assignment ofhasOwnProperty(#177)cf4658f0.7.16a8b8f5Allow leading dot for domain (#174)58015c0Remove more code and perf wins (#172)ab057d60.7.05f02ca8Migrate history to GitHub releasesa5d591cMigrate history to GitHub releases51968f9Skip isNaN9e7ca51perf(parse): cache length, return early (#144)Maintainer changes
This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.
Updates
socket.iofrom 4.4.1 to 4.8.3Release notes
Sourced from socket.io's releases.
... (truncated)
Commits
9978574chore(release): socket.io@4.8.3e9e5bedchore(release): socket.io-client@4.8.39581f9bfix(sio): do not throw when calling io.close() on a stopped server579d43frefactor: remove unused filesee9aac3chore(release): socket.io-parser@4.2.5968277cchore(release): socket.io-adapter@2.5.62bf16bdchore(release): engine.io-client@6.6.4ad61607docs(eio): fix link in the release notesdd71792chore(release): socket.io@4.8.2bb0b480fix(sio): improveio.close()function (#5344)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for socket.io since your current version.
Updates
flattedfrom 3.2.5 to 3.4.2Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updatesUpdates
follow-redirectsfrom 1.14.8 to 1.16.0Commits
0c23a22Release version 1.16.0 of the npm package.844c4d3Add sensitiveHeaders option.5e8b8d0ci: add Node.js 24.x to the CI matrix7953e22ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v686dc1f8Sanitizing input.21ef28aRelease version 1.15.11 of the npm package.7c88135Roll back tree shaking.6e389baRelease version 1.15.10 of the npm package.5bc496eShake me up before you go-go.694d6b4Bump minimist from 1.2.5 to 1.2.8Updates
lodashfrom 4.17.21 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
min-documentfrom 2.19.0 to 2.19.2Commits
0d141502.19.249c2e06Merge pull request #56 from wasabina67/fix/prototype-pollution-removeAttribut...9666461Fix prototype pollution vulnerability in removeAttributeNS4490b402.19.12cd5871update ignorefe32e8dMerge pull request #55 from jameswassink/fix/prototype-pollution-removeAttrib...6c5f31aBetter prototype pollution fix0d4e819Fix prototype pollution in removeAttributeNSbf7b691Update package.json1b5402dMerge pull request #49 from PixnBits/patch-1Updates
minimatchfrom 3.1.2 to 3.1.5Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsRemoves
phinUpdates
picomatchfrom 2.3.1 to 2.3.2Release notes
Sourced from picomatch's releases.
Changelog
Sourced from picomatch's changelog.
... (truncated)
Commits
81cba8dPublish 2.3.2fc1f6b6Merge commit from forkeec17aeMerge commit from fork78f8ca4Merge pull request #156 from micromatch/backport-1443f4f10eMerge pull request #144 from Jason3S/jdent-object-propertiesUpdates
postcssfrom 8.4.6 to 8.5.15Release notes
Sourced from postcss's releases.