build(deps): bump the npm_and_yarn group across 1 directory with 21 updates#1
Open
dependabot[bot] wants to merge 1 commit into
Open
build(deps): bump the npm_and_yarn group across 1 directory with 21 updates#1dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
…pdates Bumps the npm_and_yarn group with 18 updates in the / directory: | Package | From | To | | --- | --- | --- | | [angular](https://github.com/angular/angular.js) | `1.8.2` | `1.8.3` | | [@types/angular](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/angular) | `1.8.1` | `1.8.9` | | [angular-sanitize](https://github.com/angular/angular.js) | `1.8.2` | `1.8.3` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.6` | | [moment](https://github.com/moment/moment) | `2.29.1` | `2.29.4` | | [postcss](https://github.com/postcss/postcss) | `8.3.0` | `8.5.6` | | [async](https://github.com/caolan/async) | `3.2.0` | `3.2.6` | | [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.3` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` | | [socket.io](https://github.com/socketio/socket.io) | `4.4.1` | `4.8.1` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [ws](https://github.com/websockets/ws) | `7.4.6` | `7.5.10` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.9` | `1.15.11` | | [nunjucks](https://github.com/mozilla/nunjucks) | `3.2.3` | `3.2.4` | | [serve-static](https://github.com/expressjs/serve-static) | `1.13.2` | `1.16.2` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.3` | | [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` | Updates `angular` from 1.8.2 to 1.8.3 - [Changelog](https://github.com/angular/angular.js/blob/master/CHANGELOG.md) - [Commits](angular/angular.js@v1.8.2...v1.8.3) Updates `@types/angular` from 1.8.1 to 1.8.9 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/angular) Updates `angular-sanitize` from 1.8.2 to 1.8.3 - [Changelog](https://github.com/angular/angular.js/blob/master/CHANGELOG.md) - [Commits](angular/angular.js@v1.8.2...v1.8.3) Updates `minimist` from 1.2.5 to 1.2.6 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.6) Updates `moment` from 2.29.1 to 2.29.4 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.29.1...2.29.4) Updates `postcss` from 8.3.0 to 8.5.6 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.3.0...8.5.6) Updates `async` from 3.2.0 to 3.2.6 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md) - [Commits](caolan/async@v3.2.0...v3.2.6) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `qs` from 6.6.0 to 6.13.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.6.0...v6.13.0) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.4.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `socket.io` from 4.4.1 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/4.4.1...socket.io@4.8.1) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `marked` from 0.3.6 to 0.7.0 - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json) - [Commits](markedjs/marked@v0.3.6...v0.7.0) Updates `ws` from 7.4.6 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.4.6...7.5.10) Updates `follow-redirects` from 1.14.9 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.11) Updates `nunjucks` from 3.2.3 to 3.2.4 - [Release notes](https://github.com/mozilla/nunjucks/releases) - [Changelog](https://github.com/mozilla/nunjucks/blob/master/CHANGELOG.md) - [Commits](mozilla/nunjucks@v3.2.3...v3.2.4) Updates `serve-static` from 1.13.2 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.13.2...v1.16.2) Updates `socket.io` from 4.4.1 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/4.4.1...socket.io@4.8.1) Updates `socket.io-parser` from 4.0.4 to 4.2.4 - [Release notes](https://github.com/Automattic/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md) - [Commits](socketio/socket.io-parser@4.0.4...4.2.4) Updates `tar-fs` from 2.1.1 to 2.1.3 - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.3) Updates `tmp` from 0.2.1 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.1...v0.2.5) --- updated-dependencies: - dependency-name: angular dependency-version: 1.8.3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@types/angular" dependency-version: 1.8.9 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: angular-sanitize dependency-version: 1.8.3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.6 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: moment dependency-version: 2.29.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.6 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: async dependency-version: 3.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.13.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-version: 4.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: marked dependency-version: 0.7.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nunjucks dependency-version: 3.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-version: 4.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-version: 4.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 18 updates in the / directory:
1.8.21.8.31.8.11.8.91.8.21.8.31.2.51.2.62.29.12.29.48.3.08.5.63.2.03.2.61.19.01.20.33.0.23.0.30.4.20.7.24.4.14.8.10.2.00.2.27.4.67.5.101.14.91.15.113.2.33.2.41.13.21.16.22.1.12.1.30.2.10.2.5Updates
angularfrom 1.8.2 to 1.8.3Changelog
Sourced from angular's changelog.
Commits
cf16b24docs(changelog): add release notes for 1.8.3757d56edocs(*): update end-of-life messages (#17177)f362437docs(eol): add EOL options text and link to template header used in every pagefb04e42test(Angular): fixangularInit()tests on Safari v15+6a52c4ftest(input): fix tests on Firefox v93+ed30c4ddocs(README.md): add wiki link to MVC4032655chore(deps): bump js-yaml from 3.5.5 to 3.14.147f8c65chore(deps): bump normalize-url from 4.5.0 to 4.5.156b0ee3chore(e2e): run tests against Chrome 91 on macOS Catalina58cd897chore(e2e): run tests against Firefox 85 on macOS CatalinaUpdates
@types/angularfrom 1.8.1 to 1.8.9Commits
Updates
angular-sanitizefrom 1.8.2 to 1.8.3Changelog
Sourced from angular-sanitize's changelog.
Commits
cf16b24docs(changelog): add release notes for 1.8.3757d56edocs(*): update end-of-life messages (#17177)f362437docs(eol): add EOL options text and link to template header used in every pagefb04e42test(Angular): fixangularInit()tests on Safari v15+6a52c4ftest(input): fix tests on Firefox v93+ed30c4ddocs(README.md): add wiki link to MVC4032655chore(deps): bump js-yaml from 3.5.5 to 3.14.147f8c65chore(deps): bump normalize-url from 4.5.0 to 4.5.156b0ee3chore(e2e): run tests against Chrome 91 on macOS Catalina58cd897chore(e2e): run tests against Firefox 85 on macOS CatalinaUpdates
minimistfrom 1.2.5 to 1.2.6Changelog
Sourced from minimist's changelog.
Commits
7efb22a1.2.6ef88b93security notice for additional prototype pollution issuec2b9819isConstructorOrProto adapted from PRbc8eceetest from prototype pollution PRUpdates
momentfrom 2.29.1 to 2.29.4Changelog
Sourced from moment's changelog.
Commits
000ac18Build 2.24.4f2006b6Bump version to 2.24.4536ad0cUpdate changelog for 2.29.49a3b589[bugfix] Fix redos in preprocessRFC2822 regex (#6015)6374fd8Merge branch 'master' into developb4e6153Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"7aebb16[bugfix] Fix redos in preprocessRFC2822 regex (#6015)57c9062Build 2.29.3aaf50b6Fixup release complaints26f4aefBump version to 2.29.3Updates
postcssfrom 8.3.0 to 8.5.6Release notes
Sourced from postcss's releases.
... (truncated)
Changelog
Sourced from postcss's changelog.
... (truncated)
Commits
91d6eb5Release 8.5.6 version65ffc55Update dependenciesecd20ebFix ContainerWithChildren to allow discriminating the node type by comparing ...c181597Release 8.5.5 versionc5523fbUpdate dependencies2e3450crefactor:importshould be listed beforerequire(#2052)4d720bdUpdate EM text6cb4a66Release 8.5.4 versionec5c1e0Update dependenciese85e938Fix code formatUpdates
asyncfrom 3.2.0 to 3.2.6Changelog
Sourced from async's changelog.
Commits
85fb18fVersion 3.2.68c0c941Update built files5f756b4Fix ReDoS (#1980)39cdc9bbuild(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)7b8ddebbuild(deps-dev): bump@babel/corefrom 7.24.7 to 7.25.2 (#1981)4634a9dbuild(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)afb176cbuild(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)3568a74build(deps-dev): bump@babel/eslint-parserfrom 7.24.7 to 7.25.1 (#1984)9e885fdbuild(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)f9c7f2abuild(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)Updates
body-parserfrom 1.19.0 to 1.20.3Release notes
Sourced from body-parser's releases.
... (truncated)
Changelog
Sourced from body-parser's changelog.
... (truncated)
Commits
17529511.20.339744cfchore: linter (#534)b2695c4Merge commit from forkade0f3fadd scorecard to readme (#531)99a1bd6deps: qs@6.12.3 (#521)9478591fix: pin to node@22.4.183db46aci: fix errors in ci github action for node 8 and 9 (#523)9d4e212chore: add support for OSSF scorecard reporting (#522)ee913741.20.2368a93aFix strict json error message on Node.js 19+Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.
Updates
qsfrom 6.6.0 to 6.13.0Changelog
Sourced from qs's changelog.
... (truncated)
Commits
5cf516cv6.13.08d56df2[New]parse: addstrictDepthoptionc9a6694[Tests] usenpm auditinstead ofaudf90cc35v6.12.31bf9f7a[Fix]parse: properly account forstrictNullHandlingwhenallowEmptyArrays7ebf48b[meta] fix changelog indentationd0dff11v6.12.2f0b8d03[Dev Deps] update@ljharb/eslint-config,object-inspect,tape81835ff[Fix]:parse: parse encoded square bracketsdb47dcc[readme] add CII best practices badgeUpdates
bracesfrom 3.0.2 to 3.0.3Commits
74b2db23.0.388f1429update eslint. lint, fix unit tests.415d660Snyk js braces 6838727 (#40)190510ffix tests, skip 1 test in test/braces.expand716eb9freadme bumpa5851e5Merge pull request #37 from coderaiser/fix/vulnerability2092bd1feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cffix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9remove funding file665ab5dupdate keepEscaping doc (#27)Updates
cookiefrom 0.4.2 to 0.7.2Release notes
Sourced from cookie's releases.
Commits
d19eaa10.7.2bc38ffdFix object assignment ofhasOwnProperty(#177)cf4658f0.7.16a8b8f5Allow leading dot for domain (#174)58015c0Remove more code and perf wins (#172)ab057d60.7.05f02ca8Migrate history to GitHub releasesa5d591cMigrate history to GitHub releases51968f9Skip isNaN9e7ca51perf(parse): cache length, return early (#144)Maintainer changes
This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.
Updates
socket.iofrom 4.4.1 to 4.8.1Release notes
Sourced from socket.io's releases.
... (truncated)
Commits
91e1c8bchore(release): socket.io@4.8.18d5528achore(release): socket.io-client@4.8.171387e5refactor(sio-client): reexport transports from the engineaead835refactor(sio): make Namespace._fns private (#5196)029e010chore(release): engine.io-client@6.6.24ca6ddbdocs(nuxt): update example with latest versionca9e994fix(sio-client): do not mangle the "_placeholder" attribute4865f2efix(eio-client): prevent infinite loop with Node.js built-in WebSocketd4b3ddeci: use Node.js 223b68658chore: bump@fails-components/webtransportto version 1.1.4 (dev)Updates
decode-uri-componentfrom 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea460.2.2980e0bfPrevent overwriting previously decoded tokens3c8a3730.2.176abc93Switch to GitHub workflows746ca5dFix issue where decode throws - fixes #6486d7e2Update license (#1)a650457Tidelift tasks66e1c28Meta tweaksUpdates
markedfrom 0.3.6 to 0.7.0Commits
26ae990Release v0.7.0 (#1519)204926c0.7.015a6b4f🗜️ minify [skip ci]0ee3aa9Merge pull request #1515 from UziTech/link-label-securitycc9efe4🗜️ minify [skip ci]e987a4dfix testsded5e24update link7faa999add testac1e57cuse correct options in specs (#1511)63935f9🗜️ minify [skip ci]Maintainer changes
This version was pushed to npm by tonybrix, a new releaser for marked since your current version.
Updates
wsfrom 7.4.6 to 7.5.10Release notes
Sourced from ws's releases.
... (truncated)
Commits
d962d70[dist] 7.5.1022c2876[security] Fix crash when the Upgrade header cannot be read (#2231)8a78f87[dist] 7.5.90435e6e[security] Fix same host check for ws+unix: redirects4271f07[dist] 7.5.8dc1781b[security] Drop sensitive headers when following insecure redirects2758ed3[fix] Abort the handshake if the Upgrade header is invalida370613[dist] 7.5.71f72e2e[security] Drop sensitive headers when following redirects (#2013)8ecd890[dist] 7.5.6Updates
follow-redirectsfrom 1.14.9 to 1.15.11Commits
21ef28aRelease version 1.15.11 of the npm package.7c88135Roll back tree shaking.6e389baRelease version 1.15.10 of the npm package.5bc496eShake me up before you go-go.694d6b4Bump minimist from 1.2.5 to 1.2.8e4e55c7Release version 1.15.9 of the npm package.31a1abfAttempt much more gentle detection.d2aaa97Fix url field.62558f0Release version 1.15.8 of the npm package.a8d1ceeReturn subtlety.Updates
nunjucksfrom 3.2.3 to 3.2.4Release notes
Sourced from nunjucks's releases.
Changelog
Sourced from nunjucks's changelog.
Commits
86a77f4Release v3.2.4ec16d21fix: html encode backslashes if used with escape filter or autoescape (#1437)Updates
serve-staticfrom 1.13.2 to 1.16.2Release notes
Sourced from serve-static's releases.