Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security Updates RC.3 (meteor#13187)
* Bump json5 from 2.2.0 to 2.2.3 in /npm-packages/meteor-babel Bumps [json5](https://github.com/json5/json5) from 2.2.0 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump moment from 2.29.1 to 2.29.4 in /tools/tests/apps/dynamic-import Bumps [moment](https://github.com/moment/moment) from 2.29.1 to 2.29.4. - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.29.1...2.29.4) --- updated-dependencies: - dependency-name: moment dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump lodash-es from 4.17.15 to 4.17.21 in /tools/tests/apps/modules Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) --- updated-dependencies: - dependency-name: lodash-es dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump lodash from 4.17.15 to 4.17.21 in /tools/tests/apps/modules Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) --- updated-dependencies: - dependency-name: lodash dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ua-parser-js from 0.7.28 to 0.7.38 in /tools/tests/apps/modules Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 0.7.28 to 0.7.38. - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/0.7.38/changelog.md) - [Commits](faisalman/ua-parser-js@0.7.28...0.7.38) --- updated-dependencies: - dependency-name: ua-parser-js dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump minimatch in /tools/tests/apps/ecmascript-regression Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ansi-regex in /npm-packages/cordova-plugin-meteor-webapp Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump qs and stripe in /tools/tests/apps/modules Bumps [qs](https://github.com/ljharb/qs) to 6.12.1 and updates ancestor dependency [stripe](https://github.com/stripe/stripe-node). These dependencies need to be updated together. Updates `qs` from 6.0.4 to 6.12.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.0.4...v6.12.1) Updates `stripe` from 4.25.0 to 15.10.0 - [Release notes](https://github.com/stripe/stripe-node/releases) - [Changelog](https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md) - [Commits](stripe/stripe-node@v4.25.0...v15.10.0) --- updated-dependencies: - dependency-name: qs dependency-type: indirect - dependency-name: stripe dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * upgrade meteor-ignore package.lock file * update app deps to ensure dependabot can act on .lock files * update package-lock.json * Bump semver in /npm-packages/babel-preset-meteor/babel-presets-meteor Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix test * Bump ua-parser-js from 0.7.28 to 0.7.38 in /tools/tests/apps/modules Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 0.7.28 to 0.7.38. - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/0.7.38/changelog.md) - [Commits](faisalman/ua-parser-js@0.7.28...0.7.38) --- updated-dependencies: - dependency-name: ua-parser-js dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump qs and stripe in /tools/tests/apps/modules Bumps [qs](https://github.com/ljharb/qs) to 6.12.1 and updates ancestor dependency [stripe](https://github.com/stripe/stripe-node). These dependencies need to be updated together. Updates `qs` from 6.0.4 to 6.12.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.0.4...v6.12.1) Updates `stripe` from 4.25.0 to 15.10.0 - [Release notes](https://github.com/stripe/stripe-node/releases) - [Changelog](https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md) - [Commits](stripe/stripe-node@v4.25.0...v15.10.0) --- updated-dependencies: - dependency-name: qs dependency-type: indirect - dependency-name: stripe dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> # Conflicts: # tools/tests/apps/modules/package-lock.json --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
bc7febd
commit b73f8ef