chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates #2221

dependabot · 2024-08-28T09:01:14Z

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
@ory/client	`1.4.2`	`1.14.4`
@ory/integrations	`1.1.5`	`1.2.1`
recharts	`2.1.12`	`2.12.7`
postcss	`8.4.31`	`8.4.32`
@adobe/css-tools	`4.3.1`	`4.4.0`
braces	`3.0.2`	`3.0.3`
d3-color	`2.0.0`	`3.1.0`
ejs	`3.1.9`	`3.1.10`
express	`4.18.2`	`4.19.2`
follow-redirects	`1.15.3`	`1.15.6`
ws	`8.14.2`	`8.18.0`
ws	`6.2.2`	`8.18.0`
ws	`7.5.9`	`8.18.0`
webpack-dev-middleware	`6.1.1`	`6.1.3`
webpack-dev-middleware	`5.3.3`	`6.1.3`

Bumps the npm_and_yarn group with 1 update in the /e2e directory: braces.

Updates @ory/client from 1.4.2 to 1.14.4

Commits

See full diff in compare view

Updates @ory/integrations from 1.1.5 to 1.2.1

Release notes

Sourced from @ory/integrations's releases.

v1.2.1

What's Changed

chore(actions): upgrade release workflow to use node v18 by @dan-j in ory/integrations#63

New Contributors

@dan-j made their first contribution in ory/integrations#63

Full Changelog: ory/integrations@v1.2.0...v1.3.0

1.2.0

What's Changed

fix: update packages & replace request dependency by @t1nky in ory/integrations#60

New Contributors

@t1nky made their first contribution in ory/integrations#60

Full Changelog: ory/integrations@1.1.5...v1.2.0

Commits

781878c chore(actions): upgrade release workflow to use node v18 (#63)
31e745b fix: update packages & replace request dependency (#60)
See full diff in compare view

Updates recharts from 2.1.12 to 2.12.7

Release notes

Sourced from recharts's releases.

v2.12.7

Whats changed

Fix

Area: re-add calculated area points to the areaDot callback props when it is a function. This was accidentally removed in v2.3. Fixes #4480

Brush: guard against undefined property access error when an ariaLabel is not specified. Follow up from recharts/recharts#2093

Full Changelog: recharts/recharts@v2.12.6...v2.12.7

v2.12.6

What's Changed

Fix

Tooltip: fix glitch where Tooltip always rendered in the top left even if animation was disabled by @HHongSeungWoo in recharts/recharts#4425 fixes recharts/recharts#4424

Chore

CI/Build fix: Added proper .js suffixes to main module and jsnext:main paths in package.json by @dobosalparbc in recharts/recharts#4431 fixes recharts/recharts#2858

Full Changelog: recharts/recharts@v2.12.5...v2.12.6

v2.12.5

Small fixes while working on v3 continued...

What's Changed

Feat

BarChart: support percentage (of chart) for barSize. Helps set size of bar when there are few datapoints Fixes #3640 by @graup in recharts/recharts#4407

Fix

Address recharts/recharts#4382

A recent release of @types/react broke some builds because they removed certain (unused) events from common event handler attributes. recharts was unknowingly enumerating keys of SVGProps in the Layer component with the old types and causing a type error on tsc with skipLibCheck: false

typescript - Layer: use SVGAttributes instead of SVGProps in forwardRef components by @ckifer in recharts/recharts#4413

typescript - Pie: fix Pie ref which was cast to HTMLElement when the ref is actually referring to SVGGElement. This gave false information to whoever is using ref on the Pie component

Full Changelog: recharts/recharts@v2.12.4...v2.12.5

v2.12.4

What's Changed

Small fixes while working on v3 continued...

... (truncated)

Changelog

Sourced from recharts's changelog.

⚠️ Next versions change notes are available only on the GitHub Releases page ⚠️

2.2.0 (Dec 8, 2022)

feat

Support keyboard navigation in pie chart (#2923)

Allow reversing the tooltip direction (#3056)

fix

fix rounding leading to hairline gaps (#3075)

fix: do not override zero brush end index (#3076)

fix: allow dragging brush when the mouse is outside (#3072)

fix: add label type to line props (#3068)

Ensure LabelList generic extends Data interface (#2954)

2.1.16 (Oct 29, 2022)

fix

Fix incorrect date in CHAGELOG (#3016)

Let formatter function run even when value is falsy (#3026)

Fix(Sankey): update tooltip active state by trigger type(hover/click) (#3021)

Fix Area's baseValue prop (#3013)

2.1.15 (Oct 12, 2022)

fix

Fix scroll on hover

DefaultTooltipContent.tsx Solving type error for entry.value and entry.name

chore

Revert D3 version

2.1.14 (Sep 7, 2022)

fix

Add inactiveShape prop to Pie component (#2900)

Revert "chore: move type deps into devDependencies (#2843)" (#2942)

Fix typing of default tooltip formatter (#2924)

Take letter-spacing and font-size into consideration while rendering ticks (#2898)

Add formatter function type to tooltip props (#2916)

doc: Update CHANGELOG.md about d3 7.x (#2919)

2.1.13 (Jul 26, 2022)

fix

set animate flag before chart data update (#2911)

Error bar domain fix (#2863)

fix: fix "recharts@… doesn't provide prop-types, requested by react-smooth" warning (#2895)

chore

... (truncated)

Commits

2074e2e 2.12.7
1e9e032 fix: guard against accidental undefined access in Brush
239b3ae fix(area-dot): regressionon in parameters passed to custom area dot
22064ed 2.12.6
504518d Added js suffix to main module and jsnext:main paths in package json (#4431)
a705024 fix: The box size of the Tooltip is 0 at the first rendering of TooltipBoundi...
bdad6ec 2.12.5
ed95633 fix(layer-types): use SVGAttributes instead of SVGProps in forwardRef compone...
3d2e8b9 feat(BarChart): support percentage for barSize. Fixes #3640 (#4407)
981eb8f 2.12.4
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ckifer, a new releaser for recharts since your current version.

Updates postcss from 8.4.31 to 8.4.32

Release notes

Sourced from postcss's releases.

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

Changelog

Sourced from postcss's changelog.

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

Commits

a0d9f10 Release 8.4.32 version
0146b3e Add Node.js 21 to CI
2398534 Update dependencies
1918533 Merge pull request #1902 from ferreira-tb/main
395e6dc Fix ProcessOptions interface
fa8cd15 Update dependencies
199a7c4 Typo
2528047 Update EM link
See full diff in compare view

Updates @adobe/css-tools from 4.3.1 to 4.4.0

Changelog

Sourced from @adobe/css-tools's changelog.

4.4.0 / 2024-06-05

add support for @starting-style #319

4.3.3 / 2024-01-24

Update export property #271

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

Commits

See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates d3-color from 2.0.0 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

Add rgb.clamp and hsl.clamp. #102

Add color.formatHex8. #103

Fix color.formatHsl to clamp values to the expected range. #83

Fix catastrophic backtracking when parsing colors. #89 #97 #99 #100 SNYK-JS-D3COLOR-1076592

v3.0.1

Make build reproducible.

v3.0.0

Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits

7a1573e 3.1.0
75c19c4 update LICENSE
ef94e01 update dependencies
5e9f757 method shorthand
e4bc34e formatHex8 (#103)
ac660c6 {rgb,hsl}.clamp() (#102)
70e3a04 clamp HSL format (#101)
994d8fd avoid backtracking (#100)
7d61bbe 3.0.1
93bc4ff related d3/d33; extract copyrights from LICENSE
Additional commits viewable in compare view

Updates d3-interpolate from 2.0.1 to 3.0.1

Release notes

Sourced from d3-interpolate's releases.

v3.0.1

Update dependencies.

Make build reproducible.

v3.0.0

Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits

6562b85 3.0.1
f5f6b74 update dependencies
9569bdb related d3/d33; extract copyrights from LICENSE
38346a4 3.0.0
47f9564 Adopt type=module (#93)
e8cddfd Update README.
See full diff in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.15.3 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates ws from 8.14.2 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

Added support for Blob (#2229).

8.17.1

Bug fixes

Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

976c53c [dist] 8.18.0
59b9629 [feature] Add support for Blob (#2229)
0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
15f11a0 [security] Add new DoS vulnerability to SECURITY.md
3c56601 [dist] 8.17.1
e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
6a00029 [test] Increase code coverage
ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
b73b118 [dist] 8.17.0
29694a5 [test] Use the highWaterMark variable
Additional commits viewable in compare view

Updates ws from 6.2.2 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

Added support for Blob (#2229).

8.17.1

Bug fixes

Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

976c53c [dist] 8.18.0
59b9629 [feature] Add support for Blob (#2229)
0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
15f11a0 [security] Add new DoS vulnerability to SECURITY.md
3c56601 [dist] 8.17.1
e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
6a00029 [test] Increase code coverage
ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
b73b118 [dist] 8.17.0
29694a5 [test] Use the highWaterMark variable
Additional commits viewable in compare view

Updates ws from 7.5.9 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

Added support for Blob (#2229).

8.17.1

Bug fixes

Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

976c53c [dist] 8.18.0
59b9629 [feature] Add support for Blob (#2229)
0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
15f11a0 [security] Add new DoS vulnerability to SECURITY.md
3c56601 [dist] 8.17.1
e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
6a00029 [test] Increase code coverage
ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
b73b118 [dist] 8.17.0
29694a5 [test] Use the highWaterMark variable
Additional commits viewable in compare view

Updates tough-cookie from 2.5.0 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

fix: allow set cookies with localhost by @colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

fix: allow special use domains by default by @colincasey in salesforce/tough-cookie#249

4.1.1 Patch -- allow special use domains by default by @awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

Create CHANGELOG.md by @ShivanKaul in salesforce/tough-cookie#189

Missing param validation issue145 by @medelibero-sfdc in salesforce/tough-cookie#193

Create SECURITY.md by @ShivanKaul in salesforce/tough-cookie#201

Create CODE_OF_CONDUCT.md by @ShivanKaul in salesforce/tough-cookie#200

Fix for issue #195 by @medelibero-sfdc in salesforce/tough-cookie#202

Add explanation and more special-use domains by @ShivanKaul in salesforce/tough-cookie#203

Sync of constructor options for serialization by @medelibero-sfdc in salesforce/tough-cookie#204

Returned null in case of empty cookie value by @vsin12 in salesforce/tough-cookie#196

132 str trim not a function by @awaterma in salesforce/tough-cookie#209

Fix for issue #153 by @medelibero-sfdc in salesforce/tough-cookie#210

Fix permuteDomain with trailing dot by @ruoho-sfdc in salesforce/tough-cookie#216

Issue #213 -- added gh-actions flow for building and testing tough-co… by @awaterma in salesforce/tough-cookie#218

Issue #210 -- Updated workflow to use npm install. by @awaterma in salesforce/tough-cookie#220

@GH-215 -- Tests that document localhost behavior when set as domain. by @awaterma in salesforce/tough-cookie#221

fix: MemoryCookieStore methods should exist on the prototype, not on the class. by @wjhsf in salesforce/tough-cookie#226

Unit test cases for allowSpecialUseDomain option by @colincasey in salesforce/tough-cookie#225

[Snyk] Upgrade universalify from 0.1.2 to 0.2.0 by @snyk-bot in salesforce/tough-cookie#228

React Native Support by @colincasey in salesforce/tough-cookie#227

Adding Updating CODEOWNERS with ECCN as per Export Control Compliance by @svc-scm in salesforce/tough-cookie#223

fix: domain match routine by @colincasey in salesforce/tough-cookie#236

Stop using the internal NodeJS punycode module by @gboer in salesforce/tough-cookie#238

Initial documentation review by @mcarey86 in salesforce/tough-cookie#234

fix: distinguish between no samesite and samesite=none by @colincasey in salesforce/tough-cookie#240

Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move… by @awaterma in salesforce/tough-cookie#242

4.1.0 release to NPM by @awaterma in salesforce/tough-cookie#245

... (truncated)

Commits

4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
12d4747 Prevent prototype pollution in cookie memstore (#283)
f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
b1a8898 fix: allow set cookies with localhost (#253)
ec70796 4.1.1 Patch -- allow special use domains by default (#250)
d4ac580 fix: allow special use domains by default (#249)
79c2f7d 4.1.0 release to NPM (#245)
4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
aa4396d fix: distinguish between no samesite and samesite=none (#240)
b8d7511 Modernize README (#234)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.

Updates webpack-dev-middleware from 6.1.1 to 6.1.3

Release notes

Sourced from webpack-dev-middleware's releases.

v6.1.3

6.1.3 (2024-03-29)

Bug Fixes

security problem (#1799) (5a4d9e8)

v6.1.2

6.1.2 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1778) (9670b34)

Changelog

Sourced from webpack-dev-middleware's changelog.

6.1.3 (2024-03-29)

Bug Fixes

security problem (#1799) (5a4d9e8)

6.1.2 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1778) (9670b34)

Commits

4537522 chore(release): 6.1.3
5a4d9e8 fix: security problem (#1799)
54e4a96 chore(release): 6.1.2
9670b34 fix(security): do not allow to read files above (#1778)
See full diff in compare view

Updates webpack-dev-middleware from 5.3.3 to 6.1.3

Release notes

Sourced from webpack-dev-middleware's releases.

v6.1.3

6.1.3 (2024-03-29)

Bug Fixes

security problem (#1799) (5a4d9e8)

v6.1.2

6.1.2 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1778) (9670b34)

Changelog

Sourced from webpack-dev-middleware's changelog.

6.1.3 (2024-03-29)

Bug Fixes

security problem (#1799) (5a4d9e8)

6.1.2 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1778) (9670b34)

Commits

vercel · 2024-08-28T09:01:16Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
aws-preview	✅ Ready (Inspect)	Visit Preview	Mar 24, 2025 7:33am
flanksource-ui	✅ Ready (Inspect)	Visit Preview	Mar 24, 2025 7:33am

netlify · 2024-08-28T09:01:33Z

✅ Deploy Preview for flanksource-demo-stable ready!

Name	Link
🔨 Latest commit	`d34f842`
🔍 Latest deploy log	https://app.netlify.com/sites/flanksource-demo-stable/deploys/67e1085f91b72a0008684510
😎 Deploy Preview	https://deploy-preview-2221--flanksource-demo-stable.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify · 2024-08-28T09:05:28Z

✅ Deploy Preview for goofy-euclid-75956c ready!

Name	Link
🔨 Latest commit	`d34f842`
🔍 Latest deploy log	https://app.netlify.com/sites/goofy-euclid-75956c/deploys/67e1085f5a6d2d0008262d74
😎 Deploy Preview	https://deploy-preview-2221--goofy-euclid-75956c.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify · 2024-08-28T09:06:01Z

✅ Deploy Preview for clerk-saas-ui ready!

Name	Link
🔨 Latest commit	`d34f842`
🔍 Latest deploy log	https://app.netlify.com/sites/clerk-saas-ui/deploys/67e1085fa921660008583984
😎 Deploy Preview	https://deploy-preview-2221--clerk-saas-ui.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

moshloop · 2025-03-19T16:14:34Z

@dependabot rebase

dependabot · 2025-03-19T16:14:39Z

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

moshloop · 2025-03-24T07:15:37Z

@dependabot recreate

… updates Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@ory/client](https://github.com/ory/sdk) | `1.4.2` | `1.14.4` | | [@ory/integrations](https://github.com/ory/integrations) | `1.1.5` | `1.2.1` | | [recharts](https://github.com/recharts/recharts) | `2.1.12` | `2.12.7` | | [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.4.32` | | [@adobe/css-tools](https://github.com/adobe/css-tools) | `4.3.1` | `4.4.0` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [d3-color](https://github.com/d3/d3-color) | `2.0.0` | `3.1.0` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.3` | `1.15.6` | | [ws](https://github.com/websockets/ws) | `8.14.2` | `8.18.0` | | [ws](https://github.com/websockets/ws) | `6.2.2` | `8.18.0` | | [ws](https://github.com/websockets/ws) | `7.5.9` | `8.18.0` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `6.1.1` | `6.1.3` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `6.1.3` | Bumps the npm_and_yarn group with 1 update in the /e2e directory: [braces](https://github.com/micromatch/braces). Updates `@ory/client` from 1.4.2 to 1.14.4 - [Release notes](https://github.com/ory/sdk/releases) - [Commits](https://github.com/ory/sdk/commits) Updates `@ory/integrations` from 1.1.5 to 1.2.1 - [Release notes](https://github.com/ory/integrations/releases) - [Commits](ory/integrations@1.1.5...v1.2.1) Updates `recharts` from 2.1.12 to 2.12.7 - [Release notes](https://github.com/recharts/recharts/releases) - [Changelog](https://github.com/recharts/recharts/blob/3.x/CHANGELOG.md) - [Commits](recharts/recharts@v2.1.12...v2.12.7) Updates `postcss` from 8.4.31 to 8.4.32 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.31...8.4.32) Updates `@adobe/css-tools` from 4.3.1 to 4.4.0 - [Changelog](https://github.com/adobe/css-tools/blob/main/History.md) - [Commits](https://github.com/adobe/css-tools/commits) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `d3-color` from 2.0.0 to 3.1.0 - [Release notes](https://github.com/d3/d3-color/releases) - [Commits](d3/d3-color@v2.0.0...v3.1.0) Updates `d3-interpolate` from 2.0.1 to 3.0.1 - [Release notes](https://github.com/d3/d3-interpolate/releases) - [Commits](d3/d3-interpolate@v2.0.1...v3.0.1) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `follow-redirects` from 1.15.3 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.3...v1.15.6) Updates `ws` from 8.14.2 to 8.18.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.14.2...8.18.0) Updates `ws` from 6.2.2 to 8.18.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.14.2...8.18.0) Updates `ws` from 7.5.9 to 8.18.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.14.2...8.18.0) Updates `tough-cookie` from 2.5.0 to 4.1.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.5.0...v4.1.3) Updates `webpack-dev-middleware` from 6.1.1 to 6.1.3 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v6.1.3/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v6.1.1...v6.1.3) Updates `webpack-dev-middleware` from 5.3.3 to 6.1.3 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v6.1.3/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v6.1.1...v6.1.3) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: "@ory/client" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@ory/integrations" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: recharts dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@adobe/css-tools" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: d3-color dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: d3-interpolate dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 28, 2024

dependabot bot mentioned this pull request Aug 28, 2024

chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates #2186

Closed

vercel bot deployed to Preview – flanksource-ui August 28, 2024 09:13 View deployment

vercel bot deployed to Preview – aws-preview August 28, 2024 09:18 View deployment

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-5091dcbbb9 branch 2 times, most recently from 0c11fcd to 08875b4 Compare August 29, 2024 21:47

vercel bot deployed to Preview – aws-preview August 29, 2024 21:54 View deployment

vercel bot deployed to Preview – flanksource-ui August 29, 2024 21:54 View deployment

moshloop force-pushed the dependabot/npm_and_yarn/npm_and_yarn-5091dcbbb9 branch from 08875b4 to 376c7ba Compare September 2, 2024 15:22

vercel bot deployed to Preview – flanksource-ui September 2, 2024 15:27 View deployment

vercel bot deployed to Preview – aws-preview September 2, 2024 15:31 View deployment

moshloop force-pushed the dependabot/npm_and_yarn/npm_and_yarn-5091dcbbb9 branch from 376c7ba to 41ba43f Compare March 18, 2025 12:29

vercel bot deployed to Preview – flanksource-ui March 18, 2025 12:34 View deployment

vercel bot deployed to Preview – aws-preview March 18, 2025 12:39 View deployment

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-5091dcbbb9 branch from 41ba43f to d34f842 Compare March 24, 2025 07:23

vercel bot deployed to Preview – flanksource-ui March 24, 2025 07:28 View deployment

vercel bot deployed to Preview – aws-preview March 24, 2025 07:33 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates #2221

chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates #2221

Uh oh!

dependabot bot commented on behalf of github Aug 28, 2024 •

edited

Loading

Uh oh!

vercel bot commented Aug 28, 2024 •

edited

Loading

Uh oh!

netlify bot commented Aug 28, 2024 •

edited

Loading

Uh oh!

netlify bot commented Aug 28, 2024 •

edited

Loading

Uh oh!

netlify bot commented Aug 28, 2024 •

edited

Loading

Uh oh!

moshloop commented Mar 19, 2025

Uh oh!

dependabot bot commented on behalf of github Mar 19, 2025

Uh oh!

moshloop commented Mar 24, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates #2221

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates #2221

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 28, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.2.1

What's Changed

New Contributors

1.2.0

What's Changed

New Contributors

v2.12.7

Whats changed

Fix

v2.12.6

What's Changed

Fix

Chore

v2.12.5

What's Changed

Feat

Fix

v2.12.4

What's Changed

⚠️ Next versions change notes are available only on the GitHub Releases page ⚠️

2.2.0 (Dec 8, 2022)

feat

fix

2.1.16 (Oct 29, 2022)

fix

2.1.15 (Oct 12, 2022)

fix

chore

2.1.14 (Sep 7, 2022)

fix

2.1.13 (Jul 26, 2022)

fix

chore

8.4.32

8.4.32

4.4.0 / 2024-06-05

4.3.3 / 2024-01-24

4.3.2 / 2023-11-28

v3.1.0

v3.0.1

v3.0.0

v3.0.1

v3.0.0

v3.1.10

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

8.18.0

Features

8.17.1

Bug fixes

8.18.0

Features

8.17.1

Bug fixes

8.18.0

Features

8.17.1

Bug fixes

4.1.3

4.1.2 -- Patch and Bugfix Release

What's Changed

dependabot bot commented on behalf of github Aug 28, 2024 •

edited

Loading

vercel bot commented Aug 28, 2024 •

edited

Loading

netlify bot commented Aug 28, 2024 •

edited

Loading

netlify bot commented Aug 28, 2024 •

edited

Loading

netlify bot commented Aug 28, 2024 •

edited

Loading