Skip to content

Bump the npm_and_yarn group across 1 directory with 12 updates #376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump the npm_and_yarn group across 1 directory with 12 updates #376

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 2, 2024

Bumps the npm_and_yarn group with 11 updates in the /js directory:

Package From To
axios 1.4.0 1.6.0
@babel/traverse 7.21.5 7.24.5
@firebase/util 0.3.2 1.9.5
firebase 7.24.0 10.11.1
semver 6.3.0 6.3.1
ejs 3.1.9 3.1.10
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
tough-cookie 4.1.2 4.1.4
webpack-dev-middleware 5.3.3 5.3.4
word-wrap 1.2.3 1.2.5

Updates axios from 1.4.0 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

Release v1.5.1

Release notes:

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

Release v1.5.0

Release notes:

Bug Fixes

  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

1.5.1 (2023-09-26)

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

Updates @babel/traverse from 7.21.5 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

🏠 Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

Committers: 6

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

🏠 Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

v7.24.4 (2024-04-03)

👓 Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

🐛 Bug Fix

  • babel-generator
  • babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-plugin-transform-block-scoping
  • babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits

Updates @firebase/util from 0.3.2 to 1.9.5

Changelog

Sourced from @​firebase/util's changelog.

1.9.5

Patch Changes

  • 0c5150106 #8079 - Update repository.url field in all package.json files to NPM's preferred format.

1.9.4

Patch Changes

1.9.3

Patch Changes

  • c59f537b1 #7019 - Modify base64 decoding logic to throw on invalid input, rather than silently truncating it.

1.9.2

Patch Changes

  • d071bd1ac #7007 (fixes #7005) - Move exports.default fields to always be the last field. This fixes a bug caused in 9.17.0 that prevented some bundlers and frameworks from building.

1.9.1

Patch Changes

  • 0bab0b7a7 #6981 - Added browser CJS entry points (expected by Jest when using JSDOM mode).

1.9.0

Minor Changes

  • 06dc1364d #6901 - Allow users to specify their environment as node or browser to override Firebase's runtime environment detection and force the SDK to act as if it were in the respective environment.

Patch Changes

  • d4114a4f7 #6874 (fixes #6838) - Reformat a comment that causes compile errors in some build toolchains.

1.8.0

Minor Changes

Patch Changes

  • c20633ed3 #6841 - Fix for third party window content that cannot access IndexedDB if the browser is set to never accept third party cookies on Firefox.

... (truncated)

Commits

Updates firebase from 7.24.0 to 10.11.1

Commits

Updates protobufjs from 6.11.3 to 7.2.6

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

  • report missing import properly in loadSync (#1960) (af3ff83)

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

protobufjs: v7.2.4

7.2.4 (2023-06-23)

Bug Fixes

  • do not let setProperty change the prototype (#1899) (e66379f)

protobufjs: v7.2.3

7.2.3 (2023-03-27)

Bug Fixes

  • type names can be split into multiple tokens (#1877) (8817ee6)

protobufjs: v7.2.2

7.2.2 (2023-02-07)

Bug Fixes

  • do not allow to extend same field twice to prevent the error (#1784) (14f0536)

protobufjs: v7.2.1

7.2.1 (2023-02-02)

Bug Fixes

  • cli: fix relative path to Google pb files (#1859) (e42eea4)
  • Revert "fix: error should be thrown" (4489fa7)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.2.6 (2024-01-16)

Bug Fixes

  • report missing import properly in loadSync (#1960) (af3ff83)

7.2.5 (2023-08-21)

Bug Fixes

7.2.4 (2023-06-23)

Bug Fixes

  • do not let setProperty change the prototype (#1899) (e66379f)

7.2.3 (2023-03-27)

Bug Fixes

  • type names can be split into multiple tokens (#1877) (8817ee6)

7.2.2 (2023-02-07)

Bug Fixes

  • do not allow to extend same field twice to prevent the error (#1784) (14f0536)

7.2.1 (2023-02-02)

Bug Fixes

  • cli: fix relative path to Google pb files (#1859) (e42eea4)
  • Revert "fix: error should be thrown" (4489fa7)
  • use bundled filename to fix common pb includes (#1860) (dce9a2e)
  • use ES5 style function syntax (#1830) (64e8936)

7.2.0 (2023-01-24)

... (truncated)

Commits

Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

6.2.0

  • Coerce numbers to strings when passed to semver.coerce()
  • Add rtl option to coerce from right to left

6.1.3

  • Handle X-ranges properly in includePrerelease mode

6.1.2

  • Do not throw when testing invalid version strings

6.1.1

  • Add options support for semver.coerce()
  • Handle undefined version passed to Range.test

6.1.0

  • Add semver.compareBuild function
  • Support * in semver.intersects

6.0

  • Fix intersects logic.

    This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: [email protected]
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates follow-redirects from 1.15.2 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolv...

    Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 12 updates
d77fbb1 
Bumps the npm_and_yarn group with 11 updates in the /js directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.4.0` | `1.6.0` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.21.5` | `7.24.5` |
| [@firebase/util](https://github.com/firebase/firebase-js-sdk/tree/HEAD/packages/util) | `0.3.2` | `1.9.5` |
| [firebase](https://github.com/firebase/firebase-js-sdk) | `7.24.0` | `10.11.1` |
| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |
| [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` |
| [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` |
| [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.1.2` | `4.1.4` |
| [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` |
| [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` |



Updates `axios` from 1.4.0 to 1.6.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.4.0...v1.6.0)

Updates `@babel/traverse` from 7.21.5 to 7.24.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.5/packages/babel-traverse)

Updates `@firebase/util` from 0.3.2 to 1.9.5
- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)
- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/packages/util/CHANGELOG.md)
- [Commits](https://github.com/firebase/firebase-js-sdk/commits/@firebase/[email protected]/packages/util)

Updates `firebase` from 7.24.0 to 10.11.1
- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)
- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/CHANGELOG.md)
- [Commits](https://github.com/firebase/firebase-js-sdk/compare/[email protected]@10.11.1)

Updates `protobufjs` from 6.11.3 to 7.2.6
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@v6.11.3...protobufjs-v7.2.6)

Updates `semver` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md)
- [Commits](npm/node-semver@v6.3.0...v6.3.1)

Updates `ejs` from 3.1.9 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v3.1.9...v3.1.10)

Updates `express` from 4.18.2 to 4.19.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

Updates `follow-redirects` from 1.15.2 to 1.15.6
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6)

Updates `tough-cookie` from 4.1.2 to 4.1.4
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.1.2...v4.1.4)

Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@firebase/util"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: firebase
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: protobufjs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: word-wrap
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 2, 2024
This was referenced May 2, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 11, 2024

Superseded by #379.

@dependabot dependabot bot closed this Jun 11, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/js/npm_and_yarn-3083174c4e branch June 11, 2024 01:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants