Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 16 updates #1949

Open
wants to merge 1 commit into
base: unstable
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 16 updates #1949

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 9, 2024
edited
Loading

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package From To
@babel/traverse 7.12.13 7.24.5
ansi-regex 4.1.0 4.1.1
glob-parent 5.1.1 5.1.2
hosted-git-info 2.8.8 2.8.9
http-cache-semantics 4.1.0 4.1.1
json5 1.0.1 1.0.2
minimatch 3.0.4 3.1.2
minimist 1.2.5 1.2.8
node-fetch 2.6.1 2.7.0
normalize-url 4.5.0 4.5.1
path-parse 1.0.6 1.0.7
semver 5.7.1 5.7.2
tmpl 1.0.4 1.0.5
tough-cookie 4.1.2 4.1.4
trim-newlines 3.0.0 3.0.1
word-wrap 1.2.3 1.2.5

Updates @babel/traverse from 7.12.13 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

🏠 Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

Committers: 6

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

🏠 Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

v7.24.4 (2024-04-03)

👓 Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

🐛 Bug Fix

  • babel-generator
  • babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-plugin-transform-block-scoping
  • babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits

Updates ansi-regex from 4.1.0 to 4.1.1

Commits

Updates glob-parent from 5.1.1 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

6.0.2 (2021-09-29)

Bug Fixes

6.0.1 (2021-07-20)

Bug Fixes

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

  • Correct mishandled escaped path separators (#34)
  • upgrade scaffold, dropping node <10 support

Bug Fixes

  • Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

  • upgrade scaffold, dropping node <10 support (e83d0c5)
Commits

Updates hosted-git-info from 2.8.8 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Updates minimatch from 3.0.4 to 3.1.2

Commits

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits
  • 6901ee2 v1.2.8
  • a026794 Merge tag 'v0.2.3'
  • c0b2661 v0.2.3
  • 63b8fee [Fix] Fix long option followed by single dash (#17)
  • 72239e6 [Tests] Remove duplicate test (#12)
  • 34b0f1c [eslint] fix indentation
  • 3226afa [Dev Deps] add missing npmignore dev dep
  • 098873c [Dev Deps] update @ljharb/eslint-config, aud
  • 9ec4d27 [Fix] Fix long option followed by single dash
  • ba92fe6 [actions] Avoid 0.6 tests due to build failures
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.


Updates node-fetch from 2.6.1 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

v2.6.11

2.6.11 (2023-05-09)

Reverts

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.


Updates normalize-url from 4.5.0 to 4.5.1

Commits

Updates path-parse from 1.0.6 to 1.0.7

Commits

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates tmpl from 1.0.4 to 1.0.5

Commits

Updates tough-cookie from 4.1.2 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

New Contributors

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

Commits
  • cacbc37 Bump version to 4.1.4
  • a48fb3a Add tests for url validation
  • 50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
  • 1253d58 Merge pull request #409 from corvidism/validators-to-string
  • 238367e Add local alias for toString
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • cf6debd Fix incorrect string validation for URL
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates trim-newlines from 3.0.0 to 3.0.1

Commits

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

New Contributors

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump the npm_and_yarn group across 1 directory with 16 updates
17948eb 
Bumps the npm_and_yarn group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.12.13` | `7.24.5` |
| [ansi-regex](https://github.com/chalk/ansi-regex) | `4.1.0` | `4.1.1` |
| [glob-parent](https://github.com/gulpjs/glob-parent) | `5.1.1` | `5.1.2` |
| [hosted-git-info](https://github.com/npm/hosted-git-info) | `2.8.8` | `2.8.9` |
| [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` |
| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |
| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |
| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.1` | `2.7.0` |
| [normalize-url](https://github.com/sindresorhus/normalize-url) | `4.5.0` | `4.5.1` |
| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |
| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |
| [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` |
| [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.1.2` | `4.1.4` |
| [trim-newlines](https://github.com/sindresorhus/trim-newlines) | `3.0.0` | `3.0.1` |
| [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` |



Updates `@babel/traverse` from 7.12.13 to 7.24.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.5/packages/babel-traverse)

Updates `ansi-regex` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v4.1.0...v4.1.1)

Updates `glob-parent` from 5.1.1 to 5.1.2
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](gulpjs/glob-parent@v5.1.1...v5.1.2)

Updates `hosted-git-info` from 2.8.8 to 2.8.9
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](npm/hosted-git-info@v2.8.8...v2.8.9)

Updates `http-cache-semantics` from 4.1.0 to 4.1.1
- [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1)

Updates `json5` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `minimist` from 1.2.5 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

Updates `node-fetch` from 2.6.1 to 2.7.0
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.1...v2.7.0)

Updates `normalize-url` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)

Updates `path-parse` from 1.0.6 to 1.0.7
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `tmpl` from 1.0.4 to 1.0.5
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5)

Updates `tough-cookie` from 4.1.2 to 4.1.4
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.1.2...v4.1.4)

Updates `trim-newlines` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/sindresorhus/trim-newlines/releases)
- [Commits](https://github.com/sindresorhus/trim-newlines/commits)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ansi-regex
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: glob-parent
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hosted-git-info
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-cache-semantics
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimist
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: normalize-url
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-parse
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmpl
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: trim-newlines
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: word-wrap
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 9, 2024
This was referenced May 9, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants