Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 8 updates #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 8 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 21, 2024

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
jszip 3.7.0 3.8.0
webpack 5.47.0 5.76.0
async 3.2.0 3.2.5
fast-json-patch 2.2.1 3.1.1
addons-linter 3.10.0 6.24.0
minimist 1.2.5 1.2.8

Updates jszip from 3.7.0 to 3.8.0

Changelog

Sourced from jszip's changelog.

v3.8.0 2022-03-30

  • Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1 2021-08-05

  • Fix build of dist files.
    • Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.
Commits
  • 3b98cfc 3.8.0
  • 2edab36 Sanitize filenames with loadAsync to prevent zip slip attacks
  • 1f631b0 Update contributing
  • 459ff79 Add tests for utils that remove leading slash
  • d4702a7 Merge pull request #541 from PatricSteffen/patch-1
  • 2ebb7e8 Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions
  • 85c4989 Merge pull request #796 from Stuk/ghci
  • 40cc7f4 Add dependency caching
  • 5ee321e Install deps needed for Playwright on Github Actions
  • eeb841e Remove code and dependencies used for Saucelabs
  • Additional commits viewable in compare view

Updates webpack from 5.47.0 to 5.76.0

Release notes

Sourced from webpack's releases.

v5.76.0

Bugfixes

Features

Security

Repo Changes

New Contributors

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Bugfixes

  • experiments.* normalize to false when opt-out
  • avoid NaN%
  • show the correct error when using a conflicting chunk name in code
  • HMR code tests existance of window before trying to access it
  • fix eval-nosources-* actually exclude sources
  • fix race condition where no module is returned from processing module
  • fix position of standalong semicolon in runtime code

Features

  • add support for @import to extenal CSS when using experimental CSS in node
  • add i64 support to the deprecated WASM implementation

Developer Experience

  • expose EnableWasmLoadingPlugin
  • add more typings
  • generate getters instead of readonly properties in typings to allow overriding them

... (truncated)

Commits
  • 97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
  • b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
  • c98e9e0 Merge pull request #16493 from piwysocki/patch-1
  • 5f34acf feat: Add target to LoaderContext type
  • b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
  • 63ea82d Merge branch 'webpack:main' into patch-1
  • 4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
  • 1acd635 Merge pull request #16613 from jakebailey/ts-logo
  • 302eb37 Merge pull request #16614 from jakebailey/html5-logo
  • cfdb1df Improve performance of hashRegExp lookup
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.


Updates async from 3.2.0 to 3.2.5

Changelog

Sourced from async's changelog.

v3.2.5

  • Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

  • Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
  • Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

  • Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

  • Fix potential prototype pollution exploit

v3.2.1

Commits

Updates fast-json-patch from 2.2.1 to 3.1.1

Release notes

Sourced from fast-json-patch's releases.

3.1.1

Security Fix for Prototype Pollution - huntr.dev #262

Bug fixes and ES6 modules

Use ES6 Modules

  • package now exports non-bundled ES module Starcounter-Jack/JSON-Patch#232
  • main still points to CommonJS module for backward compatibility
  • README recommends use of named ES imports

List of changes Starcounter-Jack/JSON-Patch@v2.2.1...3.0.0-0

Use ES6 Modules

  • package now exports non-bundled ES module Starcounter-Jack/JSON-Patch#232
  • main still points to CommonJS module for backward compatibility
  • README recommends use of named ES imports

Full list of changes Starcounter-Jack/JSON-Patch@v2.2.1...3.0.0-0

Commits
Maintainer changes

This version was pushed to npm by mountain-jack, a new releaser for fast-json-patch since your current version.


Updates addons-linter from 3.10.0 to 6.24.0

Release notes

Sourced from addons-linter's releases.

6.24.0 (2024-03-12)

main changes

  • Updated: schema files for Firefox 124 (#5216)

dependencies

  • Updated: dependency @mdn/browser-compat-data to 5.5.13 (#5210)
  • Updated: dependency addons-scanner-utils to 9.10.1 (#5214)
  • Updated: reverted dependency yauzl to 2.10.0 to be consistent with addons-scanner-utils (#5217)

dev dependencies

  • Updated: dependency @babel/core to 7.24.0 (#5207)
  • Updated: dependency @babel/plugin-proposal-decorators to 7.24.0 (#5209)
  • Updated: dependency @babel/preset-env to 7.24.0 (#5208)

6.23.0 (2024-02-27)

main changes

None.

dependencies

  • Updated: dependency @mdn/browser-compat-data to 5.5.11 (#5203)
  • Updated: dependency eslint-visitor-keys to 4.0.0 (#5196)
  • Updated: dependency eslint to 8.57.0 (#5204)
  • Updated: dependency espree to 10.0.1 (#5197)
  • Updated: dependency pino to 8.19.0 (#5200)
  • Updated: dependency yauzl to 3.1.0 (#5201)

dev dependencies

  • Updated: dependency webpack to 5.90.3 (#5202)

6.22.0 (2024-02-12)

main changes

  • Fixed: Do not warn about nesting css selectors when firefoxStrictMinVersion is >= 117 (#5164)
  • Fixed: Prevent errors when non-string CSP values are defined in the manifest (#5195)

dependencies

  • Updated: dependency @mdn/browser-compat-data to 5.5.10 (#5193)
  • Updated: dependency espree to 10.0.0 (#5182)
  • Updated: dependency pino to 8.18.0 (#5185)
  • Updated: dependency postcss to 8.4.35 (#5191)
  • Updated: dependency semver to 7.6.0 (#5189)

dev dependencies

... (truncated)

Commits
  • fa2a9d4 6.24.0
  • 49e7636 Revert "chore(deps): bump yauzl from 2.10.0 to 3.1.0 (#5201)" (#5217)
  • 19fe3a4 Update schema for Firefox 124 (#5216)
  • fe8b4c5 chore(deps): bump addons-scanner-utils from 9.9.0 to 9.10.1 (#5214)
  • 5b34aba Pontoon: Update Friulian (fur) localization of AMO Linter
  • 6058274 chore(deps): bump yauzl from 3.1.1 to 3.1.2 (#5211)
  • 827f538 chore(deps): bump @​mdn/browser-compat-data from 5.5.12 to 5.5.13 (#5210)
  • abc23b2 chore(deps-dev): bump @​babel/plugin-proposal-decorators from 7.23.9 to 7.24.0...
  • 95045bb chore(deps): bump yauzl from 3.1.0 to 3.1.1 (#5206)
  • c05dc5b chore(deps-dev): bump @​babel/core from 7.23.9 to 7.24.0 (#5207)
  • Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits
  • 6901ee2 v1.2.8
  • a026794 Merge tag 'v0.2.3'
  • c0b2661 v0.2.3
  • 63b8fee [Fix] Fix long option followed by single dash (#17)
  • 72239e6 [Tests] Remove duplicate test (#12)
  • 34b0f1c [eslint] fix indentation
  • 3226afa [Dev Deps] add missing npmignore dev dep
  • 098873c [Dev Deps] update @ljharb/eslint-config, aud
  • 9ec4d27 [Fix] Fix long option followed by single dash
  • ba92fe6 [actions] Avoid 0.6 tests due to build failures
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.


Updates nanoid from 3.1.23 to 3.3.7

Changelog

Sourced from nanoid's changelog.

3.3.7

  • Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

  • Fixed package.

3.3.5

  • Backport funding information.

3.3.4

3.3.3

  • Reduced size (by Anton Khlynovskiy).

3.3.2

  • Fixed enhanced-resolve support.

3.3.1

  • Reduced package size.

3.3

  • Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

  • Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

  • Reduced async exports size (by Artyom Arutyunyan).
  • Moved from Jest to uvu (by Vitaly Baev).

3.1.31

  • Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

3.1.30

  • Reduced size for project with brotli compression (by Anton Khlynovskiy).

3.1.29

  • Reduced npm package size.

3.1.28

  • Reduced npm package size.

3.1.27

  • Cleaned dependencies from development tools.

3.1.26

  • Improved performance (by Eitan Har-Shoshanim).
  • Reduced npm package size.

... (truncated)

Commits

Updates postcss from 8.3.5 to 8.4.35

Release notes

Sourced from postcss's releases.

8.4.35

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

8.4.21

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.35

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

8.4.34

  • Fixed AtRule#nodes type (by Tim Weißenfels).
  • Cleaned up code (by Dmitry Kirillov).

8.4.33

  • Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
  • Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

  • Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

  • Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

  • Fixed Input#error types (by Aleks Hudochenkov).

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 8 updates
21c254e 
Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [jszip](https://github.com/Stuk/jszip) | `3.7.0` | `3.8.0` |
| [webpack](https://github.com/webpack/webpack) | `5.47.0` | `5.76.0` |
| [async](https://github.com/caolan/async) | `3.2.0` | `3.2.5` |
| [fast-json-patch](https://github.com/Starcounter-Jack/JSON-Patch) | `2.2.1` | `3.1.1` |
| [addons-linter](https://github.com/mozilla/addons-linter) | `3.10.0` | `6.24.0` |
| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |


Updates `jszip` from 3.7.0 to 3.8.0
- [Changelog](https://github.com/Stuk/jszip/blob/main/CHANGES.md)
- [Commits](Stuk/jszip@v3.7.0...v3.8.0)

Updates `webpack` from 5.47.0 to 5.76.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.47.0...v5.76.0)

Updates `async` from 3.2.0 to 3.2.5
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](caolan/async@v3.2.0...v3.2.5)

Updates `fast-json-patch` from 2.2.1 to 3.1.1
- [Release notes](https://github.com/Starcounter-Jack/JSON-Patch/releases)
- [Commits](Starcounter-Jack/JSON-Patch@v2.2.1...3.1.1)

Updates `addons-linter` from 3.10.0 to 6.24.0
- [Release notes](https://github.com/mozilla/addons-linter/releases)
- [Commits](mozilla/addons-linter@3.10.0...6.24.0)

Updates `minimist` from 1.2.5 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

Updates `nanoid` from 3.1.23 to 3.3.7
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.1.23...3.3.7)

Updates `postcss` from 8.3.5 to 8.4.35
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.3.5...8.4.35)

---
updated-dependencies:
- dependency-name: jszip
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: async
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: fast-json-patch
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: addons-linter
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: minimist
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: postcss
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 21, 2024
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-1b6216804c branch from 14f7c93 to 21c254e Compare March 21, 2024 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants