Bump the npm_and_yarn group across 1 directory with 17 updates #11

dependabot · 2024-06-19T10:47:39Z

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package	From	To
axios	`0.27.2`	`0.28.0`
@babel/traverse	`7.17.10`	`7.24.7`
@xmldom/xmldom	`0.7.5`	`0.7.13`
braces	`3.0.2`	`3.0.3`
decode-uri-component	`0.2.0`	`0.2.2`
ejs	`3.1.8`	`3.1.10`
express	`4.18.1`	`4.19.2`
graphql	`16.5.0`	`16.8.2`
json5	`1.0.1`	`1.0.2`
loader-utils	`2.0.3`	`2.0.4`
semver	`6.3.0`	`6.3.1`
tough-cookie	`4.0.0`	`4.1.4`
webpack-dev-middleware	`5.3.1`	`5.3.4`
webpack	`5.72.1`	`5.92.0`
word-wrap	`1.2.3`	`1.2.5`
ws	`7.5.7`	`7.5.10`

Updates axios from 0.27.2 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)

Fixing content-type header repeated #4745

Fixed timeout error message for HTTP 4738

Added axios.formToJSON method (#4735)

URL params serializer (#4734)

Fixed toFormData Blob issue on node>v17 #4728

Adding types for progress event callbacks #4675

Fixed max body length defaults #4731

Added data URL support for node.js (#4725)

Added isCancel type assert (#4293)

Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)

Add string[] to AxiosRequestHeaders type (#4322)

Allow type definition for axios instance methods (#4224)

Fixed AxiosError stack capturing; (#4718)

Fixed AxiosError status code type; (#4717)

Adding Canceler parameters config and request (#4711)

fix(types): allow to specify partial default headers for instance creation (#4185)

Added blob to the list of protocols supported by the browser (#4678)

Fixing Z_BUF_ERROR when no content (#4701)

Fixed race condition on immediate requests cancellation (#4261)

Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248

Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)

Fix TS definition for AxiosRequestTransformer (#4201)

Use type alias instead of interface for AxiosPromise (#4505)

Include request and config when creating a CanceledError instance (#4659)

Added generic TS types for the exposed toFormData helper (#4668)

Optimized the code that checks cancellation (#4587)

Replaced webpack with rollup (#4596)

Added stack trace to AxiosError (#4624)

Updated AxiosError.config to be optional in the type definition (#4665)

Removed incorrect argument for NetworkError constructor (#4656)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)

Fixing content-type header repeated #4745

Fixed timeout error message for HTTP 4738

Added axios.formToJSON method (#4735)

URL params serializer (#4734)

Fixed toFormData Blob issue on node>v17 #4728

Adding types for progress event callbacks #4675

Fixed max body length defaults #4731

Added data URL support for node.js (#4725)

Added isCancel type assert (#4293)

Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)

Add string[] to AxiosRequestHeaders type (#4322)

Allow type definition for axios instance methods (#4224)

Fixed AxiosError stack capturing; (#4718)

Fixed AxiosError status code type; (#4717)

Adding Canceler parameters config and request (#4711)

fix(types): allow to specify partial default headers for instance creation (#4185)

Added blob to the list of protocols supported by the browser (#4678)

Fixing Z_BUF_ERROR when no content (#4701)

Fixed race condition on immediate requests cancellation (#4261)

Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248

Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)

Fix TS definition for AxiosRequestTransformer (#4201)

Use type alias instead of interface for AxiosPromise (#4505)

Include request and config when creating a CanceledError instance (#4659)

Added generic TS types for the exposed toFormData helper (#4668)

Optimized the code that checks cancellation (#4587)

Replaced webpack with rollup (#4596)

Added stack trace to AxiosError (#4624)

Updated AxiosError.config to be optional in the type definition (#4665)

Removed incorrect argument for NetworkError constructor (#4656)

Commits

3b7635a [Release] v0.28.0 (#6211)
27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
80c3d74 chore(ci): backported publish action; (#6224)
2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
880b42e docs: Fix a typo in README
c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
80b546c fix: loosing request header (#4858) (#4871)
6acb5ef feat: brower platform add data protocol. (#4814)
bbb2264 fix(typing): axios response headers can be undefined (#4813)
Additional commits viewable in compare view

Updates @babel/traverse from 7.17.10 to 7.24.7

Release notes

Sourced from @babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

babel-node

#16554 Allow extra flags in babel-node (@nicolo-ribaudo)

babel-traverse

#16522 fix: incorrect constantViolations with destructuring (@liuxingbaoyu)

babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management

#16524 fix: Transform using in switch correctly (@liuxingbaoyu)

🏠 Internal

babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16525 Delete unused array helpers (@blakewilson)

Committers: 7

Amjad Yahia Robeen Hassan (@amjed-98)

Babel Bot (@babel-bot)

Blake Wilson (@blakewilson)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Sukka (@SukkaW)

@liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @amjed-98, @blakewilson, @coelhucas, and @SukkaW for your first PRs!

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties

#16514 Fix source maps for private member expressions (@nicolo-ribaudo)

babel-core, babel-generator, babel-plugin-transform-modules-commonjs

#16515 Fix source maps for template literals (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16485 Support undecorated static accessor in anonymous classes (@JLHwung)

#16484 Fix decorator bare yield await (@JLHwung)

babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

#16483 Fix: throw TypeError if addInitializer is called after finished (@JLHwung)

babel-parser, babel-plugin-transform-typescript

#16476 fix: Correctly parse cls.fn<C> = x (@liuxingbaoyu)

🏠 Internal

babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16501 Generate helper metadata at build time (@nicolo-ribaudo)

babel-helpers

#16499 Add tsconfig.json for @babel/helpers/src/helpers (@nicolo-ribaudo)

babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16495 Move all runtime helpers to individual files (@nicolo-ribaudo)

babel-parser, babel-traverse

#16482 Statically generate boilerplate for bitfield accessors (@nicolo-ribaudo)

Other

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.24.7 (2024-06-05)

🐛 Bug Fix

babel-node

#16554 Allow extra flags in babel-node (@nicolo-ribaudo)

babel-traverse

#16522 fix: incorrect constantViolations with destructuring (@liuxingbaoyu)

babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management

#16524 fix: Transform using in switch correctly (@liuxingbaoyu)

🏠 Internal

babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16525 Delete unused array helpers (@blakewilson)

v7.24.6 (2024-05-24)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties

#16514 Fix source maps for private member expressions (@nicolo-ribaudo)

babel-core, babel-generator, babel-plugin-transform-modules-commonjs

#16515 Fix source maps for template literals (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16485 Support undecorated static accessor in anonymous classes (@JLHwung)

#16484 Fix decorator bare yield await (@JLHwung)

babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

#16483 Fix: throw TypeError if addInitializer is called after finished (@JLHwung)

babel-parser, babel-plugin-transform-typescript

#16476 fix: Correctly parse cls.fn<C> = x (@liuxingbaoyu)

🏠 Internal

babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16501 Generate helper metadata at build time (@nicolo-ribaudo)

babel-helpers

#16499 Add tsconfig.json for @babel/helpers/src/helpers (@nicolo-ribaudo)

babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16495 Move all runtime helpers to individual files (@nicolo-ribaudo)

babel-parser, babel-traverse

#16482 Statically generate boilerplate for bitfield accessors (@nicolo-ribaudo)

Other

#16466 Migrate import assertions syntax (@JLHwung)

v7.24.5 (2024-04-29)

🐛 Bug Fix

babel-plugin-transform-classes, babel-traverse

#16377 fix: TypeScript annotation affects output (@liuxingbaoyu)

babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

#16440 Fix suppressed error order (@sossost)

#16408 Await nullish async disposable (@JLHwung)

💅 Polish

babel-parser

... (truncated)

Commits

bf1e9a3 v7.24.7
4463aa5 fix: incorrect constantViolations with destructuring (#16522)
07bd000 Improve getBindingIdentifiers (#16544)
17a5502 [Babel 8] Remove extra.shorthand (#16521)
7934963 Use type: module in all package.jsons (#16535)
9630250 v7.24.6
1f010df Explicitly define NodePath.prototype.* (#16488)
6e3539b [babel 8] Publish .d.ts files for every package (#16416)
e37e64d Use eslint v9 (#16479)
3ff20b9 Statically generate boilerplate for bitfield accessors (#16482)
Additional commits viewable in compare view

Updates @xmldom/xmldom from 0.7.5 to 0.7.13

Release notes

Sourced from @xmldom/xmldom's releases.

0.7.13

Commits

Fixed

dom: prevent iteration over deleted items [#514](https://github.com/xmldom/xmldom/issues/514)/ [#499](https://github.com/xmldom/xmldom/issues/499)

Thank you, @qtow, for your contributions

0.7.12

Commits

Fixed

Set nodeName property in ProcessingInstruction [#509](https://github.com/xmldom/xmldom/issues/509) / [#505](https://github.com/xmldom/xmldom/issues/505)

Thank you, @cjbarth, for your contributions

0.7.11

Commits

Fixed

extend list of HTML entities [#489](https://github.com/xmldom/xmldom/issues/489)

Thank you, @zorkow, for your contributions

0.7.10

commits

Fixed

properly parse closing where the last attribute has no value [#485](https://github.com/xmldom/xmldom/issues/485) / [#486](https://github.com/xmldom/xmldom/issues/486)

Thank you, @bulandent, for your contributions

0.7.9

Commits

Fixed

Properly check nodes before replacement [#457](https://github.com/xmldom/xmldom/issues/457) / [#455](https://github.com/xmldom/xmldom/issues/455) / [#456](https://github.com/xmldom/xmldom/issues/456)

Thank you, @edemaine, @pedro-l9, for your contributions

0.7.8

... (truncated)

Changelog

Sourced from @xmldom/xmldom's changelog.

0.7.13

Fixed

dom: prevent iteration over deleted items [#514](https://github.com/xmldom/xmldom/issues/514)/ [#499](https://github.com/xmldom/xmldom/issues/499)

Thank you, @qtow, for your contributions

0.9.0-beta.9

Fixed

Set nodeName property in ProcessingInstruction [#509](https://github.com/xmldom/xmldom/issues/509) / [#505](https://github.com/xmldom/xmldom/issues/505)

preserve DOCTYPE internal subset [#498](https://github.com/xmldom/xmldom/issues/498) / [#497](https://github.com/xmldom/xmldom/issues/497) / [#117](https://github.com/xmldom/xmldom/issues/117)
BREAKING CHANGES: Many documents that were previously accepted by xmldom, esecially non well-formed ones are no longer accepted. Some issues that were formerly reported as errors are now a fatalError.

DOMParser: Align parseFromString errors with specs [#454](https://github.com/xmldom/xmldom/issues/454)

Chore

stop running mutation tests using stryker [#496](https://github.com/xmldom/xmldom/issues/496)

make toErrorSnapshot windows compatible [#503](https://github.com/xmldom/xmldom/issues/503)

Thank you, @cjbarth, @shunkica, @pmahend1, @niklasl, for your contributions

0.8.9

Fixed

Set nodeName property in ProcessingInstruction [#509](https://github.com/xmldom/xmldom/issues/509) / [#505](https://github.com/xmldom/xmldom/issues/505)

Thank you, @cjbarth, for your contributions

0.7.12

Fixed

Set nodeName property in ProcessingInstruction [#509](https://github.com/xmldom/xmldom/issues/509) / [#505](https://github.com/xmldom/xmldom/issues/505)

Thank you, @cjbarth, for your contributions

0.9.0-beta.8

Fixed

Throw DOMException when calling removeChild with invalid parameter [#494](https://github.com/xmldom/xmldom/issues/494) / [#135](https://github.com/xmldom/xmldom/issues/135)

... (truncated)

Commits

282f0ad 0.7.13
e06606b fix(dom): prevent iteration over deleted items (#514)
f3c7be3 0.7.12
ccd9aba fix: Set nodeName property in ProcessingInstruction (#509)
44477fc 0.7.11
b44816c fix: extend list of HTML entities (#489)
f97cb3a 0.7.10
8624000 fix: properly parse closing where the last attribute has no value (#485)
927392f 0.7.9
99cfe62 fix: Properly check nodes before replacement (#457)
Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates express from 4.18.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

deps: [email protected]

perf: remove unnecessary object clone

deps: [email protected]

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.15.0 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates graphql from 16.5.0 to 16.8.2

Release notes

Sourced from graphql's releases.

v16.8.2 (2024-06-12)

Bug Fix 🐞* #4022 fix: remove globalThis check and align with what bundlers can accept (@JoviDeCroock)

Internal 🏠* #4104 Fix publish scripts (@benjie)

Committers: 2

Benjie(@benjie)

Jovi De Croock(@JoviDeCroock)

v16.8.1 (2023-09-19)

Bug Fix 🐞

#3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@AaronMoat)

Committers: 1

Aaron Moat(@AaronMoat)

v16.8.0 (2023-08-14)

New Feature 🚀

#3950 Support fourfold nested lists (@gschulze)

Committers: 1

Gunnar Schulze(@gschulze)

v16.7.1 (2023-06-22)

📢 Big shout out to @phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞

#3923 instanceOf: workaround bundler issue with process.env (@IvanGoncharov)

Committers: 1

Ivan Goncharov(@IvanGoncharov)

v16.7.0 (2023-06-21)

New Feature 🚀

#3887 check "globalThis.process" before accessing it (@kettanaito)

Bug Fix 🐞

#3707 Fix crash in node when mixing sync/async resolvers (backport of #3706) (@chrskrchr)

#3838 Fix/invalid error propagation custom scalars (backport for 16.x.x) (@stenreijers)

Committers: 3

Artem Zakharchenko(@kettanaito)

Chris Karcher(@chrskrchr)

Sten Reijers(@stenreijers)

... (truncated)

Commits

08779a0 16.8.2
c82609e Fix publish scripts (#4104)
0d12b06 fix: remove globalThis check and align with what bundlers can accept (#4022)
8a95335 16.8.1
8f4c64e OverlappingFieldsCanBeMergedRule: Fix performance degradation (#3967)
e4f759d 16.8.0
bec1b49 Support fourfold nested lists (#3950)
bf6a9f0 16.7.1
a08aaee instanceOf: workaround bundler issue with process.env (#3923)
1519fda 16.7.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by benjie, a new releaser for graphql since your current version.

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

...

Description has been truncated

Bumps the npm_and_yarn group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `0.27.2` | `0.28.0` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.17.10` | `7.24.7` | | [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.7.5` | `0.7.13` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [ejs](https://github.com/mde/ejs) | `3.1.8` | `3.1.10` | | [express](https://github.com/expressjs/express) | `4.18.1` | `4.19.2` | | [graphql](https://github.com/graphql/graphql-js) | `16.5.0` | `16.8.2` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [loader-utils](https://github.com/webpack/loader-utils) | `2.0.3` | `2.0.4` | | [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.4` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.1` | `5.3.4` | | [webpack](https://github.com/webpack/webpack) | `5.72.1` | `5.92.0` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [ws](https://github.com/websockets/ws) | `7.5.7` | `7.5.10` | Updates `axios` from 0.27.2 to 0.28.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.28.0/CHANGELOG.md) - [Commits](axios/axios@v0.27.2...v0.28.0) Updates `@babel/traverse` from 7.17.10 to 7.24.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.7/packages/babel-traverse) Updates `@xmldom/xmldom` from 0.7.5 to 0.7.13 - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.7.5...0.7.13) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `ejs` from 3.1.8 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.8...v3.1.10) Updates `express` from 4.18.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.1...4.19.2) Updates `follow-redirects` from 1.15.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.0...v1.15.6) Updates `graphql` from 16.5.0 to 16.8.2 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.5.0...v16.8.2) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `loader-utils` from 2.0.3 to 2.0.4 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](webpack/loader-utils@v2.0.3...v2.0.4) Updates `semver` from 6.3.0 to 6.3.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `tough-cookie` from 4.0.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4) Updates `webpack-dev-middleware` from 5.3.1 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.1...v5.3.4) Updates `webpack` from 5.72.1 to 5.92.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.72.1...v5.92.0) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `ws` from 7.5.7 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.7...7.5.10) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@xmldom/xmldom" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: graphql dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 19, 2024

dependabot bot mentioned this pull request Jun 19, 2024

Bump the npm_and_yarn group across 1 directory with 16 updates #10

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 17 updates #11

Bump the npm_and_yarn group across 1 directory with 17 updates #11

Uh oh!

dependabot bot commented on behalf of github Jun 19, 2024

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 1 directory with 17 updates #11

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 17 updates #11

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 19, 2024

Release v0.28.0

Release notes:

Bug Fixes

Backports from v1.x:

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

Backports from v1.x:

v7.24.7 (2024-06-05)

🐛 Bug Fix

🏠 Internal

Committers: 7

v7.24.6 (2024-05-24)

🐛 Bug Fix

🏠 Internal

v7.24.7 (2024-06-05)

🐛 Bug Fix

🏠 Internal

v7.24.6 (2024-05-24)

🐛 Bug Fix

🏠 Internal

v7.24.5 (2024-04-29)

🐛 Bug Fix

💅 Polish

0.7.13

Fixed

0.7.12

Fixed

0.7.11

Commits

Fixed

0.7.10

Fixed

0.7.9

Fixed

0.7.8

0.7.13

Fixed

0.9.0-beta.9

Fixed

Chore

0.8.9

Fixed

0.7.12

Fixed

0.9.0-beta.8

Fixed

v0.2.2

v0.2.1

v3.1.10

v3.1.9

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

v16.8.2 (2024-06-12)

Bug Fix 🐞* #4022 fix: remove globalThis check and align with what bundlers can accept (@​JoviDeCroock)

Internal 🏠* #4104 Fix publish scripts (@​benjie)

Committers: 2

v16.8.1 (2023-09-19)

Bug Fix 🐞

Committers: 1

v16.8.0 (2023-08-14)

Bug Fix 🐞* #4022 fix: remove `globalThis` check and align with what bundlers can accept (`@JoviDeCroock`)

Internal 🏠* #4104 Fix publish scripts (`@benjie`)