Skip to content

build(deps): bump the npm_and_yarn group across 2 directories with 8 updates #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the npm_and_yarn group across 2 directories with 8 updates #4

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Aug 31, 2024

Bumps the npm_and_yarn group with 5 updates in the /Tools directory:

Package From To
json-schema 0.2.3 0.4.0
jsprim 1.4.1 1.4.2
qs 6.5.2 6.5.3
underscore 1.8.3 1.13.7
azure-storage 2.10.2 2.10.7

Bumps the npm_and_yarn group with 2 updates in the /Web directory: axios and webpack.

Updates json-schema from 0.2.3 to 0.4.0

Commits
  • f6f6a3b Use a little more robust method of checking instances
  • ef60987 Update version
  • b62f1da Protect against constructor modification, #84
  • fb427cd Link to json-schema-org repository in addition to site, fixes #54
  • 22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
  • c52a27c Get basic test to pass
  • b3f42b3 Add security policy
  • 3b0cec3 Update version
  • c28470f Update readme to acknowledge the state of the package
  • 7dff9cd Merge pull request #81 from hodovani/patch-1
  • Additional commits viewable in compare view

Updates jsprim from 1.4.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

  • #35 Backport json-schema 0.4.0 to version 1.4.x
Commits
Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.


Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)
  • 0338716 [actions] backport actions from main
  • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
  • 51b8a0b add FUNDING.yml
  • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • f814a7f [Dev Deps] backport from main
  • Additional commits viewable in compare view

Updates underscore from 1.8.3 to 1.13.7

Commits
  • d2e7e61 Update autogenerated files for 1.13.7
  • b1d4f23 Add a change log entry for 1.13.7
  • 473970a Bump the copyright years
  • a1cbb48 Bump the version to 1.13.7
  • 1205eb5 Merge pull request #2996 from elkcityhazard/feature/theme-toggle
  • bd3468b even more css formatting
  • dd23fd0 formatting, filter, darker darkmode
  • 184aae5 unncessary prefers-color-scheme: light removal
  • 55720c0 minimal dark mode implementation
  • de20b6f incorporated stylesheet that was already available
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.


Updates azure-storage from 2.10.2 to 2.10.7

Release notes

Sourced from azure-storage's releases.

Storage Client Library 2.10.3

2019.04 Version 2.10.3

  • Fixed callback not being called in _getBlobToLocalFile.
  • Removed retryInfo.retryable check in retrypolicyfilter.js.
  • Removed comment about maxResults.
  • Fixed Travis-CI failed validation.
  • Updated latest links and descriptions to V10 SDK in readme.md.
  • Fixed some errors are thrown in a inner async callback which cannot be caught.
Changelog

Sourced from azure-storage's changelog.

Note: This is an Azure Storage only package. The all up Azure node sdk still has the old storage bits in there. In a future release, those storage bits will be removed and an npm dependency to this storage node sdk will be taken. This is a GA release and the changes described below indicate the changes from the Azure node SDK 0.9.8 available here - https://github.com/Azure/azure-sdk-for-node.

2021.12 Version 2.10.7

  • Update to use more recent version of dependencies.

2021.12 Version 2.10.6

  • Upgraded validator to 13.7.0.
  • Upgraded json-schema to 0.4.0.
  • Fixed an issue where customized retry interval doesn't take effact.

2021.09 Version 2.10.5

  • Upgraded validator to 13.6.0.

2020.05 Version 2.10.4

  • Upgraded underscore to 1.12.1.
  • Added host property to StorageServiceClient.

2019.04 Version 2.10.3

  • Fixed callback not being called in _getBlobToLocalFile.
  • Removed retryInfo.retryable check in retrypolicyfilter.js.
  • Removed comment about maxResults.
  • Fixed Travis-CI failed validation.
  • Updated latest links and descriptions to V10 SDK in readme.md.
  • Fixed some errors are thrown in a inner async callback which cannot be caught.

2018.10 Version 2.10.2

ALL

  • Upgrade xmlbuilder to 9.0.7 and extend to 3.0.2 to avoid vulnerabilities.
  • Removed deprecated Buffer constructor calls in favor of static methods Buffer.from and Buffer.alloc.
  • Added JSv10 link and docs.microsoft.com link.
  • Improved documents.

BLOB

  • Added typescript declarations to listBlobDirectoriesSegmented and listBlobDirectoriesSegmentedWithPrefix.

FILE

  • Fixed an issue that empty text isn’t supported in createFileFromText.

TABLE

  • Fixed an issue that uncaught TypeError could be thrown from createTable when request is not sent properly.

2018.08 Version 2.10.1

... (truncated)

Commits

Updates validator from 9.4.1 to 13.12.0

Release notes

Sourced from validator's releases.

13.12.0

What's Changed

New Features / Validators

Fixes, New Locales and Enhancements

New Contributors

... (truncated)

Changelog

Sourced from validator's changelog.

13.12.0

New Features / Validators

Fixes, New Locales and Enhancements

13.11.0

New Features / Validators

Fixes, New Locales and Enhancements

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by profnandaa, a new releaser for validator since your current version.


Updates axios from 0.24.0 to 1.7.6

Release notes

Sourced from axios's releases.

Release v1.7.6

Release notes:

Bug Fixes

  • fetch: fix content length calculation for FormData payload; (#6524) (085f568)
  • fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

Release v1.7.5

Release notes:

Bug Fixes

  • adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

Release v1.7.4

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.3

Release notes:

Bug Fixes

  • adapter: fix progress event emitting; (#6518) (e3c76fc)
  • fetch: fix withCredentials request config (#6505) (85d4d0e)
  • xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.6 (2024-08-30)

Bug Fixes

  • fetch: fix content length calculation for FormData payload; (#6524) (085f568)
  • fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes

  • adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes

... (truncated)

Commits
  • d584fcf chore(release): v1.7.6 (#6583)
  • bc03c6c chore(examples): fix module import (#6575)
  • df9889b fix(fetch): optimize signals composing logic; (#6582)
  • ee208cf chore(sponsor): update sponsor block (#6576)
  • 085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
  • 59cd6b0 chore(release): v1.7.5 (#6574)
  • 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
  • 7004707 fix(adapter): fix undefined reference to hasBrowserEnv (#6572)
  • fed1a4b fix(core): fix ReferenceError: navigator is not defined for custom environm...
  • 550d885 fix(fetch): fix credentials handling in Cloudflare workers (#6533)
  • Additional commits viewable in compare view

Updates webpack from 4.47.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import
  • Fixed consumption of eager shared modules for module federation
  • Strip slash for pretty regexp
  • Calculate correct contenthash for CSS generator options

New Features

  • Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
  • Added the modern-module library value for tree shakable output
  • Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

  • Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

  • Correct tidle range's comutation for module federation
  • Consider runtime for pure expression dependency update hash
  • Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits
  • eabf85d chore(release): 5.94.0
  • 955e057 security: fix DOM clobbering in auto public path
  • 9822387 test: fix
  • cbb86ed test: fix
  • 5ac3d7f fix: unexpected asi generation with sequence expression
  • 2411661 security: fix DOM clobbering in auto public path
  • b8c03d4 fix: unexpected asi generation with sequence expression
  • f46a03c revert: do not use heuristic fallback for "module-import"
  • 60f1898 fix: do not use heuristic fallback for "module-import"
  • 66306aa Revert "fix: module-import get fallback from externalsPresets"
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 2 directories with 8 …
762c640 
…updates

Bumps the npm_and_yarn group with 5 updates in the /Tools directory:

| Package | From | To |
| --- | --- | --- |
| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |
| [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` |
| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |
| [underscore](https://github.com/jashkenas/underscore) | `1.8.3` | `1.13.7` |
| [azure-storage](https://github.com/Azure/azure-storage-node) | `2.10.2` | `2.10.7` |

Bumps the npm_and_yarn group with 2 updates in the /Web directory: [axios](https://github.com/axios/axios) and [webpack](https://github.com/webpack/webpack).


Updates `json-schema` from 0.2.3 to 0.4.0
- [Commits](kriszyp/json-schema@v0.2.3...v0.4.0)

Updates `jsprim` from 1.4.1 to 1.4.2
- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)
- [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2)

Updates `qs` from 6.5.2 to 6.5.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.5.3)

Updates `underscore` from 1.8.3 to 1.13.7
- [Commits](jashkenas/underscore@1.8.3...1.13.7)

Updates `azure-storage` from 2.10.2 to 2.10.7
- [Release notes](https://github.com/Azure/azure-storage-node/releases)
- [Changelog](https://github.com/Azure/azure-storage-node/blob/master/ChangeLog.md)
- [Commits](https://github.com/Azure/azure-storage-node/commits)

Updates `validator` from 9.4.1 to 13.12.0
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@9.4.1...13.12.0)

Updates `axios` from 0.24.0 to 1.7.6
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.24.0...v1.7.6)

Updates `webpack` from 4.47.0 to 5.94.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v4.47.0...v5.94.0)

---
updated-dependencies:
- dependency-name: json-schema
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jsprim
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: underscore
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: azure-storage
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: validator
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Aug 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Mend: dependency security vulnerability Security vulnerability detected by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant