Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 9 updates #716

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 9 updates #716

wants to merge 1 commit into from
+1,152 −2,757

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 15, 2024

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package From To
jquery 3.5.0 3.5.1
knockout 3.4.0 3.5.0
moment 2.24.0 2.29.4
moment-timezone 0.5.35 0.5.36
underscore 1.8.3 1.12.1
braces 3.0.2 3.0.3
gulp 4.0.2 5.0.0
d3-color 1.0.3 3.1.0
d3 4.11.0 7.9.0

Updates jquery from 3.5.0 to 3.5.1

Commits
  • e1cffde 3.5.1
  • 7d2ce69 Release: update AUTHORS.txt
  • ea2d0d5 Tests: Workaround failures in recent XSS tests in iOS 8 - 12
  • ea3766c Docs: Fix typos
  • 58a8e87 Tests: Add tests for recently fixed manipulation XSS issues
  • c1c0598 Tests: Cleanup window & document handlers in a new event test
  • 46ba70c Tests: Fix flakiness in the "jQuery.ajax() - JSONP - Same Domain" test
  • f7fed7e Docs: Update the link to the jsdom repository
  • 205dd13 Build: Test on Node.js 14, stop testing on Node.js 8 & 13
  • b21d671 Build: Enable reportUnusedDisableDirectives in ESLint
  • Additional commits viewable in compare view

Updates knockout from 3.4.0 to 3.5.0

Release notes

Sourced from knockout's releases.

Version 3.5.0

Knockout 3.5.0 includes a few new bindings and new ways to interact with observables and bindings. The full list is detailed under 3.5.0 Beta, 3.5.0 RC, and 3.5.0 RC2.

The final 3.5.0 release includes fixes for a few regressions in the pre-production releases:

  • Fix performance issue with nested if bindings (#2414)
  • Fix exception with foreach and beforeRemove (#2419)
  • Fix misplaced nodes with foreach and Punches plugin (#2433)
  • Fix duplicated nodes with foreach and if (#2439)

3.5.0 Release Candidate 2

This release includes a number of fixes for regressions in the previous 3.5.0 release candidate. Given the time since the RC, we also decided to include a few small improvements.

  • Fix to maintain an element's focus when it's moved by the foreach binding.
  • Fix changes to style binding to correctly append px.
  • Fix regression to ko.contextFor when used after ko.applyBindingsToNode.
  • Revert changes in ko.utils to use native array methods.
  • Remove global createChildContextWithAs option and add noChildContext binding option. The default behavior for as matches previous releases.
  • Fix the interaction of descendantsComplete and if/ifnot/with bindings.
  • Add an option for if/ifnot/with bindings: completeOn: "render" will have the binding wait to trigger descendantsComplete until it is rendered.
  • Throw an error for unbalanced virtual elements.
  • ko.applyBindings throws an error if a non-Node is given as the second parameter.
  • Support an options objects as a parameter to createChildContext.
  • Support a custom rate-limit function as the method parameter to the rateLimit extender.
  • Support setting custom CSS properties with the style binding.
  • Optimize how many elements are moved by foreach.
  • Update TypeScript declarations.

We decided to keep the more standard return value for ko.utils.arrayFirst, which now returns undefined instead of null when no item matches.

3.5.0 Release Candidate

Changes since 3.5.0 Beta:

  • Expand descendantsComplete to include bindings other than component, such as if, with, etc.
  • ko.when will return a Promise if called without a callback function.
  • Include TypeScript declarations.
  • A few minor bug fixes.

Version 3.5.0 beta

Knockout 3.5.0 beta release notes

Full list of issues: https://github.com/knockout/knockout/milestone/9?closed=1

Important: This release includes some minor breaking changes to the foreach binding to improve performance and clarify features. These changes can be turned off using global options.

  • When using the as option with the foreach binding, Knockout will set the named value for each item in the array but won't create a child context. In other words, when using as, you will have to use the named value in bindings: text: item.property rather than text: property. This can be controlled by setting ko.options.createChildContextWithAs = true. (See #907)

  • To improve performance when array changes are from a known, single operation, such as push, the foreach binding no longer filters out destroyed items by default. To turn this off and filter out destroyed items, you can set includeDestroyed: false in the foreach binding or set ko.options.foreachHidesDestroyed = true to use the previous behavior by default. (See #2324)

Other enhancements

... (truncated)

Commits
  • 3f2a1f7 Version 3.5.0 for distribution
  • 156e3cc make sure tests pass in old-IE
  • 202e26c Merge pull request #2441 from knockout/2439-foreach-dups
  • 38de37a fix test string typo
  • f327e95 Fix problem with arrayChange where it might report stale data.
  • 6591d0f export startPossiblyAsyncContentBinding
  • c6e608f For typing, use common source for extender options and functions
  • b304535 sync test-global.ts with test-module.ts
  • 605c6bb If setDomNodeChildrenFromArrayMapping callback modified nodes, use correct no...
  • 3a5d67f fix type definitions of "arrayChange" event and ko.when.
  • Additional commits viewable in compare view

Updates moment from 2.24.0 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

  • Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

  • Release May 19, 2020

... (truncated)

Commits

Updates moment-timezone from 0.5.35 to 0.5.36

Release notes

Sourced from moment-timezone's releases.

Release 0.5.36

  • Updated data to IANA TZDB 2022c
  • Improvements/fixes to data pipeline
Changelog

Sourced from moment-timezone's changelog.

0.5.36 2022-08-25

  • IANA TZDB 2022c
  • improvements/fixes to data pipeline
Commits
  • 95f1a9b Build moment-timezone 0.5.36
  • abba28c Add changelog for 0.5.36
  • ac6de03 Bump version to 0.5.36
  • 7a5cadf tests: Fix country tests for 2022c
  • 6754c75 data: generate 2022c data+tests
  • f74a364 bugfix: Wipe tests/zones before generation
  • e850f9f grunt: do not bundle zone and contry tests
  • f13e22b data: automatically create data/*/VERSION.json for latest
  • e551fde data: allow running pipeline without wiping temp
  • 5bc88fc data: run test generation for all data pipelines
  • Additional commits viewable in compare view

Updates underscore from 1.8.3 to 1.12.1

Commits
Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits

Updates gulp from 4.0.2 to 5.0.0

Release notes

Sourced from gulp's releases.

gulp v5.0.0

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents
  • Support extends syntax for .gulp.* config file
  • Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

  • Resolve bugs related to symlinks on various platforms
  • Resolved some reported ReDoS CVEs and improved performance in glob-parent
  • Rework errors surfaced when encountering files or symlinks when trying to create directories
  • Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Changelog

Sourced from gulp's changelog.

5.0.0 (2024-03-29)

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents
  • Support extends syntax for .gulp.* config file
  • Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

  • Resolve bugs related to symlinks on various platforms
  • Resolved some reported ReDoS CVEs and improved performance in glob-parent
  • Rework errors surfaced when encountering files or symlinks when trying to create directories
  • Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Commits

Updates d3-color from 1.0.3 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

v3.0.1

  • Make build reproducible.

v3.0.0

  • Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

v1.4.1

  • Fix parsing of 4- and 8-digit hexadecimal transparent colors. #52

v1.4.0

  • Add support for parsing 4- and 8-digit hexadecimal colors. #60 Thanks, @​zerovox!
  • Add sideEffects: false to the package.json.

v1.3.0

v1.2.8

  • Revert chroma clamping in hcl.toString. (#33)

v1.2.7

  • Account for rounding when determining whether a color is displayable.

v1.2.6

  • Implement chroma clamping in hcl.toString. (#33)
  • Fix achromatic representation of white in HCL colorspace (again).

v1.2.5

  • Fix achromatic representation of white in HCL colorspace.

v1.2.4

  • Fix achromatic representation of black and white in HCL colorspace.

v1.2.3

  • Housekeeping.

... (truncated)

Commits

Updates d3 from 4.11.0 to 7.9.0

Release notes

Sourced from d3's releases.

v7.9.0

v7.8.5

  • Fix the return value of d3.medianIndex and d3.quantileIndex when the data contains missing values. #275

v7.8.4

v7.8.3

v7.8.2

v7.8.1

  • Tolerate invalid input values when generating contours. #61
  • Tolerate invalid input weights when generating density contours. #65
  • Fix missing contours at extrema when using default thresholds. #68

v7.8.0

  • Add d3.pathRound.
  • Add configurable precision when generating path data via path.digits.
  • Add likewise shape.digits method to d3.arc, d3.area, d3.line, d3.link, and d3.symbol.
  • Improve the performance of d3.geoPath’s string concatenation.
  • Fix arc rendering for small arcs with rounded corners.
  • Fix BumpRadial implementation to support multiple points.
  • Fix projection when lambda is outside the range ±3π.
  • Rename d3.symbolX to d3.symbolTimes; d3.symbolX is now deprecated.

v7.7.0

v7.6.1

v7.6.0

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 9 updates
2c37e72 
Bumps the npm_and_yarn group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [jquery](https://github.com/jquery/jquery) | `3.5.0` | `3.5.1` |
| [knockout](https://github.com/knockout/knockout) | `3.4.0` | `3.5.0` |
| [moment](https://github.com/moment/moment) | `2.24.0` | `2.29.4` |
| [moment-timezone](https://github.com/moment/moment-timezone) | `0.5.35` | `0.5.36` |
| [underscore](https://github.com/jashkenas/underscore) | `1.8.3` | `1.12.1` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [gulp](https://github.com/gulpjs/gulp) | `4.0.2` | `5.0.0` |
| [d3-color](https://github.com/d3/d3-color) | `1.0.3` | `3.1.0` |
| [d3](https://github.com/d3/d3) | `4.11.0` | `7.9.0` |



Updates `jquery` from 3.5.0 to 3.5.1
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](jquery/jquery@3.5.0...3.5.1)

Updates `knockout` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/knockout/knockout/releases)
- [Commits](knockout/knockout@v3.4.0...v3.5.0)

Updates `moment` from 2.24.0 to 2.29.4
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.24.0...2.29.4)

Updates `moment-timezone` from 0.5.35 to 0.5.36
- [Release notes](https://github.com/moment/moment-timezone/releases)
- [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md)
- [Commits](moment/moment-timezone@0.5.35...0.5.36)

Updates `underscore` from 1.8.3 to 1.12.1
- [Commits](jashkenas/underscore@1.8.3...1.12.1)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `gulp` from 4.0.2 to 5.0.0
- [Release notes](https://github.com/gulpjs/gulp/releases)
- [Changelog](https://github.com/gulpjs/gulp/blob/master/CHANGELOG.md)
- [Commits](gulpjs/gulp@v4.0.2...v5.0.0)

Updates `d3-color` from 1.0.3 to 3.1.0
- [Release notes](https://github.com/d3/d3-color/releases)
- [Commits](d3/d3-color@v1.0.3...v3.1.0)

Updates `d3` from 4.11.0 to 7.9.0
- [Release notes](https://github.com/d3/d3/releases)
- [Changelog](https://github.com/d3/d3/blob/main/CHANGES.md)
- [Commits](d3/d3@v4.11.0...v7.9.0)

---
updated-dependencies:
- dependency-name: jquery
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: knockout
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: moment
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: moment-timezone
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: underscore
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: gulp
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: d3-color
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: d3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 15, 2024
@dependabot dependabot bot mentioned this pull request Jun 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants