Bump the npm_and_yarn group with 9 updates #145

dependabot · 2024-06-18T18:45:15Z

Bumps the npm_and_yarn group with 9 updates:

Package	From	To
async	`2.6.3`	`2.6.4`
immer	`9.0.5`	`9.0.21`
json5	`1.0.1`	`1.0.2`
loader-utils	`1.4.0`	`1.4.2`
minimatch	`3.0.4`	`3.1.2`
minimist	`1.2.5`	`1.2.8`
moment	`2.29.1`	`2.30.1`
node-fetch	`2.6.1`	`2.6.13`
ws	`6.2.2`	`6.2.3`

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

Fix potential prototype pollution exploit (#1828)

Commits

c6bdaca Version 2.6.4
8870da9 Update built files
4df6754 update changelog
8f7f903 Fix prototype pollution vulnerability (#1828)
See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates immer from 9.0.5 to 9.0.21

Release notes

Sourced from immer's releases.

v9.0.21

9.0.21 (2023-03-23)

Bug Fixes

ensure type exports is first in package.json export declaration (#1018) (b6ccd0f)

v9.0.20

9.0.20 (2023-03-23)

Bug Fixes

patching maps failed when using number keys (#1025) (dd83e2e)

v9.0.19

9.0.19 (2023-01-27)

Bug Fixes

don't freeze drafts returned from produce if they were passed in as draft (#917) (46867f8)

produce results should never be frozen when returned from nested produces, to prevent 'hiding' drafts. Fixes #935 (a810960)

release and publish from 'main' rather than 'master' branch (82acc40)

revert earlier fix (#990) for recursive types (#1014) (3eeb331)

Upgrade Github actions to Node 16 attempt 1 (9d4ea93)

Upgrade Github actions to Node 16 attempt 2 (082eecd)

v9.0.18

9.0.18 (2023-01-15)

Bug Fixes

Preserve insertion order of Sets, fixes #819 (#976) (b3eeb69)

unnecessarily recursive Draft type (#990) (b9eae1d)

v9.0.17

9.0.17 (2023-01-02)

Bug Fixes

special case NaN in setter (#912) (5721bb7)

v9.0.16

9.0.16 (2022-10-22)

... (truncated)

Commits

7c15339 chore(deps): bump loader-utils from 2.0.0 to 2.0.4 in /website (#1026)
f07ec9d chore(deps): bump @sideway/formula from 3.0.0 to 3.0.1 in /website (#1027)
b6ccd0f fix: ensure type exports is first in package.json export declaration (#1018)
385837d chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /website (#1017)
e1696b7 chore(deps): bump webpack from 5.75.0 to 5.76.1 in /website (#1024)
dd83e2e fix: patching maps failed when using number keys (#1025)
082eecd fix: Upgrade Github actions to Node 16 attempt 2
9d4ea93 fix: Upgrade Github actions to Node 16 attempt 1
82acc40 fix: release and publish from 'main' rather than 'master' branch
3eeb331 fix: revert earlier fix (#990) for recursive types (#1014)
Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

a62db1e 1.0.2
e0c23fe docs: update CHANGELOG for v1.0.2
62a6540 fix: add proto to objects and arrays
See full diff in compare view

Updates loader-utils from 1.4.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

Commits

331ad50 chore(release): 1.4.2
17cbf8f fix: ReDoS problem (#226)
8f082b3 chore(release): 1.4.1
4504e34 fix: security problem (#220)
See full diff in compare view

Updates minimatch from 3.0.4 to 3.1.2

Commits

699c459 3.1.2
2f2b5ff fix: trim pattern
25d7c0d 3.1.1
55dda29 fix: treat nocase:true as always having magic
5e1fb8d 3.1.0
f8145c5 Add 'allowWindowsEscape' option
570e8b1 add publishConfig for v3 publishes
5b7cd33 3.0.6
20b4b56 [fix] revert all breaking syntax changes
2ff0388 document, expose, and test 'partial:true' option
Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates moment from 2.29.1 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

Release Dec 27, 2023

Revert moment/moment#5827, because it's breaking a lot of TS code.

2.30.0 Full changelog

Release Dec 26, 2023

2.29.4

Release Jul 6, 2022

#6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

Release Apr 17, 2022

#5995 [bugfix] Remove const usage

#5990 misc: fix advisory link

2.29.2 See full changelog

Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

Commits

485d9a7 Build 2.30.1
e048b09 Bump version to 2.30.1
f9f2d58 Update changelog for 2.30.1
a52ffb2 Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"
ddd6809 Build 2.30.0
be64d00 Bump version to 2.30.0
ad41179 Update changelog for 2.30.0
63fe479 [misc] Make code ES6 compatible
0f0195f Revert "Merge pull request #5599 from Alanscut:issue_4985"
15b82f5 Revert "Merge pull request #5597 from Alanscut:issue-5596"
Additional commits viewable in compare view

Updates node-fetch from 2.6.1 to 2.6.13

Release notes

Sourced from node-fetch's releases.

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

"global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

Bug Fixes

headers: don't forward secure headers on protocol change (#1605) (fddad0e), closes #1599

premature close with chunked transfer encoding and for async iterators in Node 12 (#1172) (50536d1), closes #1064 node-fetch/node-fetch#1064

prevent hoisting of the undefined global variable in browser.js (#1534) (8bb6e31)

... (truncated)

Commits

65ae25a fix: Remove the default connection close header (#1765)
8bc3a7c fix: socket variable testing for undefined (#1726)
afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
29909d7 fix: handle bom in text and json (#1739)
70f592d fix: "global is not defined" (#1704)
0f1ebb0 Prevent error when response is null (#1699)
6e9464d ci(release): install dependencies
dd2a0ba ci(release): install dependencies
49bef02 ci(release): use latest Node LTS
ce37bcd ci(semantic-release): config
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates ws from 6.2.2 to 6.2.3

Release notes

Sourced from ws's releases.

6.2.3

Bug fixes

Backported e55e5106 to the 6.x release line (eeb76d31).

Commits

d87f3b6 [dist] 6.2.3
eeb76d3 [security] Fix crash when the Upgrade header cannot be read (#2231)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 9 updates: | Package | From | To | | --- | --- | --- | | [async](https://github.com/caolan/async) | `2.6.3` | `2.6.4` | | [immer](https://github.com/immerjs/immer) | `9.0.5` | `9.0.21` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.4.0` | `1.4.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [moment](https://github.com/moment/moment) | `2.29.1` | `2.30.1` | | [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.1` | `2.6.13` | | [ws](https://github.com/websockets/ws) | `6.2.2` | `6.2.3` | Updates `async` from 2.6.3 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) Updates `immer` from 9.0.5 to 9.0.21 - [Release notes](https://github.com/immerjs/immer/releases) - [Commits](immerjs/immer@v9.0.5...v9.0.21) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `loader-utils` from 1.4.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.4.0...v1.4.2) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `moment` from 2.29.1 to 2.30.1 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.29.1...2.30.1) Updates `node-fetch` from 2.6.1 to 2.6.13 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.1...v2.6.13) Updates `ws` from 6.2.2 to 6.2.3 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@6.2.2...6.2.3) --- updated-dependencies: - dependency-name: async dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immer dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: moment dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 18, 2024

dependabot bot mentioned this pull request Jun 18, 2024

Bump the npm_and_yarn group with 8 updates #130

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group with 9 updates #145

Bump the npm_and_yarn group with 9 updates #145

dependabot bot commented on behalf of github Jun 18, 2024

Bump the npm_and_yarn group with 9 updates #145

Are you sure you want to change the base?

Bump the npm_and_yarn group with 9 updates #145

Conversation

dependabot bot commented on behalf of github Jun 18, 2024

v2.6.4

v9.0.21

9.0.21 (2023-03-23)

Bug Fixes

v9.0.20

9.0.20 (2023-03-23)

Bug Fixes

v9.0.19

9.0.19 (2023-01-27)

Bug Fixes

v9.0.18

9.0.18 (2023-01-15)

Bug Fixes

v9.0.17

9.0.17 (2023-01-02)

Bug Fixes

v9.0.16

9.0.16 (2022-10-22)

v1.0.2

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

v2.2.1 [code, diff]

v2.2.0 [code, diff]

v2.1.3 [code, diff]

v2.1.2 [code, diff]

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

1.4.2 (2022-11-11)

Bug Fixes

1.4.1 (2022-11-07)

Bug Fixes

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

v1.2.7 - 2022-10-10

Commits

2.30.1

2.30.0 Full changelog

2.29.4

2.29.3 Full changelog

2.29.2 See full changelog

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

v2.6.11

2.6.11 (2023-05-09)

Reverts

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

v2.6.8

2.6.8 (2023-01-13)

Bug Fixes

6.2.3

Bug fixes