Bump the npm_and_yarn group across 1 directory with 7 updates #190

dependabot · 2024-06-17T13:31:53Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
braces	`3.0.2`	`3.0.3`
express	`4.18.2`	`4.19.2`
follow-redirects	`1.15.4`	`1.15.6`
postcss	`7.0.39`	`8.4.32`
10up-toolkit	`4.3.1`	`6.2.0`

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.15.4 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
See full diff in compare view

Updates postcss from 7.0.39 to 8.4.32

Release notes

Sourced from postcss's releases.

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by @romainmenke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by @remcohaszing).

8.4.21

Fixed Input#error types (by @hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by @romainmenke).

8.4.18

Fixed an error on absolute: true with empty sourceContent (by @KingSora).

8.4.17

Fixed Node.before() unexpected behavior (by @romainmenke).

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by Romain Menke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

Fixed Node.before() unexpected behavior (by Romain Menke).

... (truncated)

Commits

a0d9f10 Release 8.4.32 version
0146b3e Add Node.js 21 to CI
2398534 Update dependencies
1918533 Merge pull request #1902 from ferreira-tb/main
395e6dc Fix ProcessOptions interface
fa8cd15 Update dependencies
199a7c4 Typo
2528047 Update EM link
90208de Release 8.4.31 version
58cc860 Fix carrier return parsing
Additional commits viewable in compare view

Updates 10up-toolkit from 4.3.1 to 6.2.0

Changelog

Sourced from 10up-toolkit's changelog.

Changelog

6.2.0-next.4

Patch Changes

dcc09bb: Fix: watch close when using modules

1f612a2: Update project command to use latest

6.2.0-next.3

Patch Changes

d9f3642: Refactor init command

6.2.0-next.2

Patch Changes

58d5861: Fix init command

6.2.0-next.1

Patch Changes

1aba76c: Fix project init command

6.2.0-next.0

Minor Changes

dba1534: Project Command (BETA)

Patch Changes

Updated dependencies [5ddee2c]

@10up/eslint-config@4.1.0-next.0

6.1.0

Minor Changes

a41a046: Add support for scriptModule & viewScriptModule assets

1693913: Bundle PostCSS Global Data Plugin with default configuration

Patch Changes

20d2e65: Feature: allow defining module script entrypoints via moduleEntry key in package.json decoupled from blocks

6.1.0-next.1

... (truncated)

Commits

5802a4d chore: promote from @next
91ffa68 chore: version packages (next) (next)
1f612a2 Prepare project command (#407)
dcc09bb fix: watch close (#401)
5e20c80 chore: version packages (next) (next)
d9f3642 Node not bash for init (#404)
c364cfb chore: version packages (next) (next)
58d5861 Init fix (#402)
c791c46 chore: version packages (next) (next)
1aba76c Fix init sed (#398)
Additional commits viewable in compare view

Updates sharp from 0.30.7 to 0.32.6

Changelog

Sourced from sharp's changelog.

v0.32.6 - 18th September 2023

Upgrade to libvips v8.14.5 for upstream bug fixes.

Ensure composite tile images are fully decoded (regression in 0.32.0). #3767

Ensure withMetadata can add ICC profiles to RGB16 output. #3773

Ensure withMetadata does not reduce 16-bit images to 8-bit (regression in 0.32.5). #3773

TypeScript: Add definitions for block and unblock. #3799 @ldrick

v0.32.5 - 15th August 2023

Upgrade to libvips v8.14.4 for upstream bug fixes.

TypeScript: Add missing WebpPresetEnum to definitions. #3748 @pilotso11

Ensure compilation using musl v1.2.4. #3755 @kleisauke

Ensure resize with a fit of inside respects 90/270 degree rotation. #3756

TypeScript: Ensure minSize property of WebpOptions is boolean. #3758 @sho-xizz

Ensure withMetadata adds default sRGB profile. #3761

v0.32.4 - 21st July 2023

Upgrade to libvips v8.14.3 for upstream bug fixes.

Expose ability to (un)block low-level libvips operations by name.

Prebuilt binaries: restore support for tile-based output. #3581

v0.32.3 - 14th July 2023

... (truncated)

Commits

eefaa99 Release v0.32.6
dbce6fa Upgrade to libvips v8.14.5
af0fcb3 Docs: changelog for #3799
c6f54e5 Bump devDeps
846563e TypeScript: add definitions for block and unblock (#3799)
9c217ab Ensure withMetadata can add RGB16 profiles #3773
e7381e5 Alternative fix for 4340d60, uses existing StaySequential
4340d60 Ensure composite tile images fully decoded #3767
7f64d46 Docs: add missing returns property to raw
67e927b Docs: ensure all functions include method signature #3777
Additional commits viewable in compare view

Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

Commits

86071ea chore(release): 5.3.4
189c4ac fix(security): do not allow to read files above (#1779)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.4` | `1.15.6` | | [postcss](https://github.com/postcss/postcss) | `7.0.39` | `8.4.32` | | [10up-toolkit](https://github.com/10up/10up-toolkit/tree/HEAD/packages/toolkit) | `4.3.1` | `6.2.0` | Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `follow-redirects` from 1.15.4 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.4...v1.15.6) Updates `postcss` from 7.0.39 to 8.4.32 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.32) Updates `10up-toolkit` from 4.3.1 to 6.2.0 - [Release notes](https://github.com/10up/10up-toolkit/releases) - [Changelog](https://github.com/10up/10up-toolkit/blob/develop/packages/toolkit/CHANGELOG.md) - [Commits](https://github.com/10up/10up-toolkit/commits/[email protected]/packages/toolkit) Updates `sharp` from 0.30.7 to 0.32.6 - [Release notes](https://github.com/lovell/sharp/releases) - [Changelog](https://github.com/lovell/sharp/blob/main/docs/changelog.md) - [Commits](lovell/sharp@v0.30.7...v0.32.6) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: 10up-toolkit dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: sharp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-06-18T17:57:12Z

Superseded by #191.

dependabot bot requested review from jeffpaul and dkotter as code owners June 17, 2024 13:31

dependabot bot added the type:dependency An issue with a separate library that this project relies upon. label Jun 17, 2024

jeffpaul added this to the 1.3.4 milestone Jun 17, 2024

jeffpaul requested review from faisal-alvi and removed request for dkotter and jeffpaul June 17, 2024 20:24

dependabot bot closed this Jun 18, 2024

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-8c9bab6401 branch June 18, 2024 17:57

jeffpaul removed this from the 1.3.4 milestone Jun 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 7 updates #190

Bump the npm_and_yarn group across 1 directory with 7 updates #190

dependabot bot commented on behalf of github Jun 17, 2024

dependabot bot commented on behalf of github Jun 18, 2024

Bump the npm_and_yarn group across 1 directory with 7 updates #190

Bump the npm_and_yarn group across 1 directory with 7 updates #190

Conversation

dependabot bot commented on behalf of github Jun 17, 2024

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.23

8.4.22

8.4.21

8.4.20

8.4.19

8.4.18

8.4.17

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.23

8.4.22

8.4.21

8.4.20

8.4.19

8.4.18

8.4.17

Changelog

6.2.0-next.4

Patch Changes

6.2.0-next.3

Patch Changes

6.2.0-next.2

Patch Changes

6.2.0-next.1

Patch Changes

6.2.0-next.0

Minor Changes

Patch Changes

6.1.0

Minor Changes

Patch Changes

6.1.0-next.1

v0.32.6 - 18th September 2023

v0.32.5 - 15th August 2023

v0.32.4 - 21st July 2023

v0.32.3 - 14th July 2023

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

5.3.4 (2024-03-20)

Bug Fixes

dependabot bot commented on behalf of github Jun 18, 2024