Bump the npm_and_yarn group across 1 directory with 11 updates #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps the npm_and_yarn group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `4.11.8` | `6.12.6` | | [request](https://github.com/request/request) | `2.83.0` | `2.88.2` | | [less](https://github.com/less/less.js) | `2.7.3` | `4.2.0` | | [postcss](https://github.com/postcss/postcss) | `5.2.18` | `8.4.38` | | [pxt-core](https://github.com/microsoft/pxt) | `0.18.6` | `8.3.1` | | [rtlcss](https://github.com/MohammadYounes/rtlcss) | `2.2.0` | `4.1.1` | | [autoprefixer](https://github.com/postcss/autoprefixer) | `6.7.7` | `10.4.19` | Updates `ajv` from 4.11.8 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@4.11.8...v6.12.6) Updates `request` from 2.83.0 to 2.88.2 - [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md) - [Commits](https://github.com/request/request/commits) Updates `less` from 2.7.3 to 4.2.0 - [Release notes](https://github.com/less/less.js/releases) - [Changelog](https://github.com/less/less.js/blob/master/CHANGELOG.md) - [Commits](less/less.js@v2.7.3...v4.2.0) Updates `postcss` from 5.2.18 to 8.4.38 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/commits/8.4.38) Updates `pxt-core` from 0.18.6 to 8.3.1 - [Changelog](https://github.com/microsoft/pxt/blob/master/common-docs/release-tests.md) - [Commits](microsoft/pxt@v0.18.6...v8.3.1) Updates `rtlcss` from 2.2.0 to 4.1.1 - [Release notes](https://github.com/MohammadYounes/rtlcss/releases) - [Changelog](https://github.com/MohammadYounes/rtlcss/blob/master/CHANGELOG.md) - [Commits](MohammadYounes/rtlcss@2.2.0...v4.1.1) Updates `autoprefixer` from 6.7.7 to 10.4.19 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@6.7.7...10.4.19) Updates `jquery` from 3.2.1 to 3.7.1 - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](jquery/jquery@3.2.1...3.7.1) Updates `marked` from 0.3.12 to 0.3.19 - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json) - [Commits](markedjs/marked@v0.3.12...v0.3.19) Updates `semver` from 5.3.0 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.3.0...v5.7.2) Updates `websocket-extensions` from 0.1.3 to 0.1.4 - [Changelog](https://github.com/faye/websocket-extensions-node/blob/main/CHANGELOG.md) - [Commits](faye/websocket-extensions-node@0.1.3...0.1.4) --- updated-dependencies: - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: request dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: less dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pxt-core dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rtlcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: autoprefixer dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: jquery dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: marked dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: websocket-extensions dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 7 updates in the / directory:
4.11.86.12.62.83.02.88.22.7.34.2.05.2.188.4.380.18.68.3.12.2.04.1.16.7.710.4.19Updates
ajvfrom 4.11.8 to 6.12.6Release notes
Sourced from ajv's releases.
... (truncated)
Commits
fe591436.12.6d580d3eMerge pull request #1298 from ajv-validator/fix-urlfd36389fix: regular expression for "url" format490e34cdocs: link to v7-beta branch9cd93a1docs: note about v7 in readme877d286Merge pull request #1262 from b4h0-c4t/refactor-opt-object-typef1c8e456.12.5764035eMerge branch 'ChALkeR-chalker/fix-comma'3798160Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...a3c7ebaMerge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...Updates
requestfrom 2.83.0 to 2.88.2Changelog
Sourced from request's changelog.
Commits
Updates
lessfrom 2.7.3 to 4.2.0Release notes
Sourced from less's releases.
... (truncated)
Changelog
Sourced from less's changelog.
... (truncated)
Commits
1b6dba1[skip ci] add v4.2.0 changelog (#4215)6390ae3Release/v4.2.0 (#3814)012d549fix(issue:3766) add support for container queries (#3811)8b5aef9Create SECURITY.md4d3189cFixes #3787 -- ESLint updates and linting cleanup (#3790)a917965ci: update the ci config (#3789)2702322fix faulty source map generation with variables in selectors (#3761)9b37be7[skip ci] update the issue template of bug report (#3785)180d676fix: make ci work (#3774)0e99701fix(parser): fix crash when css variable property does not end with a semicol...Updates
postcssfrom 5.2.18 to 8.4.38Release notes
Sourced from postcss's releases.
... (truncated)
Changelog
Sourced from postcss's changelog.
... (truncated)
Commits
Updates
pxt-corefrom 0.18.6 to 8.3.1Commits
4169d908.3.14f6bd40Bumping minor verstion to 8.3.0db9b0b28.2.1778d9cddAdd multiplayer app, adjust package dependencies (#9051)92e70488.2.160237301Quick tutorial updates from testing (#9050)8e30a888.2.154106daeInline snippet click highlight (#9049)8fb58abFix Image Editor Top Bar Button Sizing (#9054)75404b1Anzhou/localization blog (#9052)Updates
rtlcssfrom 2.2.0 to 4.1.1Release notes
Sourced from rtlcss's releases.
Changelog
Sourced from rtlcss's changelog.
... (truncated)
Commits
d5aa1114.1.134e6ceesafeguard functions3da99c9Bump word-wrap from 1.2.3 to 1.2.4e050361Use Object.values instead of Object.keys94657cfReturn early in more placesf64dabcUpdate CI:84f63e54.1.04b9be38Update CI config1aedcefUpdate CodeQL workflowe197c22README.md: fix badgeUpdates
autoprefixerfrom 6.7.7 to 10.4.19Release notes
Sourced from autoprefixer's releases.
... (truncated)
Changelog
Sourced from autoprefixer's changelog.
... (truncated)
Commits
8060e33Release 10.4.19 versionfe7bae4Remove end→flex-end warning5f6f362Update dependencies13a86dfMove to flat ESLint configb3e0579Update dependencies90dc18dRelease 10.4.18 version0af1be8Update dependencies1efe165Update c8 config80ff109Add Node.js 21 to CI5e5d193Automate release creationUpdates
jqueryfrom 3.2.1 to 3.7.1Release notes
Sourced from jquery's releases.
Commits
f79d5f13.7.1399b201Release: revert change that broke releasef85d521Release: update authors763ade6Build: Generate the slim build ongrunt& runcompare_sizeon ita288838CSS: Make the reliableTrDimensions support test work with Bootstrap CSS (3.x ...87467a6Selector: Only attach the unload handler in IE & Edge Legacy3c18c1fBuild: Make sure*.cjs&*.mjsfiles use UNIX line endings as well72ae577Build: switch preferred email for timmywila370d7dBuild: Build: Bump actions/checkout from 3.5.2 to 3.5.34a29888Docs: Fix typos found by codespellUpdates
markedfrom 0.3.12 to 0.3.19Commits
5d1baa4Merge pull request #1157 from markedjs/release-0.3.19a089991Merge pull request #64 from fidian/masterad6c7f9Merge pull request #1156 from UziTech/docs-navigation03e015c0.3.19cf2def0minify29f4190Ignore DS_Store on macosf29bcebUpdate publishing template (#1154)210eed7Update badge template (#1155)9c01b83link to README.mdfd9f444add github ribbonUpdates
semverfrom 5.3.0 to 5.7.2Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
Commits
f8cc313chore: release 5.7.22f8fd41fix: better handling of whitespace (#585)deb5ad5chore:@npmcli/template-oss@4.16.0c83c18c5.7.1956e228Correct typo in README8055dda5.7.0604e73dauto-publishing scriptsbed01e2remove the nomin comments, since we don't minify any more anyway9cb68f1document parse method38d42ca5.7 changelogMaintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates
websocket-extensionsfrom 0.1.3 to 0.1.4Changelog
Sourced from websocket-extensions's changelog.
Commits
5ea0b42Bump version to 0.1.429496f6Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser4a76c75Add Node versions 13 and 14 on Travis44a677aFormatting change: {...} should have spaces inside the bracesf6c50abLet npm reformat package.json2d211f3Change markdown formatting of docs.0b62083Update Travis target versions.729a465Switch license to Apache 2.0.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.