Dependencies update #1368
Merged
Dependencies update #1368
+778
−1,201
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hexaltation
force-pushed
the
dependencies-update
branch
4 times, most recently
from
6458439 to
a072c52
Compare
Bumps [cookie](https://github.com/jshttp/cookie) from 0.5.0 to 0.7.0. - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.5.0...v0.7.0) --- updated-dependencies: - dependency-name: cookie dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.6. - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) --- updated-dependencies: - dependency-name: cross-spawn dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [axios](https://github.com/axios/axios) from 1.6.8 to 1.7.4. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.8...v1.7.4) Signed-off-by: Grégoire Cutzach <[email protected]>
Bumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.20.0. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.2...4.20.0) Signed-off-by: Grégoire Cutzach <[email protected]>
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Signed-off-by: Grégoire Cutzach <[email protected]>
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.4 to 6.6.1. - [Commits](indutny/elliptic@v6.5.4...v6.6.1) Signed-off-by: Grégoire Cutzach <[email protected]>
Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.13 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.13...v6.2.1) Signed-off-by: Grégoire Cutzach <[email protected]>
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.3.6 to 4.5.0. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.6...v4.5.0) Signed-off-by: Grégoire Cutzach <[email protected]>
hexaltation
force-pushed
the
dependencies-update
branch
from
4a8a75c to
df32d53
Compare
hexaltation
force-pushed
the
dependencies-update
branch
2 times, most recently
from
f9a6e54 to
e8f63a1
Compare
hexaltation
force-pushed
the
dependencies-update
branch
from
bb9c8cb to
7819d8b
Compare
hexaltation
force-pushed
the
dependencies-update
branch
from
d5123c4 to
9e2df21
Compare
hexaltation
added
enhancement
fflorent
approved these changes
Jan 9, 2025
Dependencies upgraded: bumps @popperjs/core from 2.3.3 to 2.11.8
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
Chore of node dependencies update
Proposed solution
The current PR is the addition of 3 strategies
yarn upgrade --latestof packages indicated byyarn audit. Commit calledbumpand signed by hexaltationyarn upgradeof packages remaining inyarn auditStill to do
The following packages needs more work than a simple upgrade strategy :
Has this been tested?
Tests are done by the CI
Updated dependencies
axios
Bumps axios from 1.6.8 to 1.7.4.
cookie
Bumps cookie from 0.5.0 to 0.7.0.
cross-spawn
Bumps cross-spawn from 7.0.3 to 7.0.6.
express
Bumps express from 4.19.2 to 4.20.0.
braces
Bumps braces from 3.0.2 to 3.0.3.
elliptic
Bumps elliptic from 6.5.4 to 6.6.1.
tar
Bumps tar from 6.1.13 to 6.2.1.
fast-xml-parser
Bumps fast-xml-parser from 4.3.6 to 4.5.0.
nodemon
Bumps nodemon from 2.0.4 to 3.1.9
jsdom
Bumps jsdom from 23.0.0 to 25.0.1
@googleapis/drive
Bumps @googleapis/drive from 0.3.1 to 8.14.0
@googleapis/oauth2
Bumps @googleapis/oauth2 from 0.2.0 to 1.0.7
ws
Bumps ws from 8.13.0 to 8.18.0
cookie-parser
Bumps to cookie-parser from 1.4.3 to 1.4.7
bootstrap
Bump bootstrap from 3.4.1 to 5.3.3
Dependencies upgraded:
webpack [dev]
Bumps to webpack from 5.91.0 to 5.97.1
sinon [dev]
Bumps to sinon from 17.0.1 to 19.0.2
mocha [dev]
Bumps to mocha from 10.2.0 to 11.0.1
Upgrade @typescript-eslint/eslint-plugin
Upgrade mocha-webdriver
Resolve ip with neoip
It appears that ip as no longer maintenance effort.
This solution of resolving ip by neoip has been applied to grist-core.