forked from rails/rails
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the npm_and_yarn group across 3 directories with 26 updates #2
Open
dependabot
wants to merge
1
commit into
main
Choose a base branch
from
dependabot/npm_and_yarn/npm_and_yarn-3cd7486690
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the npm_and_yarn group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [karma](https://github.com/karma-runner/karma) | `3.1.4` | `6.3.16` | | [trix](https://github.com/basecamp/trix) | `2.0.0` | `2.1.1` | | [jquery](https://github.com/jquery/jquery) | `2.2.4` | `3.5.0` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [semver](https://github.com/npm/node-semver) | `5.6.0` | `5.7.2` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` | Bumps the npm_and_yarn group with 11 updates in the /actionmailbox/test/dummy directory: | Package | From | To | | --- | --- | --- | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.7.0` | `1.15.6` | | [fsevents](https://github.com/fsevents/fsevents) | `1.1.3` | `1.2.13` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.1.0` | `1.4.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.0.8` | | [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.3.4` | `7.24.7` | | [eventsource](https://github.com/EventSource/eventsource) | `1.0.7` | `1.1.2` | | [express](https://github.com/expressjs/express) | `4.16.2` | `4.19.2` | | [url-parse](https://github.com/unshiftio/url-parse) | `1.4.4` | `1.5.10` | Bumps the npm_and_yarn group with 2 updates in the /actionview directory: [karma](https://github.com/karma-runner/karma) and [jquery](https://github.com/jquery/jquery). Updates `karma` from 3.1.4 to 6.3.16 - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](karma-runner/karma@v3.1.4...v6.3.16) Updates `trix` from 2.0.0 to 2.1.1 - [Release notes](https://github.com/basecamp/trix/releases) - [Commits](basecamp/trix@v2.0.0...v2.1.1) Updates `jquery` from 2.2.4 to 3.5.0 - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](jquery/jquery@2.2.4...3.5.0) Updates `braces` from 0.1.5 to 2.3.2 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `engine.io` from 3.2.1 to 6.5.4 - [Release notes](https://github.com/socketio/engine.io/releases) - [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md) - [Commits](socketio/engine.io@3.2.1...6.5.4) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `log4js` from 3.0.6 to 6.9.1 - [Changelog](https://github.com/log4js-node/log4js-node/blob/master/CHANGELOG.md) - [Commits](log4js-node/log4js-node@v3.0.6...v6.9.1) Updates `minimist` from 0.0.10 to 1.2.6 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v0.0.10...v1.2.6) Updates `semver` from 5.6.0 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.6.0...v5.7.2) Updates `socket.io-parser` from 3.2.0 to 4.2.4 - [Release notes](https://github.com/socketio/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md) - [Commits](socketio/socket.io-parser@3.2.0...4.2.4) Updates `socket.io` from 2.1.1 to 4.7.5 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](socketio/socket.io@2.1.1...4.7.5) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `y18n` from 4.0.0 to 4.0.3 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `follow-redirects` from 1.7.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `fsevents` from 1.1.3 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.1.3...v1.2.13) Updates `loader-utils` from 1.1.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.1.0...v1.4.2) Updates `minimatch` from 3.0.4 to 3.0.8 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.0.8) Updates `qs` from 6.4.0 to 6.5.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.4.0...v6.5.1) Updates `request` from 2.81.0 to 2.88.0 - [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md) - [Commits](request/request@v2.81.0...v2.88.0) Updates `tough-cookie` from 2.3.3 to 2.4.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.3.3...v2.4.3) Updates `y18n` from 3.2.1 to 3.2.2 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3) Updates `@babel/traverse` from 7.3.4 to 7.24.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.7/packages/babel-traverse) Updates `eventsource` from 1.0.7 to 1.1.2 - [Changelog](https://github.com/EventSource/eventsource/blob/master/HISTORY.md) - [Commits](EventSource/eventsource@v1.0.7...v1.1.2) Updates `express` from 4.16.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.16.2...4.19.2) Updates `url-parse` from 1.4.4 to 1.5.10 - [Commits](unshiftio/url-parse@1.4.4...1.5.10) Updates `karma` from 3.1.4 to 6.4.3 - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](karma-runner/karma@v3.1.4...v6.3.16) Updates `jquery` from 2.2.4 to 3.7.1 - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](jquery/jquery@2.2.4...3.5.0) --- updated-dependencies: - dependency-name: karma dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: trix dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: jquery dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: engine.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: log4js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: request dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eventsource dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: url-parse dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: karma dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: jquery dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
Pull requests that update a dependency file
label
Jun 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 10 updates in the / directory:
3.1.4
6.3.16
2.0.0
2.1.1
2.2.4
3.5.0
4.2.1
4.2.3
0.2.0
0.2.2
1.15.2
1.15.6
1.0.1
1.0.2
5.6.0
5.7.2
1.2.3
1.2.5
4.0.0
4.0.3
Bumps the npm_and_yarn group with 11 updates in the /actionmailbox/test/dummy directory:
4.0.4
4.2.3
0.2.0
0.2.2
1.7.0
1.15.6
1.1.3
1.2.13
1.1.0
1.4.2
3.0.4
3.0.8
3.2.1
3.2.2
7.3.4
7.24.7
1.0.7
1.1.2
4.16.2
4.19.2
1.4.4
1.5.10
Bumps the npm_and_yarn group with 2 updates in the /actionview directory: karma and jquery.
Updates
karma
from 3.1.4 to 6.3.16Release notes
Sourced from karma's releases.
... (truncated)
Changelog
Sourced from karma's changelog.
... (truncated)
Commits
ab4b328
chore(release): 6.3.16 [skip ci]ff7edbb
fix(security): mitigate the "Open Redirect Vulnerability"c1befa0
chore(release): 6.3.15 [skip ci]d9dade2
fix(helper): make mkdirIfNotExists helper resilient to concurrent calls653c762
ci: prevent duplicate CI tasks on creating a PRc97e562
chore(release): 6.3.14 [skip ci]91d5acd
fix: remove string template from client code69cfc76
fix: warn whensingleRun
andautoWatch
arefalse
839578c
fix(security): remove XSS vulnerability inreturnUrl
query paramdb53785
chore(release): 6.3.13 [skip ci]Updates
trix
from 2.0.0 to 2.1.1Release notes
Sourced from trix's releases.
... (truncated)
Commits
0c79bcb
v2.1.11a5c68a
Merge pull request #1149 from basecamp/paste-html-sanitize14bac18
Sanitize HTML content in data-trix-* attributes1abe3d2
Test attachment content is sanitized841ff19
Merge pull request #1147 from basecamp/sanitize-noscript5e03f4a
Sanitize noscript to prevent copy and paste XSS36c7aeb
Merge pull request #1146 from basecamp/dependabot/npm_and_yarn/tar-6.2.1c6023ed
Bump tar from 6.2.0 to 6.2.1968ceda
v2.1.0bf8f52a
Merge pull request #1138 from basecamp/custom-html-block-attributesUpdates
jquery
from 2.2.4 to 3.5.0Release notes
Sourced from jquery's releases.
Commits
7a0a850
3.5.08570a08
Release: Update AUTHORS.txtda3dd85
Ajax: Do not execute scripts for unsuccessful HTTP responses065143c
Ajax: Overwrite s.contentType with content-type header value, if any1a4f10d
Tests: Blacklist one focusin test in IE9e15d6b
Event: Use only one focusin/out handler per matching window & document966a709
Manipulation: Skip the select wrapper for <option> outside of IE 91d61fd9
Manipulation: Make jQuery.htmlPrefilter an identity function04bf577
Selector: Update Sizzle from 2.3.4 to 2.3.57506c9c
Build: Resolve Travis config warningsMaintainer changes
This version was pushed to npm by mgol, a new releaser for jquery since your current version.
Updates
braces
from 0.1.5 to 2.3.2Changelog
Sourced from braces's changelog.
... (truncated)
Commits
Updates
browserify-sign
from 4.2.1 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
Commits
bf2c3ec
v4.2.39247adf
[patch] widen support to 0.12f427270
[Deps] update `parse-asn187f3a35
[Dev Deps] updateaud
,npmignore
,tape
fb261ce
[Deps] updateelliptic
4d0ee49
[patch] drop minimum node support to v19e2bf12
[Deps] pinhash-base
to ~3.0, due to a breaking change168e16f
[Deps] pinelliptic
due to a breaking change37a4758
[actions] remove redundant finisher4af5a90
v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
decode-uri-component
from 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea46
0.2.2980e0bf
Prevent overwriting previously decoded tokens3c8a373
0.2.176abc93
Switch to GitHub workflows746ca5d
Fix issue where decode throws - fixes #6486d7e2
Update license (#1)a650457
Tidelift tasks66e1c28
Meta tweaksUpdates
engine.io
from 3.2.1 to 6.5.4Release notes
Sourced from engine.io's releases.
... (truncated)
Changelog
Sourced from engine.io's changelog.
... (truncated)
Commits
ff0fbfb
chore(release): 6.5.409acb17
ci: add Node.js 20 in the test matrix39937f8
refactor: minor cleanups43c1c1c
refactor: simplify code3b5e79e
refactor: remove useless referencesf27a6c3
refactor: remove useless reference2da559a
chore(release): 6.5.39545b44
refactor: add cache-control header in the polling responseff1c861
fix(webtransport): properly handle abruptly closed connectionsc6bf8c0
fix: improve compatibility with node16 module resolution (#689)Updates
follow-redirects
from 1.15.2 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
json5
from 1.0.1 to 1.0.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e
1.0.2e0c23fe
docs: update CHANGELOG for v1.0.262a6540
fix: add proto to objects and arraysUpdates
log4js
from 3.0.6 to 6.9.1Changelog
Sourced from log4js's changelog.
... (truncated)
Commits
26dcec6
6.9.163ae5b9
Merge pull request #1379 from log4js-node/update-docs185fa66
docs: updated changelog for 6.9.1ed54dc2
Merge pull request #1378 from log4js-node/1377-defaultparsecallstack-cant-par...2628688
fix(7922e82): regex for stacktraceb3919d8
6.9.07cfe8a4
Merge pull request #1376 from log4js-node/update-docsf89e7b6
docs: updated changelog for 6.9.00082928
Merge pull request #1375 from log4js-node/update-docsc0db6a4
docs: added thatlog4js.getLogger()
may calllog4js.configure()
Maintainer changes
This version was pushed to npm by csausdev, a new releaser for log4js since your current version.
Updates
minimist
from 0.0.10 to 1.2.6Changelog
Sourced from minimist's changelog.
... (truncated)
Commits
7efb22a
1.2.6ef88b93
security notice for additional prototype pollution issuec2b9819
isConstructorOrProto adapted from PRbc8ecee
test from prototype pollution PRaeb3e27
1.2.5278677b
1.2.44cf1354
security notice1043d21
additional test for constructor prototype pollution6457d74
1.2.338a4d1c
even more aggressive checks for protocol pollutionUpdates
semver
from 5.6.0 to 5.7.2Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
Commits
f8cc313
chore: release 5.7.22f8fd41
fix: better handling of whitespace (#585)deb5ad5
chore:@npmcli/template-oss
@4
.16.0c83c18c
5.7.1956e228
Correct typo in README8055dda
5.7.0604e73d
auto-publishing scriptsbed01e2
remove the nomin comments, since we don't minify any more anyway9cb68f1
document parse method38d42ca
5.7 changelogMaintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates
socket.io-parser
from 3.2.0 to 4.2.4Release notes
Sourced from socket.io-parser's releases.