Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the security group in /web with 6 updates #4867

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 7, 2024

Bumps the security group in /web with 6 updates:

Package From To
axios 1.7.6 1.7.7
eslint-plugin-import 2.29.1 2.30.0
eslint-plugin-jest 28.8.1 28.8.3
eslint-plugin-jsx-a11y 6.9.0 6.10.0
eslint-plugin-react 7.35.0 7.35.2
sass 1.77.8 1.78.0

Updates axios from 1.7.6 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Commits
  • 5b8a826 chore(release): v1.7.7 (#6585)
  • 364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
  • d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
  • See full diff in compare view

Updates eslint-plugin-import from 2.29.1 to 2.30.0

Release notes

Sourced from eslint-plugin-import's releases.

v2.30.0

Added

Fixed

Changed

  • [Docs] no-extraneous-dependencies: Make glob pattern description more explicit (#2944, thanks [@​mulztob])
  • [no-unused-modules]: add console message to help debug #2866
  • [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap (#2982, thanks [@​soryy708])
  • [Refactor] ExportMap: separate ExportMap instance from its builder logic (#2985, thanks [@​soryy708])
  • [Docs] order: Add a quick note on how unbound imports and --fix (#2640, thanks [@​minervabot])
  • [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) (#2987, thanks [@​joeyguerra])
  • [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
  • [Refactor] exportMapBuilder: avoid hoisting (#2989, thanks [@​soryy708])
  • [Refactor] ExportMap: extract "builder" logic to separate files (#2991, thanks [@​soryy708])
  • [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option (#3036, thanks [@​liby])
  • [readme] Clarify how to install the plugin (#2993, thanks [@​jwbth])

... (truncated)

Changelog

Sourced from eslint-plugin-import's changelog.

[2.30.0] - 2024-09-02

Added

  • [dynamic-import-chunkname]: add allowEmpty option to allow empty leading comments (#2942, thanks [@​JiangWeixian])
  • [dynamic-import-chunkname]: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode (#3004, thanks [@​amsardesai])
  • [no-unused-modules]: Add ignoreUnusedTypeExports option (#3011, thanks [@​silverwind])
  • add support for Flat Config (#3018, thanks [@​michaelfaith])

Fixed

Changed

  • [Docs] no-extraneous-dependencies: Make glob pattern description more explicit (#2944, thanks [@​mulztob])
  • [no-unused-modules]: add console message to help debug #2866
  • [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap (#2982, thanks [@​soryy708])
  • [Refactor] ExportMap: separate ExportMap instance from its builder logic (#2985, thanks [@​soryy708])
  • [Docs] order: Add a quick note on how unbound imports and --fix (#2640, thanks [@​minervabot])
  • [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) (#2987, thanks [@​joeyguerra])
  • [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
  • [Refactor] exportMapBuilder: avoid hoisting (#2989, thanks [@​soryy708])
  • [Refactor] ExportMap: extract "builder" logic to separate files (#2991, thanks [@​soryy708])
  • [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option (#3036, thanks [@​liby])
  • [readme] Clarify how to install the plugin (#2993, thanks [@​jwbth])
Commits
  • 18787d3 Bump to 2.30.0
  • 9902298 [Deps] update eslint-module-utils
  • 9d194a6 [utils] v2.9.0
  • 0a58d75 [resolvers/webpack] v0.13.9
  • a3015eb [Test] namespace: ensure valid case is actually included
  • 8bdb32b [Test] add explicit marker for trailing whitespace in cases
  • 038c26c [readme] Clarify how to install the plugin
  • 32a2b89 [Fix] order: do not compare first path segment for relative paths (#2682)
  • ee1ea02 [Fix] newline-after-import: fix considerComments option when require
  • 806e3c2 [New] add support for Flat Config
  • Additional commits viewable in compare view

Updates eslint-plugin-jest from 28.8.1 to 28.8.3

Release notes

Sourced from eslint-plugin-jest's releases.

v28.8.3

28.8.3 (2024-09-04)

Bug Fixes

  • prefer-importing-jest-globals: don't add imports in the middle of statements (#1645) (9c4197c)

v28.8.2

28.8.2 (2024-09-02)

Performance Improvements

  • prefer-importing-jest-globals: stop collecting import specifiers for no reason (#1646) (0660242)
Changelog

Sourced from eslint-plugin-jest's changelog.

28.8.3 (2024-09-04)

Bug Fixes

  • prefer-importing-jest-globals: don't add imports in the middle of statements (#1645) (9c4197c)

28.8.2 (2024-09-02)

Performance Improvements

  • prefer-importing-jest-globals: stop collecting import specifiers for no reason (#1646) (0660242)
Commits
  • 497a500 chore(release): 28.8.3 [skip ci]
  • 9c4197c fix(prefer-importing-jest-globals): don't add imports in the middle of statem...
  • 9adda0a chore(release): 28.8.2 [skip ci]
  • 0660242 perf(prefer-importing-jest-globals): stop collecting import specifiers for no...
  • a789420 chore(deps): lock file maintenance
  • See full diff in compare view

Updates eslint-plugin-jsx-a11y from 6.9.0 to 6.10.0

Changelog

Sourced from eslint-plugin-jsx-a11y's changelog.

v6.10.0 - 2024-09-03

Fixed

Commits

  • [Tests] switch from jest to tape a284cbf
  • [New] add eslint 9 support deac4fd
  • [New] add attributes setting a1ee7f8
  • [New] allow polymorphic linting to be restricted 6cd1a70
  • [Tests] remove duplicate tests 74d5dec
  • [Dev Deps] update @babel/cli, @babel/core, @babel/eslint-parser, @babel/plugin-transform-flow-strip-types 6eca235
  • [readme] remove deprecated travis ci badge; add github actions badge 0be7ea9
  • [Tests] use npm audit instead of aud 05a5e49
  • [Deps] update axobject-query 912e98c
  • [Deps] unpin axobject-query 75147aa
  • [Deps] update axe-core 27ff7cb
  • [readme] fix jsxA11y import name ce846e0
  • [readme] fix typo in shareable config section in readme cca288b
Commits
  • 65c9338 v6.10.0
  • 912e98c [Deps] update axobject-query
  • 6cd1a70 [New] allow polymorphic linting to be restricted
  • a1ee7f8 [New] add attributes setting
  • 83fd9c4 [New] label-has-associated-control: add additional error message
  • 75147aa [Deps] unpin axobject-query
  • a284cbf [Tests] switch from jest to tape
  • deac4fd [New] add eslint 9 support
  • 74d5dec [Tests] remove duplicate tests
  • 05a5e49 [Tests] use npm audit instead of aud
  • Additional commits viewable in compare view

Updates eslint-plugin-react from 7.35.0 to 7.35.2

Release notes

Sourced from eslint-plugin-react's releases.

v7.35.2

Fixed

#3814: jsx-eslint/eslint-plugin-react#3814 jsx-curly-brace-presence: docs/rules/jsx-curly-brace-presence.md

v7.35.1

Fixed

#3798: jsx-eslint/eslint-plugin-react#3798

... (truncated)

Changelog

Sourced from eslint-plugin-react's changelog.

[7.35.2] - 2024.09.03

Fixed

  • [jsx-curly-brace-presence]: avoid autofixing attributes with double quotes to a double quoted attribute (#3814[] @​ljharb)

#3814: jsx-eslint/eslint-plugin-react#3814

7.35.1 - 2024.09.02

Fixed

  • [jsx-curly-brace-presence]: do not trigger on strings containing a quote character (#3798[] @​akulsr0)

#3798: jsx-eslint/eslint-plugin-react#3798

Commits
  • 4c10849 Update CHANGELOG and bump version
  • 45ba6bc [Fix] jsx-curly-brace-presence: avoid autofixing attributes with double quo...
  • e538ee9 [Tests] jsx-curly-brace-presence: clean up formatting
  • 5fc0f87 Update CHANGELOG and bump version
  • a2306e7 [Tests] use npm audit instead of aud
  • d9c7ef1 [Dev Deps] update @babel/core, @babel/eslint-parser, aud
  • 10eb235 [Fix] jsx-curly-brace-presence: do not trigger on strings containing a quot...
  • 0170dbe [Refactor] add astUtil.isCallExpression predicate
  • 3b6bacc [Refactor] general cleanup
  • 8dc0215 [Refactor] hoist functions to module level
  • Additional commits viewable in compare view

Updates sass from 1.77.8 to 1.78.0

Release notes

Sourced from sass's releases.

Dart Sass 1.78.0

To install Sass 1.78.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • The meta.feature-exists function is now deprecated. This deprecation is named feature-exists.

  • Fix a crash when using @at-root without any queries or children in the indented syntax.

JS API

  • Backport the deprecation options (fatalDeprecations, futureDeprecations, and silenceDeprecations) to the legacy JS API. The legacy JS API is itself deprecated, and you should move off of it if possible, but this will allow users of bundlers and other tools that are still using the legacy API to still control deprecation warnings.

  • Fix a bug where accessing SourceSpan.url would crash when a relative URL was passed to the Sass API.

Embedded Sass

  • Explicitly expose a sass executable from the sass-embedded npm package. This was intended to be included in 1.63.0, but due to the way platform-specific dependency executables are installed it did not work as intended. Now users can run npx sass for local installs or just sass when sass-embedded is installed globally.

  • Add linux-riscv64, linux-musl-riscv64, and android-riscv64 support for the sass-embedded npm package.

  • Fix an edge case where the Dart VM could hang when shutting down when requests were in flight.

  • Fix a race condition where the embedded host could fail to shut down if it was closed around the same time a new compilation was started.

  • Fix a bug where parse-time deprecation warnings could not be controlled by the deprecation options in some circumstances.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.78.0

  • The meta.feature-exists function is now deprecated. This deprecation is named feature-exists.

  • Fix a crash when using @at-root without any queries or children in the indented syntax.

JS API

  • Backport the deprecation options (fatalDeprecations, futureDeprecations, and silenceDeprecations) to the legacy JS API. The legacy JS API is itself deprecated, and you should move off of it if possible, but this will allow users of bundlers and other tools that are still using the legacy API to still control deprecation warnings.

  • Fix a bug where accessing SourceSpan.url would crash when a relative URL was passed to the Sass API.

Embedded Sass

  • Explicitly expose a sass executable from the sass-embedded npm package. This was intended to be included in 1.63.0, but due to the way platform-specific dependency executables are installed it did not work as intended. Now users can run npx sass for local installs or just sass when sass-embedded is installed globally.

  • Add linux-riscv64, linux-musl-riscv64, and android-riscv64 support for the sass-embedded npm package.

  • Fix an edge case where the Dart VM could hang when shutting down when requests were in flight.

  • Fix a race condition where the embedded host could fail to shut down if it was closed around the same time a new compilation was started.

  • Fix a bug where parse-time deprecation warnings could not be controlled by the deprecation options in some circumstances.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the security group in /web with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.7.6` | `1.7.7` |
| [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) | `2.29.1` | `2.30.0` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `28.8.1` | `28.8.3` |
| [eslint-plugin-jsx-a11y](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y) | `6.9.0` | `6.10.0` |
| [eslint-plugin-react](https://github.com/jsx-eslint/eslint-plugin-react) | `7.35.0` | `7.35.2` |
| [sass](https://github.com/sass/dart-sass) | `1.77.8` | `1.78.0` |


Updates `axios` from 1.7.6 to 1.7.7
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.7.6...v1.7.7)

Updates `eslint-plugin-import` from 2.29.1 to 2.30.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](import-js/eslint-plugin-import@v2.29.1...v2.30.0)

Updates `eslint-plugin-jest` from 28.8.1 to 28.8.3
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](jest-community/eslint-plugin-jest@v28.8.1...v28.8.3)

Updates `eslint-plugin-jsx-a11y` from 6.9.0 to 6.10.0
- [Release notes](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/releases)
- [Changelog](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/CHANGELOG.md)
- [Commits](jsx-eslint/eslint-plugin-jsx-a11y@v6.9.0...v6.10.0)

Updates `eslint-plugin-react` from 7.35.0 to 7.35.2
- [Release notes](https://github.com/jsx-eslint/eslint-plugin-react/releases)
- [Changelog](https://github.com/jsx-eslint/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](jsx-eslint/eslint-plugin-react@v7.35.0...v7.35.2)

Updates `sass` from 1.77.8 to 1.78.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.77.8...1.78.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: eslint-plugin-jsx-a11y
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: eslint-plugin-react
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependabot javascript Pull requests that update Javascript code type::security labels Sep 7, 2024
Copy link

@replicated-ci replicated-ci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

This PR was automatically approved and merged by the automated-prs-manager GitHub action

@replicated-ci replicated-ci merged commit b58499e into main Sep 7, 2024
116 checks passed
@replicated-ci replicated-ci deleted the dependabot/npm_and_yarn/web/security-be4ccb3f2e branch September 7, 2024 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependabot javascript Pull requests that update Javascript code type::security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant