Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the security group in /web with 7 updates #4915

Merged
merged 1 commit into from
Sep 21, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 21, 2024

Bumps the security group in /web with 7 updates:

Package From To
monaco-editor 0.51.0 0.52.0
@aws-sdk/types 3.649.0 3.654.0
@storybook/addon-links 8.3.0 8.3.2
@types/react 18.3.5 18.3.8
babel-loader 9.1.3 9.2.1
sass 1.78.0 1.79.3
tailwindcss 3.4.11 3.4.12

Updates monaco-editor from 0.51.0 to 0.52.0

Release notes

Sourced from monaco-editor's releases.

v0.52.0

Changes:

  • #4691: Prepare monaco-editor for release 0.52
  • #4665: Updates nvm to align with vscode nvm file.
  • #4652: Removing editor.main.nls.js

This list of changes was auto generated.

v0.52.0-rc2

Changes:

  • #4665: Updates nvm to align with vscode nvm file.
  • #4652: Removing editor.main.nls.js

This list of changes was auto generated.

Changelog

Sourced from monaco-editor's changelog.

[0.52.0]

  • Comment added inside of IModelContentChangedEvent
Commits
  • f6dc0eb Merge pull request #4691 from microsoft/chubby-cardinal
  • 53e8e1c adding changelog md change
  • 7959d5c update pacakge.json
  • 3c7eb57 undo the package upgrade change
  • f262e8f Defines setInterval/setTimeout on faked globalThis in unit test
  • b31d22b Updates nvm to align with vscode nvm file. (#4665)
  • b8a83d5 Merge pull request #4652 from microsoft/annoyed-dragon
  • e52ff42 removing editor.main.nls.js
  • See full diff in compare view

Updates @aws-sdk/types from 3.649.0 to 3.654.0

Release notes

Sourced from @​aws-sdk/types's releases.

v3.654.0

3.654.0(2024-09-18)

Chores
  • clients: codegen sync for IDE type navigation (#6490) (bcfee783)
Documentation Changes
  • client-rds: Updates Amazon RDS documentation with information upgrading snapshots with unsupported engine versions for RDS for MySQL and RDS for PostgreSQL. (b08130e0)
New Features
  • client-s3: Added SSE-KMS support for directory buckets. (a00b8b01)
  • client-mailmanager: Introduce a new RuleSet condition evaluation, where customers can set up a StringExpression with a MimeHeader condition. This condition will perform the necessary validation based on the X-header provided by customers. (900a39ed)
  • client-directory-service-data: Added new AWS Directory Service Data API, enabling you to manage data stored in AWS Directory Service directories. This includes APIs for creating, reading, updating, and deleting directory users, groups, and group memberships. (8c9372bd)
  • client-directory-service: Added new APIs for enabling, disabling, and describing access to the AWS Directory Service Data API (cca80ddf)
  • client-guardduty: Add launchType and sourceIPs fields to GuardDuty findings. (13c35828)
  • client-cost-explorer: This release extends the GetReservationPurchaseRecommendation API to support recommendations for Amazon DynamoDB reservations. (69763882)
Bug Fixes
  • codegen: fix setting of default signing name (#6487) (108bb991)
  • middleware-flexible-checksums: use union for new config types (#6489) (c43103fb)

For list of updated packages, view updated-packages.md in assets-3.654.0.zip

v3.653.0

3.653.0(2024-09-17)

Chores
  • allow turbo remote cache write only on AWS Codebuild (#6481) (9b2dac17)
  • use yarn for running turbo commands (#6480) (cd53ac9d)
  • show only turbo-computed task hashes in output (#6478) (f8befa68)
  • pass turbo remote cache options in environment variables (#6479) (a593a095)
Documentation Changes
  • client-rds: Updates Amazon RDS documentation with configuration information about the BYOL model for RDS for Db2. (90430721)
  • client-ecs: This is a documentation only release to address various tickets. (342485b9)
New Features
  • client-ecr: The DescribeImageScanning API now includes fixAvailable, exploitAvailable, and fixedInVersion fields to provide more detailed information about the availability of fixes, exploits, and fixed versions for identified image vulnerabilities. (d8294542)
  • client-lambda: Support for JSON resource-based policies and block public access (566bb052)
  • client-codebuild: GitLab Enhancements - Add support for Self-Hosted GitLab runners in CodeBuild. Add group webhooks (42807fe4)

... (truncated)

Changelog

Sourced from @​aws-sdk/types's changelog.

3.654.0 (2024-09-18)

Note: Version bump only for package @​aws-sdk/types

Commits

Updates @storybook/addon-links from 8.3.0 to 8.3.2

Release notes

Sourced from @​storybook/addon-links's releases.

v8.3.2

8.3.2

v8.3.1

8.3.1

Changelog

Sourced from @​storybook/addon-links's changelog.

8.3.2

8.3.1

Commits
  • ee03ab0 Bump version from "8.3.1" to "8.3.2" [skip ci]
  • 43accbc Bump version from "8.3.0" to "8.3.1" [skip ci]
  • See full diff in compare view

Updates @types/react from 18.3.5 to 18.3.8

Commits

Updates babel-loader from 9.1.3 to 9.2.1

Release notes

Sourced from babel-loader's releases.

v9.2.1

What's Changed

Full Changelog: babel/babel-loader@v9.2.0...v9.2.1

v9.2.0

What's Changed

Full Changelog: babel/babel-loader@v9.1.3...v9.2.0

Commits

Updates sass from 1.78.0 to 1.79.3

Release notes

Sourced from sass's releases.

Dart Sass 1.79.3

To install Sass 1.79.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Update the $channel parameter in the suggested replacement for color.red(), color.green(), color.blue(), color.hue(), color.saturation(), color.lightness(), color.whiteness(), and color.blackness() to use a quoted string.

See the full changelog for changes in earlier releases.

Dart Sass 1.79.2

To install Sass 1.79.2, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Add a $space parameter to the suggested replacement for color.red(), color.green(), color.blue(), color.hue(), color.saturation(), color.lightness(), color.whiteness(), and color.blackness().

  • Update deprecation warnings for the legacy JS API to include a link to relevant documentation.

See the full changelog for changes in earlier releases.

Dart Sass 1.79.1

To install Sass 1.79.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • No user-visible changes.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.79.3

  • Update the $channel parameter in the suggested replacement for color.red(), color.green(), color.blue(), color.hue(), color.saturation(), color.lightness(), color.whiteness(), and color.blackness() to use a quoted string.

1.79.2

  • Add a $space parameter to the suggested replacement for color.red(), color.green(), color.blue(), color.hue(), color.saturation(), color.lightness(), color.whiteness(), and color.blackness().

  • Update deprecation warnings for the legacy JS API to include a link to relevant documentation.

1.79.1

  • No user-visible changes.

1.79.0

  • Breaking change: Passing a number with unit % to the $alpha parameter of color.change(), color.adjust(), change-color(), and adjust-color() is now interpreted as a percentage, instead of ignoring the unit. For example, color.change(red, $alpha: 50%) now returns rgb(255 0 0 / 0.5).

  • Potentially breaking compatibility fix: Sass no longer rounds RGB channels to the nearest integer. This means that, for example, rgb(0 0 1) != rgb(0 0 0.6). This matches the latest version of the CSS spec and browser behavior.

  • Potentially breaking compatibility fix: Passing large positive or negative values to color.adjust() can now cause a color's channels to go outside that color's gamut. In most cases this will currently be clipped by the browser and end up showing the same color as before, but once browsers implement gamut mapping it may produce a different result.

  • Add support for CSS Color Level 4 [color spaces]. Each color value now tracks its color space along with the values of each channel in that color space. There are two general principles to keep in mind when dealing with new color spaces:

    1. With the exception of legacy color spaces (rgb, hsl, and hwb), colors will always be emitted in the color space they were defined in unless they're explicitly converted.

    2. The color.to-space() function is the only way to convert a color to another color space. Some built-in functions may do operations in a

... (truncated)

Commits

Updates tailwindcss from 3.4.11 to 3.4.12

Release notes

Sourced from tailwindcss's releases.

v3.4.12

Fixed

  • Ensure using @apply with utilities that use @defaults works with rules defined in the base layer when using optimizeUniversalDefaults (#14427)
Changelog

Sourced from tailwindcss's changelog.

[3.4.12] - 2024-09-17

Fixed

  • Ensure using @apply with utilities that use @defaults works with rules defined in the base layer when using optimizeUniversalDefaults (#14427)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the security group in /web with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [monaco-editor](https://github.com/microsoft/monaco-editor) | `0.51.0` | `0.52.0` |
| [@aws-sdk/types](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/types) | `3.649.0` | `3.654.0` |
| [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links) | `8.3.0` | `8.3.2` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `18.3.5` | `18.3.8` |
| [babel-loader](https://github.com/babel/babel-loader) | `9.1.3` | `9.2.1` |
| [sass](https://github.com/sass/dart-sass) | `1.78.0` | `1.79.3` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss) | `3.4.11` | `3.4.12` |


Updates `monaco-editor` from 0.51.0 to 0.52.0
- [Release notes](https://github.com/microsoft/monaco-editor/releases)
- [Changelog](https://github.com/microsoft/monaco-editor/blob/main/CHANGELOG.md)
- [Commits](microsoft/monaco-editor@v0.51.0...v0.52.0)

Updates `@aws-sdk/types` from 3.649.0 to 3.654.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/types/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.654.0/packages/types)

Updates `@storybook/addon-links` from 8.3.0 to 8.3.2
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v8.3.2/code/addons/links)

Updates `@types/react` from 18.3.5 to 18.3.8
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `babel-loader` from 9.1.3 to 9.2.1
- [Release notes](https://github.com/babel/babel-loader/releases)
- [Changelog](https://github.com/babel/babel-loader/blob/main/CHANGELOG.md)
- [Commits](babel/babel-loader@v9.1.3...v9.2.1)

Updates `sass` from 1.78.0 to 1.79.3
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.78.0...1.79.3)

Updates `tailwindcss` from 3.4.11 to 3.4.12
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/v3.4.12/CHANGELOG.md)
- [Commits](tailwindlabs/tailwindcss@v3.4.11...v3.4.12)

---
updated-dependencies:
- dependency-name: monaco-editor
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: "@aws-sdk/types"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: "@storybook/addon-links"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: "@types/react"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: babel-loader
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: tailwindcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependabot javascript Pull requests that update Javascript code type::security labels Sep 21, 2024
Copy link

@replicated-ci replicated-ci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

This PR was automatically approved and merged by the automated-prs-manager GitHub action

@replicated-ci replicated-ci merged commit bbb8366 into main Sep 21, 2024
117 checks passed
@replicated-ci replicated-ci deleted the dependabot/npm_and_yarn/web/security-f64cf8ccf6 branch September 21, 2024 12:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependabot javascript Pull requests that update Javascript code type::security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant