Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the security group in /web with 7 updates #5010

Closed
wants to merge 1 commit into from
Closed

Bump the security group in /web with 7 updates #5010

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 16, 2024
edited
Loading

Bumps the security group in /web with 7 updates:

Package From To
@storybook/addon-storysource 8.4.2 8.4.4
@aws-sdk/types 3.686.0 3.692.0
@storybook/addon-links 8.4.2 8.4.4
jest-fixed-jsdom 0.0.8 0.0.9
msw 2.6.2 2.6.5
sass 1.80.6 1.81.0
tailwindcss 3.4.14 3.4.15

Updates @storybook/addon-storysource from 8.4.2 to 8.4.4

Release notes

Sourced from @​storybook/addon-storysource's releases.

v8.4.4

8.4.4

  • Addon Test: Only optimize react deps if applicable in vitest-plugin - #29617, thanks @​yannbf!

v8.4.3

8.4.3

Changelog

Sourced from @​storybook/addon-storysource's changelog.

8.4.4

  • Addon Test: Only optimize react deps if applicable in vitest-plugin - #29617, thanks @​yannbf!

8.4.3

Commits
  • ca016ae Bump version from "8.4.3" to "8.4.4" [skip ci]
  • 750930f Bump version from "8.4.2" to "8.4.3" [skip ci]
  • See full diff in compare view

Updates @aws-sdk/types from 3.686.0 to 3.692.0

Release notes

Sourced from @​aws-sdk/types's releases.

v3.692.0

3.692.0(2024-11-14)

Chores
  • clients: codegen update for smithy/core resolvedPath fix (#6664) (ba1bdcc3)
New Features
  • clients: update client endpoints as of 2024-11-14 (87df5bd7)
  • client-deadline: Adds support for select GPU accelerated instance types when creating new service-managed fleets. (ac3309be)
  • client-iam: This release includes support for five new APIs and changes to existing APIs that give AWS Organizations customers the ability to use temporary root credentials, targeted to member accounts in the organization. (c9dfef13)
  • client-cloudcontrol: Added support for CloudFormation Hooks with Cloud Control API. The GetResourceRequestStatus API response now includes an optional HooksProgressEvent and HooksRequestToken parameter for Hooks Invocation Progress as part of resource operation with Cloud Control. (e90cde2e)
  • client-iot-wireless: New FuotaTask resource type to enable logging for your FUOTA tasks. A ParticipatingGatewaysforMulticast parameter to choose the list of gateways to receive the multicast downlink message and the transmission interval between them. Descriptor field which will be sent to devices during FUOTA transfer. (69415e00)
  • client-sts: This release introduces the new API 'AssumeRoot', which returns short-term credentials that you can use to perform privileged tasks. (5528f54c)
  • client-license-manager-user-subscriptions: New and updated API operations to support License Included User-based Subscription of Microsoft Remote Desktop Services (RDS). (5c7c3497)
  • client-partnercentral-selling: Announcing AWS Partner Central API for Selling: This service launch Introduces new APIs for co-selling opportunity management and related functions. Key features include notifications, a dynamic sandbox for testing, and streamlined validations. (07b84d2f)
  • client-sagemaker: Add support for Neuron instance types [ trn1/trn1n/inf2 ] on SageMaker Notebook Instances Platform. (dd44e8a7)
  • client-ivs: IVS now offers customers the ability to stream multitrack video to Channels. (84b6f4c2)
  • client-quicksight: This release adds APIs for Custom Permissions management in QuickSight, and APIs to support QuickSight Branding. (81b1f8ca)
  • client-s3: This release updates the ListBuckets API Reference documentation in support of the new 10,000 general purpose bucket default quota on all AWS accounts. To increase your bucket quota from 10,000 to up to 1 million buckets, simply request a quota increase via Service Quotas. (1e424562)
  • client-redshift: Adds support for Amazon Redshift S3AccessGrants (bf85814f)
  • client-accessanalyzer: Expand analyzer configuration capabilities for unused access analyzers. Unused access analyzer configurations now support the ability to exclude accounts and resource tags from analysis providing more granular control over the scope of analysis. (b2df1e19)

For list of updated packages, view updated-packages.md in assets-3.692.0.zip

v3.691.0

3.691.0(2024-11-13)

Chores
New Features
  • clients: update client endpoints as of 2024-11-13 (24e23f91)
  • client-internetmonitor: Add new query type Routing_Suggestions regarding querying interface (4f49de28)
  • client-cloudtrail: This release adds a new API GenerateQuery that generates a query from a natural language prompt about the event data in your event data store. This operation uses generative artificial intelligence (generative AI) to produce a ready-to-use SQL query from the prompt. (93b16b26)
  • client-accessanalyzer: This release adds support for policy validation and external access findings for resource control policies (RCP). IAM Access Analyzer helps you author functional and secure RCPs and awareness that a RCP may restrict external access. Updated service API, documentation, and paginators. (8ee2e532)
  • client-mediaconvert: This release adds support for ARN inputs in the Kantar credentials secrets name field and the MSPR field to the manifests for PlayReady DRM protected outputs. (6c46bda0)
  • client-organizations: Add support for policy operations on the Resource Control Polices. (d87a9848)

... (truncated)

Changelog

Sourced from @​aws-sdk/types's changelog.

3.692.0 (2024-11-14)

Note: Version bump only for package @​aws-sdk/types

Commits

Updates @storybook/addon-links from 8.4.2 to 8.4.4

Release notes

Sourced from @​storybook/addon-links's releases.

v8.4.4

8.4.4

  • Addon Test: Only optimize react deps if applicable in vitest-plugin - #29617, thanks @​yannbf!

v8.4.3

8.4.3

Changelog

Sourced from @​storybook/addon-links's changelog.

8.4.4

  • Addon Test: Only optimize react deps if applicable in vitest-plugin - #29617, thanks @​yannbf!

8.4.3

Commits
  • ca016ae Bump version from "8.4.3" to "8.4.4" [skip ci]
  • 750930f Bump version from "8.4.2" to "8.4.3" [skip ci]
  • See full diff in compare view

Updates jest-fixed-jsdom from 0.0.8 to 0.0.9

Release notes

Sourced from jest-fixed-jsdom's releases.

v0.0.9 (2024-11-13)

Bug Fixes

  • set customExportConditions to [''] (#22) (e136f35938eb319e450670af3f5657fe8527ddda) @​kettanaito
Commits

Updates msw from 2.6.2 to 2.6.5

Release notes

Sourced from msw's releases.

v2.6.5 (2024-11-16)

Bug Fixes

  • support non-configurable responses (#2360) (5bf3e3bf5f9a6d32c79410c11abd539ec4c2ddc5) @​kettanaito

v2.6.4 (2024-11-10)

Bug Fixes

  • prevent infinite loop when bypassing sendBeacon() requests (#2353) (2fa98c327acc51189f87789d9155c4ec57be2299) @​kettanaito
  • remove the internal bypass request header before performing the request as-is in Node.js (#2353) (2fa98c327acc51189f87789d9155c4ec57be2299) @​kettanaito

v2.6.3 (2024-11-10)

Bug Fixes

  • handleRequest: remove transformResponse option (#2351) (74c4a3a89970bbfc498c812790daef13766dea72) @​kettanaito
Commits

Updates sass from 1.80.6 to 1.81.0

Release notes

Sourced from sass's releases.

Dart Sass 1.81.0

To install Sass 1.81.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Fix a few cases where deprecation warnings weren't being emitted for global built-in functions whose names overlap with CSS calculations.

  • Add support for the CSS round() calculation with a single argument, as long as that argument might be a unitless number.

See the full changelog for changes in earlier releases.

Dart Sass 1.80.7

To install Sass 1.80.7, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Embedded Host

  • Don't treat 0 as undefined for the green and blue channels in the LegacyColor constructor.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.81.0

  • Fix a few cases where deprecation warnings weren't being emitted for global built-in functions whose names overlap with CSS calculations.

  • Add support for the CSS round() calculation with a single argument, as long as that argument might be a unitless number.

1.80.7

Embedded Host

  • Don't treat 0 as undefined for the green and blue channels in the LegacyColor constructor.
Commits

Updates tailwindcss from 3.4.14 to 3.4.15

Release notes

Sourced from tailwindcss's releases.

v3.4.15

  • Bump versions for security vulnerabilities (#14697)
  • Ensure the TypeScript types for the boxShadow theme configuration allows arrays (#14856)
  • Set fallback for opacity variables to ensure setting colors with the selection:* variant works in Chrome 131 (#15003)
Changelog

Sourced from tailwindcss's changelog.

[3.4.15] - 2024-11-14

  • Bump versions for security vulnerabilities (#14697)
  • Ensure the TypeScript types for the boxShadow theme configuration allows arrays (#14856)
  • Set fallback for opacity variables to ensure setting colors with the selection:* variant works in Chrome 131 (#15003)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the security group in /web with 7 updates
50b5ba5 
Bumps the security group in /web with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@storybook/addon-storysource](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/storysource) | `8.4.2` | `8.4.4` |
| [@aws-sdk/types](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/types) | `3.686.0` | `3.692.0` |
| [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links) | `8.4.2` | `8.4.4` |
| [jest-fixed-jsdom](https://github.com/mswjs/jest-fixed-jsdom) | `0.0.8` | `0.0.9` |
| [msw](https://github.com/mswjs/msw) | `2.6.2` | `2.6.5` |
| [sass](https://github.com/sass/dart-sass) | `1.80.6` | `1.81.0` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss) | `3.4.14` | `3.4.15` |


Updates `@storybook/addon-storysource` from 8.4.2 to 8.4.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v8.4.4/code/addons/storysource)

Updates `@aws-sdk/types` from 3.686.0 to 3.692.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/types/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.692.0/packages/types)

Updates `@storybook/addon-links` from 8.4.2 to 8.4.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v8.4.4/code/addons/links)

Updates `jest-fixed-jsdom` from 0.0.8 to 0.0.9
- [Release notes](https://github.com/mswjs/jest-fixed-jsdom/releases)
- [Changelog](https://github.com/mswjs/jest-fixed-jsdom/blob/main/release.config.json)
- [Commits](mswjs/jest-fixed-jsdom@v0.0.8...v0.0.9)

Updates `msw` from 2.6.2 to 2.6.5
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v2.6.2...v2.6.5)

Updates `sass` from 1.80.6 to 1.81.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.80.6...1.81.0)

Updates `tailwindcss` from 3.4.14 to 3.4.15
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/v3.4.15/CHANGELOG.md)
- [Commits](tailwindlabs/tailwindcss@v3.4.14...v3.4.15)

---
updated-dependencies:
- dependency-name: "@storybook/addon-storysource"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: "@aws-sdk/types"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: "@storybook/addon-links"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: jest-fixed-jsdom
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: msw
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: tailwindcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependabot javascript Pull requests that update Javascript code type::security labels Nov 16, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 19, 2024

Superseded by #5016.

@dependabot dependabot bot closed this Nov 19, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/web/security-0b20d277ba branch November 19, 2024 23:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependabot javascript Pull requests that update Javascript code type::security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants