Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the security group across 1 directory with 7 updates #5016

Merged
merged 1 commit into from
Nov 20, 2024
Merged

Bump the security group across 1 directory with 7 updates #5016

merged 1 commit into from
Nov 20, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 19, 2024

Bumps the security group with 7 updates in the /web directory:

Package From To
@storybook/addon-storysource 8.4.2 8.4.4
@aws-sdk/types 3.686.0 3.696.0
@storybook/addon-links 8.4.2 8.4.4
jest-fixed-jsdom 0.0.8 0.0.9
msw 2.6.2 2.6.5
sass 1.80.6 1.81.0
tailwindcss 3.4.14 3.4.15

Updates @storybook/addon-storysource from 8.4.2 to 8.4.4

Release notes

Sourced from @​storybook/addon-storysource's releases.

v8.4.4

8.4.4

  • Addon Test: Only optimize react deps if applicable in vitest-plugin - #29617, thanks @​yannbf!

v8.4.3

8.4.3

Changelog

Sourced from @​storybook/addon-storysource's changelog.

8.4.4

  • Addon Test: Only optimize react deps if applicable in vitest-plugin - #29617, thanks @​yannbf!

8.4.3

Commits
  • ca016ae Bump version from "8.4.3" to "8.4.4" [skip ci]
  • 750930f Bump version from "8.4.2" to "8.4.3" [skip ci]
  • See full diff in compare view

Updates @aws-sdk/types from 3.686.0 to 3.696.0

Release notes

Sourced from @​aws-sdk/types's releases.

v3.696.0

3.696.0(2024-11-19)

Chores
New Features
  • clients: update client endpoints as of 2024-11-19 (3a63d0b0)
  • client-ecs: This release introduces support for configuring the version consistency feature for individual containers defined within a task definition. The configuration allows to specify whether ECS should resolve the container image tag specified in the container definition to an image digest. (d632c0c4)
  • client-ec2: This release adds VPC Block Public Access (VPC BPA), a new declarative control which blocks resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. (7905a8e0)
  • client-efs: Add support for the new parameters in EFS replication APIs (1f778937)
  • client-taxsettings: Release Tax Inheritance APIs, Tax Exemption APIs, and functionality update for some existing Tax Registration APIs (da73fe5c)
  • client-glue: AWS Glue Data Catalog now enhances managed table optimizations of Apache Iceberg tables that can be accessed only from a specific Amazon Virtual Private Cloud (VPC) environment. (844a1daf)
  • client-mwaa: Amazon MWAA now supports a new environment class, mw1.micro, ideal for workloads requiring fewer resources than mw1.small. This class supports a single instance of each Airflow component: Scheduler, Worker, and Webserver. (a64d4bbc)
  • client-workspaces: Releasing new ErrorCodes for Image Validation failure during CreateWorkspaceImage process (5649e47d)
  • client-b2bi: Add new X12 transactions sets and versions (cb3d07bb)
  • client-keyspaces: Amazon Keyspaces Multi-Region Replication: Adds support to add new regions to multi and single-region keyspaces. (9c30b3ab)

For list of updated packages, view updated-packages.md in assets-3.696.0.zip

v3.695.0

3.695.0(2024-11-18)

New Features
  • clients: update client endpoints as of 2024-11-18 (70ada5c5)
  • client-auto-scaling: Amazon EC2 Auto Scaling now supports Amazon Application Recovery Controller (ARC) zonal shift and zonal autoshift to help you quickly recover an impaired application from failures in an Availability Zone (AZ). (f8fdf923)
  • client-iotsitewise: The release introduces a generative AI Assistant in AWS IoT SiteWise. It includes: 1) InvokeAssistant API - Invoke the Assistant to get alarm summaries and ask questions. 2) Dataset APIs - Manage knowledge base configuration for the Assistant. 3) Portal APIs enhancement - Manage AI-aware dashboards. (6c6c9c8c)
  • client-ecs: This release adds support for adding VPC Lattice configurations in ECS CreateService/UpdateService APIs. The configuration allows for associating VPC Lattice target groups with ECS Services. (47d5f20c)
  • client-qconnect: This release introduces MessageTemplate as a resource in Amazon Q in Connect, along with APIs to create, read, search, update, and delete MessageTemplate resources. (1812f5fe)
  • client-rds: Add support for the automatic pause/resume feature of Aurora Serverless v2. (c9e73741)
  • client-ec2: Adding request and response elements for managed resources. (be4dacb1)
  • client-connect: Adds CreateContactFlowVersion and ListContactFlowVersions APIs to create and view the versions of a contact flow. (d7c1515c)
  • client-appconfig: AWS AppConfig has added a new extension action point, AT_DEPLOYMENT_TICK, to support third-party monitors to trigger an automatic rollback during a deployment. (fa926ac1)
  • client-customer-profiles: This release introduces Segmentation APIs and new Calculated Attribute Event Filters as part of Amazon Connect Customer Profiles service. (bd19a2a6)
  • client-cloudformation: This release adds a new API, ListHookResults, that allows retrieving CloudFormation Hooks invocation results for hooks invoked during a create change set operation or Cloud Control API operation (86aa1cf6)
  • client-rds-data: Add support for the automatic pause/resume feature of Aurora Serverless v2. (2fc76d41)

For list of updated packages, view updated-packages.md in assets-3.695.0.zip

v3.694.0

3.694.0(2024-11-15)

... (truncated)

Changelog

Sourced from @​aws-sdk/types's changelog.

3.696.0 (2024-11-19)

Note: Version bump only for package @​aws-sdk/types

3.692.0 (2024-11-14)

Note: Version bump only for package @​aws-sdk/types

Commits

Updates @storybook/addon-links from 8.4.2 to 8.4.4

Release notes

Sourced from @​storybook/addon-links's releases.

v8.4.4

8.4.4

  • Addon Test: Only optimize react deps if applicable in vitest-plugin - #29617, thanks @​yannbf!

v8.4.3

8.4.3

Changelog

Sourced from @​storybook/addon-links's changelog.

8.4.4

  • Addon Test: Only optimize react deps if applicable in vitest-plugin - #29617, thanks @​yannbf!

8.4.3

Commits
  • ca016ae Bump version from "8.4.3" to "8.4.4" [skip ci]
  • 750930f Bump version from "8.4.2" to "8.4.3" [skip ci]
  • See full diff in compare view

Updates jest-fixed-jsdom from 0.0.8 to 0.0.9

Release notes

Sourced from jest-fixed-jsdom's releases.

v0.0.9 (2024-11-13)

Bug Fixes

  • set customExportConditions to [''] (#22) (e136f35938eb319e450670af3f5657fe8527ddda) @​kettanaito
Commits

Updates msw from 2.6.2 to 2.6.5

Release notes

Sourced from msw's releases.

v2.6.5 (2024-11-16)

Bug Fixes

  • support non-configurable responses (#2360) (5bf3e3bf5f9a6d32c79410c11abd539ec4c2ddc5) @​kettanaito

v2.6.4 (2024-11-10)

Bug Fixes

  • prevent infinite loop when bypassing sendBeacon() requests (#2353) (2fa98c327acc51189f87789d9155c4ec57be2299) @​kettanaito
  • remove the internal bypass request header before performing the request as-is in Node.js (#2353) (2fa98c327acc51189f87789d9155c4ec57be2299) @​kettanaito

v2.6.3 (2024-11-10)

Bug Fixes

  • handleRequest: remove transformResponse option (#2351) (74c4a3a89970bbfc498c812790daef13766dea72) @​kettanaito
Commits

Updates sass from 1.80.6 to 1.81.0

Release notes

Sourced from sass's releases.

Dart Sass 1.81.0

To install Sass 1.81.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Fix a few cases where deprecation warnings weren't being emitted for global built-in functions whose names overlap with CSS calculations.

  • Add support for the CSS round() calculation with a single argument, as long as that argument might be a unitless number.

See the full changelog for changes in earlier releases.

Dart Sass 1.80.7

To install Sass 1.80.7, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Embedded Host

  • Don't treat 0 as undefined for the green and blue channels in the LegacyColor constructor.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.81.0

  • Fix a few cases where deprecation warnings weren't being emitted for global built-in functions whose names overlap with CSS calculations.

  • Add support for the CSS round() calculation with a single argument, as long as that argument might be a unitless number.

1.80.7

Embedded Host

  • Don't treat 0 as undefined for the green and blue channels in the LegacyColor constructor.
Commits

Updates tailwindcss from 3.4.14 to 3.4.15

Release notes

Sourced from tailwindcss's releases.

v3.4.15

  • Bump versions for security vulnerabilities (#14697)
  • Ensure the TypeScript types for the boxShadow theme configuration allows arrays (#14856)
  • Set fallback for opacity variables to ensure setting colors with the selection:* variant works in Chrome 131 (#15003)
Changelog

Sourced from tailwindcss's changelog.

[3.4.15] - 2024-11-14

  • Bump versions for security vulnerabilities (#14697)
  • Ensure the TypeScript types for the boxShadow theme configuration allows arrays (#14856)
  • Set fallback for opacity variables to ensure setting colors with the selection:* variant works in Chrome 131 (#15003)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the security group across 1 directory with 7 updates
39bcd63 
Bumps the security group with 7 updates in the /web directory:

| Package | From | To |
| --- | --- | --- |
| [@storybook/addon-storysource](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/storysource) | `8.4.2` | `8.4.4` |
| [@aws-sdk/types](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/types) | `3.686.0` | `3.696.0` |
| [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links) | `8.4.2` | `8.4.4` |
| [jest-fixed-jsdom](https://github.com/mswjs/jest-fixed-jsdom) | `0.0.8` | `0.0.9` |
| [msw](https://github.com/mswjs/msw) | `2.6.2` | `2.6.5` |
| [sass](https://github.com/sass/dart-sass) | `1.80.6` | `1.81.0` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss) | `3.4.14` | `3.4.15` |



Updates `@storybook/addon-storysource` from 8.4.2 to 8.4.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v8.4.4/code/addons/storysource)

Updates `@aws-sdk/types` from 3.686.0 to 3.696.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/types/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.696.0/packages/types)

Updates `@storybook/addon-links` from 8.4.2 to 8.4.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v8.4.4/code/addons/links)

Updates `jest-fixed-jsdom` from 0.0.8 to 0.0.9
- [Release notes](https://github.com/mswjs/jest-fixed-jsdom/releases)
- [Changelog](https://github.com/mswjs/jest-fixed-jsdom/blob/main/release.config.json)
- [Commits](mswjs/jest-fixed-jsdom@v0.0.8...v0.0.9)

Updates `msw` from 2.6.2 to 2.6.5
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v2.6.2...v2.6.5)

Updates `sass` from 1.80.6 to 1.81.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.80.6...1.81.0)

Updates `tailwindcss` from 3.4.14 to 3.4.15
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/v3.4.15/CHANGELOG.md)
- [Commits](tailwindlabs/tailwindcss@v3.4.14...v3.4.15)

---
updated-dependencies:
- dependency-name: "@storybook/addon-storysource"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: "@aws-sdk/types"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: "@storybook/addon-links"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: jest-fixed-jsdom
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: msw
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: tailwindcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependabot javascript Pull requests that update Javascript code type::security labels Nov 19, 2024
@dependabot dependabot bot mentioned this pull request Nov 19, 2024
Closed
@sgalsaleh sgalsaleh merged commit 318d86a into main Nov 20, 2024
122 checks passed
@sgalsaleh sgalsaleh deleted the dependabot/npm_and_yarn/web/security-3efea3966c branch November 20, 2024 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgalsaleh sgalsaleh sgalsaleh approved these changes

Assignees
No one assigned
Labels
dependabot javascript Pull requests that update Javascript code type::security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sgalsaleh