Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directories with 12 updates #11

Closed
wants to merge 1 commit into from
Closed

Bump the npm_and_yarn group across 1 directories with 12 updates #11

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 3, 2024
edited
Loading

Bumps the npm_and_yarn group with 12 updates in the /etp-public directory:

Package From To
qs 6.9.4 6.9.7
mocha 8.1.3 10.2.0
postcss 7.0.35 8.4.31
serve 11.3.2 14.2.1
svelte 3.24.1 3.49.0
webpack-bundle-analyzer 3.8.0 4.10.1
webpack-dev-server 3.11.0 4.15.1
json5 1.0.1 1.0.2
@babel/traverse 7.11.0 7.23.7
browserify-sign 4.2.1 4.2.2
decode-uri-component 0.2.0 0.2.2
minimist 1.2.5 1.2.8

Updates qs from 6.9.4 to 6.9.7

Changelog

Sourced from qs's changelog.

6.9.7

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [Tests] clean up stringify tests slightly
  • [meta] fix README.md (#399)
  • Revert "[meta] ignore eclint transitive audit warning"
  • [actions] backport actions from main
  • [Dev Deps] backport updates from main

6.9.6

  • [Fix] restore dist dir; mistakenly removed in d4f6c32

6.9.5

  • [Fix] stringify: do not encode parens for RFC1738
  • [Fix] stringify: fix arrayFormat comma with empty array/objects (#350)
  • [Refactor] format: remove util.assign call
  • [meta] add "Allow Edits" workflow; update rebase workflow
  • [actions] switch Automatic Rebase workflow to pull_request_target event
  • [Tests] stringify: add tests for #378
  • [Tests] migrate tests to Github Actions
  • [Tests] run nyc on all tests; use tape runner
  • [Dev Deps] update eslint, @ljharb/eslint-config, browserify, mkdirp, object-inspect, tape; add aud
Commits
  • 4cd0032 v6.9.7
  • e799ba5 [Fix] parse: ignore __proto__ keys (#428)
  • 02ca358 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 4a17709 [Fix] stringify: avoid encoding arrayformat comma when `encodeValuesOnly = ...
  • c0e13e9 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 4113a5f [Tests] clean up stringify tests slightly
  • 749a584 [Docs] add note and links for coercing primitive values (#408)
  • cce2082 [meta] fix README.md (#399)
  • c44f0c5 Revert "[meta] ignore eclint transitive audit warning"
  • e6cfd8b [actions] backport actions from main
  • Additional commits viewable in compare view

Updates mocha from 8.1.3 to 10.2.0

Release notes

Sourced from mocha's releases.

v10.2.0

10.2.0 / 2022-12-11

🎉 Enhancements

  • #4945: API: add possibility to decorate ESM name before import (@​j0tunn)

🐛 Fixes

📖 Documentation

v10.1.0

10.1.0 / 2022-10-16

🎉 Enhancements

🔩 Other

v10.0.0

10.0.0 / 2022-05-01

💥 Breaking Changes

🔩 Other

... (truncated)

Changelog

Sourced from mocha's changelog.

10.2.0 / 2022-12-11

🎉 Enhancements

  • #4945: API: add possibility to decorate ESM name before import (@​j0tunn)

🐛 Fixes

📖 Documentation

10.1.0 / 2022-10-16

🎉 Enhancements

🔩 Other

10.0.0 / 2022-05-01

💥 Breaking Changes

🔩 Other

... (truncated)

Commits

Updates postcss from 7.0.35 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

8.4.21

8.4.20

  • Fixed source map generation for childless at-rules like @layer.

8.4.19

  • Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

  • Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

  • Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

  • Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

  • Fixed source map generation for childless at-rules like @layer.

8.4.19

  • Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

  • Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

  • Fixed Node.before() unexpected behavior (by Romain Menke).
  • Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

Updates serve from 11.3.2 to 14.2.1

Release notes

Sourced from serve's releases.

14.2.1

Patches

  • Set Access-Control-Allow-Headers: * default response header: #775

Credits

Huge thanks to @​hood for helping!

14.2.0

Minor Changes

  • Update CORS headers to support PNA spec: #753
  • Bump @zeit/schemas package: #756

Patches

  • Update the license year: #752

Credits

Huge thanks to @​k-yle and @​IcedMonk for helping!

14.1.2

Patches

  • Fix: add missing CLI option to argv parser: #742

Credits

Huge thanks to @​casperx for helping!

14.1.1

Patches

  • Infra: move c8 (coverage) to devDeps: #743

Credits

Huge thanks to @​AviVahl for helping!

14.1.0

Minor Changes

  • Feat: Add support for PFX or PKCS12 encoded certificates: #708
  • Feat: add request logging: #716

Patches

  • Docs(readme): add note about using node 14+: #715

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for serve since your current version.


Updates svelte from 3.24.1 to 3.49.0

Changelog

Sourced from svelte's changelog.

3.49.0

  • Improve performance of string escaping during SSR (#5701)
  • Add ComponentType and ComponentProps convenience types (#6770)
  • Add support for CSS @layer (#7504)
  • Export CompileOptions from svelte/compiler (#7658)
  • Fix DOM-less components not being properly destroyed (#7488)
  • Fix class: directive updates with <svelte:element> (#7521, #7571)
  • Harden attribute escaping during SSR (#7530)

3.48.0

  • Allow creating cancelable custom events with createEventDispatcher (#4623)
  • Support {@const} tag in {#if} blocks #7241
  • Return the context object in setContext #7427
  • Allow comments inside {#each} blocks when using animate: (#3999)
  • Fix |local transitions in {#key} blocks (#5950)
  • Support svg namespace for {@html} (#7002, #7450)
  • Fix {@const} tag not working inside a component when there's no let: #7189
  • Remove extraneous leading newline inside <pre> and <textarea> (#7264)
  • Fix erroneous setting of textContent for \<template> elements (#7297)
  • Fix value of let: bindings not updating in certain cases (#7440)
  • Fix handling of void tags in <svelte:element> (#7449)
  • Fix handling of boolean attributes in <svelte:element> (#7478)
  • Add special style scoping handling of [open] selectors on <dialog> elements (#7495)

3.47.0

  • Add support for dynamic elements through <svelte:element> (#2324)
  • Miscellaneous variable context fixes in {@const} (#7222)
  • Fix {#key} block not being reactive when the key variable is not otherwise used (#7408)
  • Add Symbol as a known global (#7418)

3.46.6

  • Actually include action TypeScript interface in published package (#7407)

3.46.5

  • Add TypeScript interfaces for typing actions (#6538)
  • Do not generate unused-export-let warning inside <script context="module"> blocks (#7055)
  • Do not collapse whitespace-only CSS vars (#7152)
  • Add aria-description to the list of allowed ARIA attributes (#7301)
  • Fix attribute escaping during SSR (#7327)
  • Prevent .innerHTML optimization from being used when style: directive is present (#7386)

3.46.4

  • Avoid maximum call stack size exceeded errors on large components (#4694)
  • Preserve leading space with preserveWhitespace: true (#4731)

... (truncated)

Commits

Updates webpack-bundle-analyzer from 3.8.0 to 4.10.1

Changelog

Sourced from webpack-bundle-analyzer's changelog.

4.10.1

  • Bug Fix

4.10.0

  • Improvement

  • Internal

    • Make module much slimmer by replacing all lodash.* packages (#612) by @​sukkaw.

4.9.1

4.9.0

  • Improvement
    • Display modules included in concatenated entry modules on Webpack 5 when "Show content of concatenated modules" is checked (#602 by @​pgoldberg)

4.8.0

4.7.0

4.6.1

4.6.0

... (truncated)

Commits

Updates webpack-dev-server from 3.11.0 to 4.15.1

Release notes

Sourced from webpack-dev-server's releases.

v4.15.1

4.15.1 (2023-06-09)

Bug Fixes

  • replace :: with localhost before openBrowser() (#4856) (874c44b)
  • types: compatibility with @types/ws (#4899) (34bcec2)

v4.15.0

4.15.0 (2023-05-07)

Features

  • overlay displays unhandled promise rejection (#4849) (d1dd430)

v4.14.0

4.14.0 (2023-05-06)

Features

  • allow CLI to be ESM (#4837) (bb4a5d9)
  • allow filter overlay errors/warnings/runtimeErrors with function (#4813) (aab01b3)

v4.13.3

4.13.3 (2023-04-15)

Bug Fixes

v4.13.2

4.13.2 (2023-03-31)

Bug Fixes

  • prevent open 0.0.0.0 in browser due windows problems (04e74f2)

v4.13.1

4.13.1 (2023-03-18)

Bug Fixes

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

4.15.1 (2023-06-09)

Bug Fixes

  • replace :: with localhost before openBrowser() (#4856) (874c44b)
  • types: compatibility with @types/ws (#4899) (34bcec2)

4.15.0 (2023-05-07)

Features

  • overlay displays unhandled promise rejection (#4849) (d1dd430)

4.14.0 (2023-05-06)

Features

4.13.3 (2023-04-15)

Bug Fixes

4.13.2 (2023-03-31)

Bug Fixes

  • prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

4.13.0 (2023-03-17)

Features

  • added client.overlay.runtimeErrors option to control runtime errors (#4773) (dca2366)

... (truncated)

Commits
  • 540c438 chore(release): 4.15.1
  • 34bcec2 fix(types): compatibility with @types/ws (#4899)
  • 3d61107 chore(deps-dev): bump eslint from 8.40.0 to 8.41.0 (#4867)
  • ddc87c8 chore(deps-dev): bump @​types/node from 18.16.9 to 18.16.14 (#4868)
  • 168cf65 chore(deps-dev): bump @​types/node from 18.16.7 to 18.16.9 (#4862)
  • 874c44b fix: replace :: with localhost before openBrowser() (#4856)
  • c54e427 chore(deps-dev): bump @​types/node from 18.16.3 to 18.16.7 (#4857)
  • b2c8017 chore(deps-dev): bump webpack from 5.82.0 to 5.82.1 (#4858)
  • 4e35921 chore(deps-dev): bump eslint from 8.39.0 to 8.40.0 (#4851)
  • 99f66cb chore(release): 4.15.0
  • Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Updates @babel/traverse from 7.11.0 to 7.23.7

Release notes

Sourced from @​babel/traverse's releases.

v7.23.7 (2023-12-29)

🐛 Bug Fix

🏠 Internal

  • babel-helper-create-class-features-plugin
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

Committers: 4

v7.23.6 (2023-12-11)

Thanks @​martinez-hugo and @​odinho for your first pull requests!

👓 Spec Compliance

  • babel-generator, babel-parser, babel-types
  • babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-types

🐛 Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-proposal-explicit-resource-management
  • babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
    • #16161 Ensure the [[@@toPrimitive]] call of a decorated class member key is invoked once (@​JLHwung)
    • #16148 Support named evaluation for decorated anonymous class exp (@​JLHwung)
  • babel-plugin-transform-for-of, babel-preset-env
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-plugin-transform-typescript

🔬 Output optimization

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.23.7 (2023-12-29)

🐛 Bug Fix

🏠 Internal

  • babel-helper-create-class-features-plugin
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

v7.23.6 (2023-12-11)

👓 Spec Compliance

  • babel-generator, babel-parser, babel-types
  • babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-types

🐛 Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-proposal-explicit-resource-management
  • babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
    • #16161 Ensure the [[@@toPrimitive]] call of a decorated class member key is invoked once (@​JLHwung)
    • #16148 Support named evaluation for decorated anonymous class exp (@​JLHwung)
  • babel-plugin-transform-for-of, babel-preset-env
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-plugin-transform-typescript

🔬 Output optimization

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-helpers, babel-plugin-proposal-decorators

v7.23.5 (2023-11-29)

👓 Spec...

Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directories with 12 updates
685a21b 
Bumps the npm_and_yarn group with 12 updates in the /etp-public directory:

| Package | From | To |
| --- | --- | --- |
| [qs](https://github.com/ljharb/qs) | `6.9.4` | `6.9.7` |
| [mocha](https://github.com/mochajs/mocha) | `8.1.3` | `10.2.0` |
| [postcss](https://github.com/postcss/postcss) | `7.0.35` | `8.4.31` |
| [serve](https://github.com/vercel/serve) | `11.3.2` | `14.2.1` |
| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `3.24.1` | `3.49.0` |
| [webpack-bundle-analyzer](https://github.com/webpack-contrib/webpack-bundle-analyzer) | `3.8.0` | `4.10.1` |
| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.11.0` | `4.15.1` |
| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.11.0` | `7.23.7` |
| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.2` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |


Updates `qs` from 6.9.4 to 6.9.7
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.9.4...v6.9.7)

Updates `mocha` from 8.1.3 to 10.2.0
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](mochajs/mocha@v8.1.3...v10.2.0)

Updates `postcss` from 7.0.35 to 8.4.31
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@7.0.35...8.4.31)

Updates `serve` from 11.3.2 to 14.2.1
- [Release notes](https://github.com/vercel/serve/releases)
- [Commits](vercel/serve@11.3.2...14.2.1)

Updates `svelte` from 3.24.1 to 3.49.0
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md)
- [Commits](https://github.com/sveltejs/svelte/commits/v3.49.0/packages/svelte)

Updates `webpack-bundle-analyzer` from 3.8.0 to 4.10.1
- [Release notes](https://github.com/webpack-contrib/webpack-bundle-analyzer/releases)
- [Changelog](https://github.com/webpack-contrib/webpack-bundle-analyzer/blob/master/CHANGELOG.md)
- [Commits](webpack-contrib/webpack-bundle-analyzer@v3.8.0...v4.10.1)

Updates `webpack-dev-server` from 3.11.0 to 4.15.1
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v3.11.0...v4.15.1)

Updates `json5` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

Updates `@babel/traverse` from 7.11.0 to 7.23.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.7/packages/babel-traverse)

Updates `browserify-sign` from 4.2.1 to 4.2.2
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.2.1...v4.2.2)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `minimist` from 1.2.5 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: mocha
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: postcss
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: serve
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: svelte
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack-bundle-analyzer
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack-dev-server
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: browserify-sign
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: minimist
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 3, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 3, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 3, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/etp-public/npm_and_yarn-security-group-863d1525ab branch January 3, 2024 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants