Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 14 updates #154

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 14 updates #154

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 1, 2024

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package From To
karma 6.3.4 6.3.16
@babel/traverse 7.15.4 7.24.5
ansi-regex 3.0.0 5.0.1
axios 0.21.4 removed
@11ty/eleventy 0.12.1 2.0.1
follow-redirects 1.14.4 1.15.6
json5 2.2.0 2.2.3
nunjucks 3.2.3 3.2.4
taffydb 2.6.2 removed
jsdoc 3.6.7 4.0.2

Updates karma from 6.3.4 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

  • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

  • remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes

  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

  • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

  • logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits
  • ab4b328 chore(release): 6.3.16 [skip ci]
  • ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
  • c1befa0 chore(release): 6.3.15 [skip ci]
  • d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
  • 653c762 ci: prevent duplicate CI tasks on creating a PR
  • c97e562 chore(release): 6.3.14 [skip ci]
  • 91d5acd fix: remove string template from client code
  • 69cfc76 fix: warn when singleRun and autoWatch are false
  • 839578c fix(security): remove XSS vulnerability in returnUrl query param
  • db53785 chore(release): 6.3.13 [skip ci]
  • Additional commits viewable in compare view

Updates @babel/traverse from 7.15.4 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

🏠 Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

Committers: 6

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

🏠 Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

v7.24.4 (2024-04-03)

👓 Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

🐛 Bug Fix

  • babel-generator
  • babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-plugin-transform-block-scoping
  • babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits

Updates ansi-regex from 3.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

  • Require Node.js 8 166a0d5

Enhancements

  • Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

  • Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

Removes axios

Updates @11ty/eleventy from 0.12.1 to 2.0.1

Release notes

Sourced from @​11ty/eleventy's releases.

Eleventy v2.0.1: a Bug Fix Release

Eleventy v2.0.1 is now available! You can try it out in your project now:

npm install @11ty/eleventy@latest

New to Eleventy?

Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output.

Features and Fixes

Housekeeping

Thank You Notes

This project would not be possible without our lovely community. Thank you to everyone that built something with Eleventy (×684 authors on our web site!), wrote a blog post about Eleventy, contributed code, wrote a plugins, helped with documentation, asked questions, answered questions, braved The Leaderboards, participated on Discord, filed issues, attended (or organized!) a meetup, said a kind word on social media ❤️.

Open Collective Supporters

... (truncated)

Commits

Updates qs from 6.2.3 to 6.7.0

Changelog

Sourced from qs's changelog.

6.7.0

  • [New] stringify/parse: add comma as an arrayFormat option (#276, #219)
  • [Fix] correctly parse nested arrays (#212)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source, also with an array source
  • [Robustness] stringify: cache Object.prototype.hasOwnProperty
  • [Refactor] utils: isBuffer: small tweak; add tests
  • [Refactor] use cached Array.isArray
  • [Refactor] parse/stringify: make a function to normalize the options
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] stringify/utils: cache Array.isArray
  • [Tests] always use String(x) over x.toString()
  • [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
  • [Tests] temporarily allow coverage to fail

6.6.1

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Robustness] stringify: cache Object.prototype.hasOwnProperty
  • [Refactor] formats: tiny bit of cleanup.
  • [Refactor] utils: isBuffer: small tweak; add tests
  • [Refactor]: stringify/utils: cache Array.isArray
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] parse/stringify: make a function to normalize the options
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] do not publish workflow files
  • [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • [meta] add FUNDING.yml
  • [meta] Fixes typo in CHANGELOG.md
  • [actions] backport actions from main
  • [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
  • [Tests] always use String(x) over x.toString()
  • [Dev Deps] backport from main

6.6.0

  • [New] Add support for iso-8859-1, utf8 "sentinel" and numeric entities (#268)
  • [New] move two-value combine to a utils function (#189)
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] when parseArrays is false, properly handle keys ending in [] (#260)
  • [Fix] stringify: do not crash in an obscure combo of interpretNumericEntities, a bad custom decoder, & iso-8859-1
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Refactor] parse/stringify: clean up charset options checking; fix defaults

... (truncated)

Commits
  • 125e103 v6.7.0
  • 7060e79 [Tests] up to node v11.12, v10.15, v8.15, v6.17
  • 9ec4149 [Dev Deps] update eslint, @ljharb/eslint-config, covert, tape
  • d33a369 [Tests] temporarily allow coverage to fail
  • 3c5725e [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
  • d3a52ee [Refactor] utils: isBuffer: small tweak; add tests
  • 41c42b8 [Robustness] stringify: cache Object.prototype.hasOwnProperty
  • 04a9017 [Tests] always use String(x) over x.toString()
  • c9720fe [Fix] utils.merge: avoid a crash with a null target and an array source
  • 8297462 [Refactor]: stringify/utils: cache Array.isArray
  • Additional commits viewable in compare view

Updates socket.io-parser from 3.3.2 to 4.2.4

Release notes

Sourced from socket.io-parser's releases.

4.2.4

Bug Fixes

  • ensure reserved events cannot be used as event names (d9db473)
  • properly detect plain objects (b0e6400)

Links

4.2.3

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

  • check the format of the event name (3b78117)

Links

4.2.2

Bug Fixes

  • calling destroy() should clear all internal state (22c42e3)
  • do not modify the input packet upon encoding (ae8dd88)

Links

4.2.1

Bug Fixes

  • check the format of the index of each attachment (b5d0cb7)

Links

... (truncated)

Changelog

Sourced from socket.io-parser's changelog.

4.2.4 (2023-05-31)

Bug Fixes

  • ensure reserved events cannot be used as event names (d9db473)
  • properly detect plain objects (b0e6400)

3.4.3 (2023-05-22)

Bug Fixes

  • check the format of the event name (2dc3c92)

4.2.3 (2023-05-22)

Bug Fixes

  • check the format of the event name (3b78117)

4.2.2 (2023-01-19)

Bug Fixes

  • calling destroy() should clear all internal state (22c42e3)
  • do not modify the input packet upon encoding (ae8dd88)

3.3.3 (2022-11-09)

Bug Fixes

  • check the format of the index of each attachment (fb21e42)

3.4.2 (2022-11-09)

... (truncated)

Commits
  • 164ba2a chore(release): 4.2.4
  • b0e6400 fix: properly detect plain objects
  • d9db473 fix: ensure reserved events cannot be used as event names
  • 6a5a004 docs(changelog): include changelog for release 3.4.3
  • b6c824f chore(release): 4.2.3
  • dcc70d9 refactor: export typescript declarations for the commonjs build
  • 3b78117 fix: check the format of the event name
  • 0841bd5 chore: bump ua-parser-js from 1.0.32 to 1.0.33 (#121)
  • 28dd668 chore(release): 4.2.2
  • 22c42e3 fix: calling destroy() should clear all internal state
  • Additional commits viewable in compare view

Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

Updates follow-redirects from 1.14.4 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view

Updates liquidjs from 6.4.3 to 10.12.0

Release notes

S...

Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 14 updates
3a27bd9 
Bumps the npm_and_yarn group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [karma](https://github.com/karma-runner/karma) | `6.3.4` | `6.3.16` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.15.4` | `7.24.5` |
| [ansi-regex](https://github.com/chalk/ansi-regex) | `3.0.0` | `5.0.1` |
| [axios](https://github.com/axios/axios) | `0.21.4` | `removed` |
| [@11ty/eleventy](https://github.com/11ty/eleventy) | `0.12.1` | `2.0.1` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.4` | `1.15.6` |
| [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` |
| [nunjucks](https://github.com/mozilla/nunjucks) | `3.2.3` | `3.2.4` |
| [taffydb](https://github.com/typicaljoe/taffydb) | `2.6.2` | `removed` |
| [jsdoc](https://github.com/jsdoc/jsdoc) | `3.6.7` | `4.0.2` |



Updates `karma` from 6.3.4 to 6.3.16
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](karma-runner/karma@v6.3.4...v6.3.16)

Updates `@babel/traverse` from 7.15.4 to 7.24.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.5/packages/babel-traverse)

Updates `ansi-regex` from 3.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v3.0.0...v5.0.1)

Removes `axios`

Updates `@11ty/eleventy` from 0.12.1 to 2.0.1
- [Release notes](https://github.com/11ty/eleventy/releases)
- [Changelog](https://github.com/11ty/eleventy/blob/main/docs/release-instructions.md)
- [Commits](11ty/eleventy@v0.12.1...v2.0.1)

Updates `qs` from 6.2.3 to 6.7.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.2.3...v6.7.0)

Updates `socket.io-parser` from 3.3.2 to 4.2.4
- [Release notes](https://github.com/socketio/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md)
- [Commits](socketio/socket.io-parser@3.3.2...4.2.4)

Updates `ejs` from 2.7.4 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v2.7.4...v3.1.10)

Updates `follow-redirects` from 1.14.4 to 1.15.6
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.14.4...v1.15.6)

Updates `json5` from 2.2.0 to 2.2.3
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.2.0...v2.2.3)

Updates `liquidjs` from 6.4.3 to 10.12.0
- [Release notes](https://github.com/harttle/liquidjs/releases)
- [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md)
- [Commits](harttle/liquidjs@v6.4.3...v10.12.0)

Updates `nunjucks` from 3.2.3 to 3.2.4
- [Release notes](https://github.com/mozilla/nunjucks/releases)
- [Changelog](https://github.com/mozilla/nunjucks/blob/master/CHANGELOG.md)
- [Commits](mozilla/nunjucks@v3.2.3...v3.2.4)

Removes `taffydb`

Updates `jsdoc` from 3.6.7 to 4.0.2
- [Release notes](https://github.com/jsdoc/jsdoc/releases)
- [Changelog](https://github.com/jsdoc/jsdoc/blob/4.0.2/CHANGES.md)
- [Commits](jsdoc/jsdoc@3.6.7...4.0.2)

---
updated-dependencies:
- dependency-name: karma
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ansi-regex
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@11ty/eleventy"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socket.io-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: liquidjs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nunjucks
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: taffydb
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jsdoc
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 1, 2024
@dependabot dependabot bot mentioned this pull request May 1, 2024
Closed
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@11ty/[email protected] environment, filesystem, unsafe Transitive: eval, network, shell +201 26.3 MB zachleat
npm/[email protected] Transitive: environment, eval, filesystem, unsafe +23 8.29 MB hegemonic
npm/[email protected] environment, filesystem, network, shell Transitive: eval +114 10.4 MB karmarunnerbot

🚮 Removed packages: npm/@11ty/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants