-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump the npm_and_yarn group across 6 directories with 11 updates #2892
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependabot
bot
requested review from
wow-sven,
geometryolife,
Mine77 and
yubing744
as code owners
November 12, 2024 14:03
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
dependabot
bot
added
dependencies
Pull requests that update a dependency file
javascript
Pull requests that update Javascript code
labels
Nov 12, 2024
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found. |
… updates Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [postcss](https://github.com/postcss/postcss) | `8.4.45` | `8.4.46` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.3` | `4.5.5` | | [happy-dom](https://github.com/capricorn86/happy-dom) | `15.7.4` | `15.10.2` | | [axios](https://github.com/axios/axios) | `1.5.0` | `1.7.4` | | [next](https://github.com/vercel/next.js) | `13.4.19` | `14.2.10` | Bumps the npm_and_yarn group with 2 updates in the /docs/website directory: [axios](https://github.com/axios/axios) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 2 updates in the /generator/rust directory: [braces](https://github.com/micromatch/braces) and [micromatch](https://github.com/micromatch/micromatch). Bumps the npm_and_yarn group with 3 updates in the /infra/dashboard directory: [axios](https://github.com/axios/axios), [next](https://github.com/vercel/next.js) and [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Bumps the npm_and_yarn group with 1 update in the /sdk/circomlib directory: [circom_tester](https://github.com/iden3/circom_tester). Bumps the npm_and_yarn group with 1 update in the /sdk/typescript/bitseed-sdk directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `postcss` from 8.4.45 to 8.4.46 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.45...8.4.46) Updates `vite` from 4.5.3 to 4.5.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.5.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.5.5/packages/vite) Updates `happy-dom` from 15.7.4 to 15.10.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v15.7.4...v15.10.2) Updates `axios` from 1.5.0 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.5.0...v1.7.4) Updates `next` from 13.4.19 to 14.2.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.19...v14.2.10) Updates `zod` from 3.21.4 to 3.23.8 - [Release notes](https://github.com/colinhacks/zod/releases) - [Changelog](https://github.com/colinhacks/zod/blob/main/CHANGELOG.md) - [Commits](colinhacks/zod@v3.21.4...v3.23.8) Updates `axios` from 1.5.0 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.5.0...v1.7.4) Updates `next` from 13.4.19 to 14.2.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.19...v14.2.10) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `axios` from 1.3.4 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.5.0...v1.7.4) Updates `next` from 13.2.4 to 14.2.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.19...v14.2.10) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `circom_tester` from 0.0.19 to 0.0.20 - [Commits](iden3/circom_tester@v0.0.19...v0.0.20) Updates `snarkjs` from 0.5.0 to 0.7.5 - [Release notes](https://github.com/iden3/snarkjs/releases) - [Commits](iden3/snarkjs@v0.5.0...v0.7.5) Updates `vite` from 5.4.4 to 5.4.6 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.5.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.5.5/packages/vite) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: zod dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: circom_tester dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: snarkjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-1c63c34c0a
branch
from
November 13, 2024 04:32
4436cce
to
bfe3bdd
Compare
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
bot
deleted the
dependabot/npm_and_yarn/npm_and_yarn-1c63c34c0a
branch
November 14, 2024 17:43
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
javascript
Pull requests that update Javascript code
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 5 updates in the / directory:
8.4.45
8.4.46
4.5.3
4.5.5
15.7.4
15.10.2
1.5.0
1.7.4
13.4.19
14.2.10
Bumps the npm_and_yarn group with 2 updates in the /docs/website directory: axios and next.
Bumps the npm_and_yarn group with 2 updates in the /generator/rust directory: braces and micromatch.
Bumps the npm_and_yarn group with 3 updates in the /infra/dashboard directory: axios, next and jsonwebtoken.
Bumps the npm_and_yarn group with 1 update in the /sdk/circomlib directory: circom_tester.
Bumps the npm_and_yarn group with 1 update in the /sdk/typescript/bitseed-sdk directory: vite.
Updates
postcss
from 8.4.45 to 8.4.46Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
439d20e
Release 8.4.46 versionb93582f
Update dependenciesc51e467
Fix error on inserting node without raws in some cases829ae47
Update dependencies5aaaec2
Update remaining workflow jobs to use latest version of actions (#1968)Updates
vite
from 4.5.3 to 4.5.5Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
f1d8845
release: v4.5.52466c08
release: v4.5.4e812716
fix: avoid DOM Clobbering gadget ingetRelativeUrlFromDocument
(#18115)b901438
fix: backport #18112, fs raw queryUpdates
happy-dom
from 15.7.4 to 15.10.2Release notes
Sourced from happy-dom's releases.
... (truncated)
Commits
d23834c
fix: #1585 Fixes a security vulnerability that allowed for server side code...5ee0b16
fix: #1585 Fixes security vulnerability that allowed for server side code t...a20dba9
chore: #1542 Adds SECURITY.md file (#1584)1625d40
feat: #1553 Adds setting disableSameOriginPolicy, to make it possible to by...a78cd8f
feat: #1147 Adds support for aspect-ratio to CSSStyleDeclaration (#1537)e6f8b13
fix: #1581 Fixes bug where Node.getRootNode() returned null when it was wi...38ab960
fix: #1578 Fixes bug where child nodes of HTMLSelectElement and HTMLFormEle...8f74989
fix: #1534 Toggle open attribute on HTMLDetailsElement when dispatching a c...7f57469
fix: #1546 UseglobalThis
instead ofglobal
to make Happy DOM work in o...759b4fb
fix: #1538 Always return Promise<Blob> from ClipboardItem.getType() (#1539)Updates
axios
from 1.5.0 to 1.7.4Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7
chore(release): v1.7.4 (#6544)6b6b605
fix(sec): CVE-2024-39338 (#6539) (#6543)07a661a
fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43
chore(release): v1.7.3 (#6521)e3c76fc
fix(adapter): fix progress event emitting; (#6518)85d4d0e
fix(fetch): fix withCredentials request config (#6505)92cd8ed
chore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7
fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fa
chore(release): v1.7.2 (#6414)4f79aef
fix(fetch): enhance fetch API detection; (#6413)Updates
next
from 13.4.19 to 14.2.10Release notes
Sourced from next's releases.
Commits
937651f
v14.2.107ed7f12
Remove invalid fallback revalidate value (#69990)99de057
Revert server action optimization (#69925)24647b9
Add ability to customize Cache-Control (#69802)6fa8982
v14.2.97998745
test: lock ts type check (#69889)4bd3849
create-next-app: fix font file corruption when using import alias (#69806)3756801
test: check most possible combination of CNA flags9a72ad6
unpin CNA tests from 14.2.3747d365
Fix metadata prop merging (#69807)Updates
zod
from 3.21.4 to 3.23.8Release notes
Sourced from zod's releases.
... (truncated)
Commits
ca42965
v3.23.8eda7df3
Change RefinementCtx to interface1968731
Tweak tiers (#3471)0f4d403
Add Bronze logos (#3470)f985b5b
3.23.72239ff3
Add social crowd969423
Fix #3437: extendShape erases JSDoc property documentation (#3463)29d2ea2
Add copper93b480b
v3.23.6ce3711e
add VSCode dev container support and documenationUpdates
axios
from 1.5.0 to 1.7.4Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7
chore(release): v1.7.4 (#6544)6b6b605
fix(sec): CVE-2024-39338 (#6539) (#6543)07a661a
fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43
chore(release): v1.7.3 (#6521)e3c76fc
fix(adapter): fix progress event emitting; (#6518)85d4d0e
fix(fetch): fix withCredentials request config (#6505)92cd8ed
chore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7
fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fa
chore(release): v1.7.2 (#6414)4f79aef
fix(fetch): enhance fetch API detection; (#6413)Updates
next
from 13.4.19 to 14.2.10Release notes
Sourced from next's releases.
Commits
937651f
v14.2.107ed7f12
Remove invalid fallback revalidate value (#69990)99de057
Revert server action optimization (#69925)24647b9
Add ability to customize Cache-Control (#69802)6fa8982
v14.2.97998745
test: lock ts type check (#69889)4bd3849
create-next-app: fix font file corruption when using import alias (#69806)3756801
test: check most possible combination of CNA flags9a72ad6
unpin CNA tests from 14.2.3747d365
Fix metadata prop merging (#69807)Updates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
micromatch
from 4.0.5 to 4.0.8Release notes
Sourced from micromatch's releases.
Changelog
Sourced from micromatch's changelog.
Commits
8bd704e
4.0.8a0e6841
run verb to generate README documentation4ec2884
Merge branch 'v4' into hauserkristof-feature/v4.0.803aa805
Merge pull request #266 from hauserkristof/feature/v4.0.8814f5f7
lint67fcce6
fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3
fix: CVE numbers in CHANGELOGd9dbd9a
feat: updated CHANGELOG2ab1315
fix: use actions/setup-node@v41406ea3
feat: rework test to work on macos with node 10,12 and 14Updates
axios
from 1.3.4 to 1.7.4Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7
chore(release): v1.7.4 (#6544)6b6b605
fix(sec): CVE-2024-39338 (#6539) (#6543)07a661a
fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43
chore(release): v1.7.3 (#6521)e3c76fc
fix(adapter): fix progress event emitting; (#6518)85d4d0e
fix(fetch): fix withCredentials request config (