Bump the npm_and_yarn group across 1 directory with 24 updates #6

dependabot · 2024-03-25T22:37:03Z

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package	From	To
browserify-sign	`4.0.4`	`4.2.3`
ejs	`2.5.7`	``
size-limit	`0.11.6`	`11.1.2`
express	`4.16.1`	`4.19.2`
handlebars	`4.0.10`	`4.7.8`
postcss	`5.2.18`	`8.4.38`
css-loader	`0.28.7`	`6.10.0`
ip	`1.1.5`	`1.1.9`
json-schema	`0.2.3`	`0.4.0`
jsprim	`1.4.1`	`1.4.2`
jsprim	`1.3.1`	`1.4.2`
lodash	`4.17.4`	`4.17.21`
ini	`1.3.4`	`1.3.8`
david	`11.0.0`	`11.1.0`
got	`6.7.1`	``
david	`11.1.0`	`11.1.1`
moment	`2.18.1`	`2.30.1`
url-parse	`1.1.9`	`1.5.10`
original	`1.0.0`	`1.0.2`
webpack-dev-middleware	`1.12.0`	``
webpack-dev-server	`2.9.1`	`5.0.4`

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Removes ejs

Updates size-limit from 0.11.6 to 11.1.2

Release notes

Sourced from size-limit's releases.

11.1.2

Fixed CSS support in esbuild plugin (by @just-boris).

11.1.1

Fixed Windows support (by @aryaemami59).

11.1.0

Added TypeScript support for config (by @aryaemami59).

Fixed webpack-why regression (by @hoo00nn).

11.0.3

Fixed .mjs config support (by @aryaemami59).

Updated esbuild.

Changelog

Sourced from size-limit's changelog.

11.1.2

Fixed CSS support in esbuild plugin (by @just-boris).

11.1.1

Fixed Windows support (by @aryaemami59).

11.1.0

Added TypeScript support for config (by @aryaemami59).

Fixed webpack-why regression (by @hoo00nn).

11.0.3

Fixed .mjs config support (by Arya Emami).

Updated esbuild.

11.0.2

Fixed require is not defined regression.

Updated esbuild-visualizer.

11.0.1

Updated estimo.

Updated lilconfig.

11.0

Moved to Brotli as default compression. Use gzip: true for old behavior.

10.0.3

Fixed third-party plugins support (by @JounQin).

Fixed Windows support (by @JounQin).

10.0.2

Fixed require is not defined in webpack-css (by Andrey Medvedev).

Fixed webpack config defined as function support (by @lev875).

10.0.1

Fixed imports and exports between packages.

10.0

Removed @size-limit/dual-publish plugin.

Moved projects to ESM (by @lev875). Size Limit still can be used as CLI in CJS projects.

Updated globby dependency.

9.0

Remove Node.js 14 and 16 support.

Moved to React from CDN for time plugin (by Aakansha Doshi).

8.2.6

Fixed npm release process.

8.2.5

... (truncated)

Commits

9678264 Release 11.1.2 version
85a0d1d Update dependencies
ed7b9ab Support css content in esbuild plugin (#361)
2d063b9 Release 11.1.1 version
bf49080 Update dependencies
1d07215 Fix config file path resolution on windows (#359)
20ba5da Release 11.1 version
388845b Add TS docs
b36e823 Add support for TypeScript config files (.size-limit.ts, .size-limit.mts,...
4ffac80 Fix ensure compatibility with ES and CommonJS module systems for StatoscopeWe...
Additional commits viewable in compare view

Updates express from 4.16.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: body-parser@1.20.1

deps: qs@6.11.0

perf: remove unnecessary object clone

deps: qs@6.11.0

4.18.1 / 2022-04-29

Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates handlebars from 4.0.10 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

Make library compatible with workers (#1894) - 3d3796c

Don't rely on Node.js global object (#1776) - 2954e7e

Fix compiling of each block params in strict mode (#1855) - 30dbf04

Fix rollup warning when importing Handlebars as ESM - 03d387b

Fix bundler issue with webpack 5 (#1862) - c6c6bbb

Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

Make library compatible with workers (#1894) - 3d3796c

Don't rely on Node.js global object (#1776) - 2954e7e

Fix compiling of each block params in strict mode (#1855) - 30dbf04

Fix rollup warning when importing Handlebars as ESM - 03d387b

Fix bundler issue with webpack 5 (#1862) - c6c6bbb

Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

fix weird error in integration tests - eb860c0

fix: check prototype property access in strict-mode (#1736) - b6d3de7

fix: escape property names in compat mode (#1736) - f058970

refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8

chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

#1672 - Switch cmd parser to latest minimist (@dougwilson

Compatibility notes:

Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

~~Node.js version support has been changed to v6+~~ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

8dc3d25 v4.7.8
668c4fb Fix browser tests in CI pipeline
c65c6cc Test on Node 18
3d3796c Make library compatible with workers
075b354 Fix sync issue with npm lock-file
30dbf04 Fix compiling of each block params in strict mode
e3a5448 Fix bundler issue with webpack 5
8e23642 Fix integration-tests issue with npm >= 7
88ac068 use https instead of git for mustache submodule
c68bc08 Fix typo
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates postcss from 5.2.18 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by @tim-we).

Cleaned up code (by @DrKiraDmitry).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by @romainmenke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by @romainmenke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by Tim Weißenfels).

Cleaned up code (by Dmitry Kirillov).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by Romain Menke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

... (truncated)

Commits

See full diff in compare view

Updates css-loader from 0.28.7 to 6.10.0

Release notes

Sourced from css-loader's releases.

v6.10.0

6.10.0 (2024-01-30)

Features

add @rspack/core as an optional peer dependency (#1568) (3924679)

pass the resourceQuery and resourceFragment to the auto and mode callback (#1569) (d641c4d)

support named exports with any characters (6f43929)

v6.9.1

6.9.1 (2024-01-18)

Bug Fixes

css nesting support

@scope at-rule support

v6.9.0

6.9.0 (2024-01-09)

Features

updated generateExportEntry to expose node details (#1556) (05002f3)

Bug Fixes

css experiment detection (#1559) (f2cfe30)

v6.8.1

6.8.1 (2023-05-28)

Bug Fixes

use cause for original errors and warnings (#1526) (ae3d8ae)

v6.8.0

6.8.0 (2023-05-27)

Features

use template literal when it possible to prevent Maximum call stack size exceeded (#1525) (6eb5661)

Bug Fixes

... (truncated)

Changelog

Sourced from css-loader's changelog.

6.10.0 (2024-01-30)

Features

add @rspack/core as an optional peer dependency (#1568) (3924679)

pass the resourceQuery and resourceFragment to the auto and mode callback (#1569) (d641c4d)

support named exports with any characters (6f43929)

6.9.1 (2024-01-18)

Bug Fixes

css nesting support

@scope at-rule support

6.9.0 (2024-01-09)

Features

updated generateExportEntry to expose node details (#1556) (05002f3)

Bug Fixes

css experiment detection (#1559) (f2cfe30)

6.8.1 (2023-05-28)

Bug Fixes

use cause for original errors and warnings (#1526) (ae3d8ae)

6.8.0 (2023-05-27)

Features

use template literal when it possible to prevent Maximum call stack size exceeded (#1525) (6eb5661)

Bug Fixes

warning and error serialization (#1523) (3e52969)

6.7.4 (2023-05-19)

... (truncated)

Commits

7bbb57c chore(release): 6.10.0
d641c4d feat: pass the resourceQuery and resourceFragment to the auto and `mode...
3924679 feat: add @rspack/core as an optional peer dependency (#1568)
6f43929 feat: support named exports with any characters
f9192ee chore(release): 6.9.1
6515be0 fix: css nesting support and @scope at-rule
0751f7a docs: update (#1562)
2d17551 chore(release): 6.9.0
e38116f chore: update dependencies to latest version (#1561)
d09ff73 test: getLocalIdent and node type (#1560)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for css-loader since your current version.

Updates ip from 1.1.5 to 1.1.9

Commits

1ecbf2f 1.1.9
6a3ada9 lib: fixed CVE-2023-42282 and added unit test
5dc3b2f 1.1.8
8e6f28b lib: even better node 6 support
088c9e5 1.1.7
1a4ca35 lib: add back support for Node.js 6
af82ef4 1.1.6
dba19f6 package: exclude test folder from publishing
7cd7f30 ci: use github workflows
4de50ae lib: node 18 support
See full diff in compare view

Updates json-schema from 0.2.3 to 0.4.0

Commits

f6f6a3b Use a little more robust method of checking instances
ef60987 Update version
b62f1da Protect against constructor modification, #84
fb427cd Link to json-schema-org repository in addition to site, fixes #54
22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
c52a27c Get basic test to pass
b3f42b3 Add security policy
3b0cec3 Update version
c28470f Update readme to acknowledge the state of the package
7dff9cd Merge pull request #81 from hodovani/patch-1
Additional commits viewable in compare view

Updates jsprim from 1.4.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

#35 Backport json-schema 0.4.0 to version 1.4.x

Commits

5c8475f joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x
See full diff in compare view

Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.

Updates jsprim from 1.3.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

#35 Backport json-schema 0.4.0 to version 1.4.x

Commits

5c8475f joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x
See full diff in compare view

Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.

Updates lodash from 4.17.4 to 4.17.21

Commits

f299b52 Bump to v4.17.21
c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
3469357 Prevent command injection through _.template's variable option
ded9bc6 Bump to v4.17.20.
63150ef Documentation fixes.
00f0f62 test.js: Remove trailing comma.
846e434 Temporarily use a custom fork of lodash-cli.
5d046f3 Re-enable Travis tests on 4.17 branch.
aa816b3 Remove /npm-package.
d7fbc52 Bump to v4.17.19
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates ini from 1.3.4 to 1.3.8

Commits

a2c5da8 1.3.8
af5c6bb Do not use Object.create(null)
8b648a1 don't test where our devdeps don't even work
c74c8af 1.3.7
024b8b5 update deps, add linting
032fbaf Use Object.create(null) to avoid default object property hazards
2da9039 1.3.6
cfea636 better git push script, before publish instead of after
56d2805 do not allow invalid hazardous string as section name
738eca5 v1.3.5
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates david from 11.0.0 to 11.1.0

Changelog

Sourced from david's changelog.

Changelog

The format is based on Keep a Changelog.

Commits

73fc671 11.1.0
8497cae chore: update dependencies
a198ada feat: ignore dependencies via globs (#144)
c29013f chore: update deps and README (#154)
008beaf Merge pull request #146 from DanielRuf/chore/cache-node-modules
d0a2e19 Merge branch 'master' into chore/cache-node-modules
d180e8d Merge pull request #147 from DanielRuf/chore/add-nodejs-8-10
cc5db9f Merge pull request #145 from DanielRuf/chore/clone-last-5-commits
9aeda4e chore: cache node_modules
d4bf0e6 chore: clone last 5 commits
Additional commits viewable in compare view

Updates npm-user-validate from 0.1.5 to 1.0.1

Changelog

Sourced from npm-user-validate's changelog.

Changelog

2.0.0 (2022-12-12)

⚠️ BREAKING CHANGES

this package is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Features

4cca0be #22 add template-oss (@lukekarrys)

Commits

5c5471c 1.0.1
c8a87da fix: update email validation
cd75393 Publish only the minimum of files
df602d6 1.0.0
ac3b200 fix: added regex for blocking illegal characters in usernames
c800063 fix: update build environment
See full diff in compare view

Updates tough-cookie from 2.3.2 to 2.3.3

Commits

12d4266 2.3.3
98e0916 Merge pull request #97 from salesforce/spaces-ReDoS
4e2fb0b Document the 256 spaces limit
f1ed420 Constrain spaces before = to 256
fcc8abf Merge pull request #96 from YevhenLukomskyi/fix-test
1002fb4 fix test
a928b54 Merge pull request #83 from awaterma/public-suffix
ed31ba4 Updates to public suffix list.
92d5448 Dockerized project. Added .npmignore for docker files.
ee60643 CookieJar.deserialize does not modify its input
See full diff in compare view

Updates tar from 2.2.1 to 4.4.19

Changelog

Sourced from tar's changelog.

Changelog

6.2

Add support for brotli compression

6.1.13 (2022-12-07)

Dependencies

cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

6.1.12 (2022-10-31)

Bug Fixes

57493ee #332 ensuring close event is emited after stream has ended (@webark)

b003c64 #314 replace deprecated String.prototype.substr() (#314) (@CommanderRoot, @lukekarrys)

Documentation

f129929 #313 remove dead link to benchmarks (#313) (@yetzt)

c1faa9f add examples/explanation of using tar.t (@isaacs)

6.0

Drop support for node 6 and 8

fix symlinks and hardlinks on windows being packed with \-style...
Description has been truncated

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps the npm_and_yarn group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [ejs](https://github.com/mde/ejs) | `2.5.7` | `` | | [size-limit](https://github.com/ai/size-limit) | `0.11.6` | `11.1.2` | | [express](https://github.com/expressjs/express) | `4.16.1` | `4.19.2` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.0.10` | `4.7.8` | | [postcss](https://github.com/postcss/postcss) | `5.2.18` | `8.4.38` | | [css-loader](https://github.com/webpack-contrib/css-loader) | `0.28.7` | `6.10.0` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.3.1` | `1.4.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.4` | `4.17.21` | | [ini](https://github.com/npm/ini) | `1.3.4` | `1.3.8` | | [david](https://github.com/alanshaw/david) | `11.0.0` | `11.1.0` | | [got](https://github.com/sindresorhus/got) | `6.7.1` | `` | | [david](https://github.com/alanshaw/david) | `11.1.0` | `11.1.1` | | [moment](https://github.com/moment/moment) | `2.18.1` | `2.30.1` | | [url-parse](https://github.com/unshiftio/url-parse) | `1.1.9` | `1.5.10` | | [original](https://github.com/unshiftio/original) | `1.0.0` | `1.0.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `1.12.0` | `` | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `2.9.1` | `5.0.4` | Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Removes `ejs` Updates `size-limit` from 0.11.6 to 11.1.2 - [Release notes](https://github.com/ai/size-limit/releases) - [Changelog](https://github.com/ai/size-limit/blob/main/CHANGELOG.md) - [Commits](ai/size-limit@0.11.6...11.1.2) Updates `express` from 4.16.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.16.1...4.19.2) Updates `handlebars` from 4.0.10 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.0.10...v4.7.8) Updates `postcss` from 5.2.18 to 8.4.38 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/commits/8.4.38) Updates `css-loader` from 0.28.7 to 6.10.0 - [Release notes](https://github.com/webpack-contrib/css-loader/releases) - [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md) - [Commits](webpack-contrib/css-loader@v0.28.7...v6.10.0) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `jsprim` from 1.3.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `lodash` from 4.17.4 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.4...4.17.21) Updates `ini` from 1.3.4 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.4...v1.3.8) Updates `david` from 11.0.0 to 11.1.0 - [Changelog](https://github.com/alanshaw/david/blob/master/CHANGELOG.md) - [Commits](alanshaw/david@v11.0.0...v11.1.0) Updates `npm-user-validate` from 0.1.5 to 1.0.1 - [Release notes](https://github.com/npm/npm-user-validate/releases) - [Changelog](https://github.com/npm/npm-user-validate/blob/main/CHANGELOG.md) - [Commits](npm/npm-user-validate@v0.1.5...v1.0.1) Updates `tough-cookie` from 2.3.2 to 2.3.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.3.2...v2.3.3) Updates `tar` from 2.2.1 to 4.4.19 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v2.2.1...v4.4.19) Updates `dot-prop` from 4.1.1 to 4.2.1 - [Release notes](https://github.com/sindresorhus/dot-prop/releases) - [Commits](sindresorhus/dot-prop@v4.1.1...v4.2.1) Removes `got` Updates `david` from 11.1.0 to 11.1.1 - [Changelog](https://github.com/alanshaw/david/blob/master/CHANGELOG.md) - [Commits](alanshaw/david@v11.0.0...v11.1.0) Updates `moment` from 2.18.1 to 2.30.1 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.18.1...2.30.1) Updates `url-parse` from 1.1.9 to 1.5.10 - [Commits](unshiftio/url-parse@1.1.9...1.5.10) Updates `original` from 1.0.0 to 1.0.2 - [Commits](unshiftio/original@1.0.0...1.0.2) Removes `webpack-dev-middleware` Updates `webpack-dev-server` from 2.9.1 to 5.0.4 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v2.9.1...v5.0.4) Updates `yargs-parser` from 4.2.1 to 7.0.0 - [Release notes](https://github.com/yargs/yargs-parser/releases) - [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md) - [Commits](yargs/yargs-parser@v4.2.1...v7.0.0) --- updated-dependencies: - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: size-limit dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: handlebars dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: css-loader dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ini dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: david dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: npm-user-validate dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: dot-prop dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: got dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: david dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: moment dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: url-parse dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: original dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack-dev-server dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: yargs-parser dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 25, 2024

dependabot bot mentioned this pull request Mar 25, 2024

Bump the npm_and_yarn group across 1 directory with 23 updates #5

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 24 updates #6

Bump the npm_and_yarn group across 1 directory with 24 updates #6

dependabot bot commented on behalf of github Mar 25, 2024 •

edited

Loading

Bump the npm_and_yarn group across 1 directory with 24 updates #6

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 24 updates #6

Conversation

dependabot bot commented on behalf of github Mar 25, 2024 • edited Loading

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

v4.2.1 - 2020-08-04

Merged

v4.2.0 - 2020-05-18

Merged

11.1.2

11.1.1

11.1.0

11.0.3

11.1.2

11.1.1

11.1.0

11.0.3

11.0.2

11.0.1

11.0

10.0.3

10.0.2

10.0.1

10.0

9.0

8.2.6

8.2.5

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

4.18.0 / 2022-04-25

v4.7.8

v4.7.8 - July 27th, 2023

v4.7.7 - February 15th, 2021

v4.7.6 - April 3rd, 2020

v4.7.5 - April 2nd, 2020

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

dependabot bot commented on behalf of github Mar 25, 2024 •

edited

Loading