-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the npm_and_yarn group across 1 directories with 18 updates #284
Closed
dependabot
wants to merge
1
commit into
main
from
dependabot/npm_and_yarn/npm_and_yarn-security-group-d123f3ec14
Closed
Bump the npm_and_yarn group across 1 directories with 18 updates #284
dependabot
wants to merge
1
commit into
main
from
dependabot/npm_and_yarn/npm_and_yarn-security-group-d123f3ec14
+10,543
−12,871
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the npm_and_yarn group with 3 updates in the /. directory: [semver](https://github.com/npm/node-semver), [npm](https://github.com/npm/cli) and [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts). Updates `semver` from 5.7.1 to 7.6.0 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v7.6.0) Updates `npm` from 6.14.8 to 10.4.0 - [Release notes](https://github.com/npm/cli/releases) - [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md) - [Commits](npm/cli@v6.14.8...v10.4.0) Updates `react-scripts` from 3.4.3 to 5.0.1 - [Release notes](https://github.com/facebook/create-react-app/releases) - [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-3.x.md) - [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts) Updates `@babel/traverse` from 7.11.5 to 7.23.9 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.9/packages/babel-traverse) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `loader-utils` from 1.2.3 to 2.0.4 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.2.3...v2.0.4) Updates `ansi-regex` from 2.1.1 to 5.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@2.1.1...v5.0.1) Updates `qs` from 6.5.2 to 6.11.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.11.0) Updates `follow-redirects` from 1.14.8 to 1.15.5 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.8...v1.15.5) Updates `ip` from 1.1.5 to 2.0.0 - [Commits](indutny/node-ip@v1.1.5...v2.0.0) Updates `jsdom` from 11.12.0 to 16.7.0 - [Release notes](https://github.com/jsdom/jsdom/releases) - [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md) - [Commits](jsdom/jsdom@11.12.0...16.7.0) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `http-cache-semantics` from 3.8.1 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v3.8.1...v4.1.1) Updates `tar` from 4.4.13 to 6.2.0 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v4.4.13...v6.2.0) Updates `tough-cookie` from 2.4.3 to 4.1.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.4.3...v4.1.3) Updates `postcss` from 7.0.21 to 7.0.39 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/7.0.39/CHANGELOG.md) - [Commits](postcss/postcss@7.0.21...7.0.39) Updates `shell-quote` from 1.7.2 to 1.8.1 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.2...v1.8.1) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: npm dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: react-scripts dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ansi-regex dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jsdom dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: http-cache-semantics dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: shell-quote dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
the
dependencies
Pull requests that update a dependency file
label
Feb 21, 2024
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
bot
deleted the
dependabot/npm_and_yarn/npm_and_yarn-security-group-d123f3ec14
branch
September 1, 2024 18:41
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 3 updates in the /. directory: semver, npm and react-scripts.
Updates
semver
from 5.7.1 to 7.6.0Release notes
Sourced from semver's releases.
... (truncated)
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
377f709
chore: release 7.6.0 (#661)a7ab13a
feat: preserve pre-release and build parts of a version on coerce (#671)816c7b2
chore: postinstall for dependabot template-oss PR0bd24d9
chore: bump@npmcli/template-oss
from 4.21.1 to 4.21.3e521932
chore: postinstall for dependabot template-oss PR8873991
chore: chore: chore: postinstall for dependabot template-oss PRf317dc8
chore: bump@npmcli/template-oss
from 4.19.0 to 4.21.07303db1
chore: add clean() test for build metadata (#658)6240d75
chore: add missing quotes in README.md (#656)14d263f
chore: postinstall for dependabot template-oss PRMaintainer changes
This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.
Updates
npm
from 6.14.8 to 10.4.0Release notes
Sourced from npm's releases.
... (truncated)
Changelog
Sourced from npm's changelog.
... (truncated)
Commits
3b82f27
chore: release 10.4.035a098c
feat: display tree diff on--long
ec06f77
fix: inline diff table code w/ summary codeec77e81
deps: promise-call-limit@3.0.1d3f1845
fix: clean up idealTree codedffca29
feat(format): print--dry-run
diffs in table format (#7174)332ed08
chore: fix smoke testa82ccc5
chore: nock@13.5.0e32189c
deps: deduplicate treedcaa99c
chore: fix exec testMaintainer changes
This version was pushed to npm by gar, a new releaser for npm since your current version.
Updates
react-scripts
from 3.4.3 to 5.0.1Changelog
Sourced from react-scripts's changelog.
Commits
19fa58d
Publish9802941
fix: webpack noise printed only if error or warning (#12245)2eef1d0
Update templates to use React 18createRoot
(#12220)221e511
Publish5614c87
Add support for Tailwind (#11717)20edab4
fix(webpackDevServer): disable overlay for warnings (#11413)3afbbc0
Update all dependencies (#11624)f5467d5
feat(eslint-config-react-app): support ESLint 8.x (#11375)c7627ce
Update webpack and dev server (#11646)544befe
Update package.json (#11597)Updates
@babel/traverse
from 7.11.5 to 7.23.9Release notes
Sourced from
@babel/traverse
's releases.... (truncated)
Changelog
Sourced from
@babel/traverse
's changelog.... (truncated)
Commits
a0dd614
v7.23.91200542
fix: Don't throw ingetTypeAnnotation
when using TS+inference (#15383)e428a6d
v7.23.7d292822
fix: Crash when removing withoutProgram
(#16191)d02c1f7
v7.23.6cce807f
Bump debug to ^4.3.1 (#16164)8479012
v7.23.5da7dc40
Do not remove bindings when removing assignment expression path (#16131)fadc081
fix: Unexpected duplication of comments (#16110)13a5c83
v7.23.4Updates
json5
from 1.0.1 to 1.0.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e
1.0.2e0c23fe
docs: update CHANGELOG for v1.0.262a6540
fix: add proto to objects and arraysUpdates
loader-utils
from 1.2.3 to 2.0.4Release notes
Sourced from loader-utils's releases.
... (truncated)
Changelog
Sourced from loader-utils's changelog.
... (truncated)
Commits
6688b50
chore(release): 2.0.4ac09944
fix: ReDoS problem (#225)7162619
chore(release): 2.0.3a93cf6f
fix(security): prototype polution exploit (#217)90c7c4b
chore(release): 2.0.28c2d24e
fix: base64 generation and unicode characters (#197)5fb5562
chore(re...Description has been truncated