Bump the npm_and_yarn group with 26 updates #151

dependabot · 2024-09-25T15:56:17Z

Bumps the npm_and_yarn group with 26 updates:

Package	From	To
@babel/traverse	`7.19.1`	`7.25.6`
@sideway/formula	`3.0.0`	`3.0.1`
braces	`3.0.2`	`3.0.3`
browserify-sign	`4.2.1`	`4.2.3`
decode-uri-component	`0.2.0`	`0.2.2`
dompurify	`2.4.0`	`2.5.6`
elliptic	`6.5.4`	`6.5.7`
es5-ext	`0.10.62`	`0.10.64`
express	`4.18.1`	`4.21.0`
follow-redirects	`1.15.2`	`1.15.9`
gatsby-plugin-sharp	`4.25.0`	`4.25.1`
gatsby-transformer-remark	`5.24.0`	`5.25.1`
http-cache-semantics	`4.1.0`	`4.1.1`
json5	`1.0.1`	`1.0.2`
loader-utils	`1.4.0`	`1.4.2`
micromatch	`4.0.5`	`4.0.8`
msgpackr	`1.7.2`	`1.11.0`
path-to-regexp	`0.1.7`	`0.1.10`
semver	`5.7.1`	`5.7.2`
send	`0.18.0`	`0.19.0`
serve-static	`1.15.0`	`1.16.2`
tar	`6.1.11`	`6.2.1`
ua-parser-js	`0.7.31`	`0.7.39`
webpack	`5.74.0`	`5.95.0`
word-wrap	`1.2.3`	`1.2.5`
ws	`5.2.3`	`5.2.4`

Updates @babel/traverse from 7.19.1 to 7.25.6

Release notes

Sourced from @babel/traverse's releases.

v7.25.6 (2024-08-29)

Thanks @j4k0xb for your first PR!

🐛 Bug Fix

babel-generator

#16783 Properly print inner comments in TS array types (@nicolo-ribaudo)

#16775 fix: jsx whitespace is not properly preserved when retainLines (@liuxingbaoyu)

babel-traverse

#16727 fix: path.getAssignmentIdentifiers may be undefined (@liuxingbaoyu)

babel-parser

#16761 fix: improve static canFollowModifier checks (@JLHwung)

babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3

#16769 Only wrap functions in superPropertyGet helper (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16780 Do not enforce printing space between ( and comments (@nicolo-ribaudo)

babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes

#16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@nicolo-ribaudo)

babel-generator

#16782 TS union/intersection nested in union does not need parens (@nicolo-ribaudo)

🏠 Internal

babel-generator

#16777 Remove unused parent params in the generator (@nicolo-ribaudo)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@j4k0xb

@liuxingbaoyu

v7.25.5 (2024-08-23)

🐛 Bug Fix

babel-generator, babel-traverse

#16764 fix: Generate sequence expression parentheses correctly (@liuxingbaoyu)

💅 Polish

babel-generator

#16738 Only force-parenthesize satisfies's LHS if it has newlines (@nicolo-ribaudo)

Committers: 2

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.25.4 (2024-08-22)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.25.6 (2024-08-29)

🐛 Bug Fix

babel-generator

#16783 Properly print inner comments in TS array types (@nicolo-ribaudo)

#16775 fix: jsx whitespace is not properly preserved when retainLines (@liuxingbaoyu)

babel-traverse

#16727 fix: path.getAssignmentIdentifiers may be undefined (@liuxingbaoyu)

babel-parser

#16761 fix: improve static canFollowModifier checks (@JLHwung)

babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3

#16769 Only wrap functions in superPropertyGet helper (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16780 Do not enforce printing space between ( and comments (@nicolo-ribaudo)

babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes

#16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@nicolo-ribaudo)

babel-generator

#16782 TS union/intersection nested in union does not need parens (@nicolo-ribaudo)

🏠 Internal

babel-generator

#16777 Remove unused parent params in the generator (@nicolo-ribaudo)

v7.25.5 (2024-08-23)

🐛 Bug Fix

babel-generator, babel-traverse

#16764 fix: Generate parentheses correctly (@liuxingbaoyu)

💅 Polish

babel-generator

#16738 Only force-parenthesize satisfies's LHS if it has newlines (@nicolo-ribaudo)

v7.25.4 (2024-08-22)

🐛 Bug Fix

babel-traverse

#16756 fix: Skip computed key when renaming (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16755 fix: Decorator 2018-09 may throw an exception (@liuxingbaoyu)

babel-types

#16710 Visit AST fields nodes according to their syntactical order (@nicolo-ribaudo)

babel-generator

#16709 Print semicolon after TS export namespace as A (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse

#16722 Avoid unnecessary parens around sequence expressions (@nicolo-ribaudo)

babel-generator, babel-plugin-transform-class-properties

#16714 Avoid unnecessary parens around exported arrow functions (@nicolo-ribaudo)

... (truncated)

Commits

2f72b97 v7.25.6
faceae9 fix: path.getAssignmentIdentifiers may be undefined (#16727)
46ee612 Remove some NodePath methods (#16655)
2fdc8b5 fix: Generate sequence expression parentheses correctly (#16764)
cbf124c v7.25.4
2b289fb fix: skip computed key when renaming (#16756)
575863c Avoid unnecessary parens around sequence expressions (#16722)
5174ad1 Clean all always enabled parser plugins (#16572)
52718ab Discontinue babel-eslint-config-internal (#16718)
dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
Additional commits viewable in compare view

Updates @sideway/formula from 3.0.0 to 3.0.1

Commits

5b44c1b 3.0.1
9fbc20a chore: better number regex
41ae98e Cleanup
c59f35e Move to Sideway
See full diff in compare view

Maintainer changes

This version was pushed to npm by marsup, a new releaser for @sideway/formula since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates dompurify from 2.4.0 to 2.5.6

Release notes

Sourced from dompurify's releases.

DOMPurify 2.5.6

Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu

Fixed a minor problem with the bower file pointing to the wrong dist path

Updated several development dependencies

DOMPurify 2.5.5

Fixed a minor issue with the dist paths in bower.js, thanks @HakumenNC

Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @kakao-bishop-cho

DOMPurify 2.5.4

Fixed a bug with latest isNaN checks affecting MSIE, thanks @tulach

Fixed the tests for MSIE and fixed related test-runner

DOMPurify 2.5.3

Fixed several mXSS variations found by and thanks to @kevin-mizu & @Ry0taK

Added better configurability for comment scrubbing default behavior

Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu

Fixed some smaller issues in README and other documentation

DOMPurify 2.5.2

Addressed and fixed a mXSS variation found by @kevin-mizu

Addressed and fixed a mXSS variation found by Adam Kues of Assetnote

Updated tests for older Safari and Chrome versions

DOMPurify 2.5.1

Fixed an mXSS sanitizer bypass reported by @icesfont

Added new code to track element nesting depth

Added new code to enforce a maximum nesting depth of 255

Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

DOMPurify 2.5.0

Added new setting SAFE_FOR_XML to enable better control over comment scrubbing

Updated the LICENSE file to show the accurate year number

Updated several build and test dependencies

DOMPurify 2.4.9

Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK

Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T

DOMPurify 2.4.8

Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser

DOMPurify 2.4.7

Fixed a licensing issue spotted and reported by @george-thomas-hill

DOMPurify 2.4.6

Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @leeN

... (truncated)

Commits

d78f241 chore: Preparing 2.5.6 release
38e8410 fix: Added changes to 2.x regarding attribute value checks
9a7cd98 See #961
de2545c chore: Preparing 2.5.5 release
f1e27e6 chore: Also removed depth counter logic from 2.x branch for now
10c1261 docs: Updated README ever so slightly
1c92880 test: Fixed two more tests for MSIE11 and Edge 18
1401208 test: Fixed more tests for MSIE and Edge 18
2c6410a test: Fixed several new tests for MSIE11 and Edge 18
2c9bca9 test: Changed github config to include MSIE tests for 2.x
Additional commits viewable in compare view

Updates elliptic from 6.5.4 to 6.5.7

Commits

3e46a48 6.5.7
accb61e lib: DER signature decoding correction
03e06e1 6.5.6
7ac5360 Merge commit from fork
7570078 6.5.5
206da2e lib: lint
0a78e03 [Fix] restore node < 4 compat
See full diff in compare view

Updates es5-ext from 0.10.62 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Comparison since last release

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Commits

f76b03d chore: Release v0.10.64
2881acd chore: Bump dependencies
c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
16f2b72 docs: Fix date in the changelog
de4e03c chore: Release v0.10.63
3fd53b7 chore: Upgrade lint-staged to v13
bf8ed79 chore: Ensure postinstall script does not crash on Windows
2cbbb07 chore: Bump dependencies
22d0416 chore: Bump LICENSE year
a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
Additional commits viewable in compare view

Updates express from 4.18.1 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: path-to-regexp@0.1.8 by @blakeembrey in expressjs/express#5603

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

... (truncated)

Commits

7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
77ada90 Deprecate "back" magic string in redirects (#5935)
21df421 4.20.0
4c9ddc1 feat: upgrade to serve-static@0.16.0
9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
54271f6 fix: don't render redirect values in anchor href
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates gatsby-plugin-sharp from 4.25.0 to 4.25.1

Commits

50e3f94 chore(release): Publish
dcf88ed fix(gatsby-plugin-sharp): don't serve static assets that are not result of cu...
See full diff in compare view

Updates gatsby-transformer-remark from 5.24.0 to 5.25.1

Changelog

Sourced from gatsby-transformer-remark's changelog.

Changelog: gatsby-transformer-remark

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

6.13.1 (2024-01-23)

Note: Version bump only for package gatsby-transformer-remark

6.13.0 (2023-12-18)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.12.3 (2023-10-26)

Note: Version bump only for package gatsby-transformer-remark

6.12.2 (2023-10-20)

Note: Version bump only for package gatsby-transformer-remark

6.12.1 (2023-10-09)

Note: Version bump only for package gatsby-transformer-remark

6.12.0 (2023-08-24)

🧾 Release notes

Bug Fixes

update dependency sanitize-html to ^2.11.0 for gatsby-transformer-remark #38315 (87a3412)

6.11.0 (2023-06-15)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.10.0 (2023-05-16)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.9.0 (2023-04-18)

🧾 Release notes

... (truncated)

Commits

4dcca80 chore(release): Publish
59076c8 fix(gatsby-transformer-remark): Disallow JS frontmatter by default (#37244) (...
5e72a5d chore(release): Publish
See full diff in compare view

Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

2449650 Update mocha
560b2d8 Don't use regex to trim whitespace
b1bdb92 Remove linting package zoo
c20dc7e Cache 308
See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Prop...
Description has been truncated

Bumps the npm_and_yarn group with 26 updates: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.19.1` | `7.25.6` | | [@sideway/formula](https://github.com/sideway/formula) | `3.0.0` | `3.0.1` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [dompurify](https://github.com/cure53/DOMPurify) | `2.4.0` | `2.5.6` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.4` | `6.5.7` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.62` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.18.1` | `4.21.0` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.9` | | [gatsby-plugin-sharp](https://github.com/gatsbyjs/gatsby/tree/HEAD/packages/gatsby-plugin-sharp) | `4.25.0` | `4.25.1` | | [gatsby-transformer-remark](https://github.com/gatsbyjs/gatsby/tree/HEAD/packages/gatsby-transformer-remark) | `5.24.0` | `5.25.1` | | [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.4.0` | `1.4.2` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [msgpackr](https://github.com/kriszyp/msgpackr) | `1.7.2` | `1.11.0` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `0.1.10` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [send](https://github.com/pillarjs/send) | `0.18.0` | `0.19.0` | | [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` | `1.16.2` | | [tar](https://github.com/isaacs/node-tar) | `6.1.11` | `6.2.1` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `0.7.31` | `0.7.39` | | [webpack](https://github.com/webpack/webpack) | `5.74.0` | `5.95.0` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [ws](https://github.com/websockets/ws) | `5.2.3` | `5.2.4` | Updates `@babel/traverse` from 7.19.1 to 7.25.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.6/packages/babel-traverse) Updates `@sideway/formula` from 3.0.0 to 3.0.1 - [Commits](hapijs/formula@v3.0.0...v3.0.1) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `dompurify` from 2.4.0 to 2.5.6 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@2.4.0...2.5.6) Updates `elliptic` from 6.5.4 to 6.5.7 - [Commits](indutny/elliptic@v6.5.4...v6.5.7) Updates `es5-ext` from 0.10.62 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.62...v0.10.64) Updates `express` from 4.18.1 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md) - [Commits](expressjs/express@4.18.1...4.21.0) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `gatsby-plugin-sharp` from 4.25.0 to 4.25.1 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-plugin-sharp/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/commits/gatsby-plugin-sharp@4.25.1/packages/gatsby-plugin-sharp) Updates `gatsby-transformer-remark` from 5.24.0 to 5.25.1 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-transformer-remark/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/commits/gatsby-transformer-remark@5.25.1/packages/gatsby-transformer-remark) Updates `http-cache-semantics` from 4.1.0 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `loader-utils` from 1.4.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.4.0...v1.4.2) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `msgpackr` from 1.7.2 to 1.11.0 - [Release notes](https://github.com/kriszyp/msgpackr/releases) - [Commits](https://github.com/kriszyp/msgpackr/commits) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `tar` from 6.1.11 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) Updates `ua-parser-js` from 0.7.31 to 0.7.39 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/0.7.39/changelog.md) - [Commits](faisalman/ua-parser-js@0.7.31...0.7.39) Updates `webpack` from 5.74.0 to 5.95.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.74.0...v5.95.0) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `ws` from 5.2.3 to 5.2.4 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@5.2.3...5.2.4) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@sideway/formula" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dompurify dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: gatsby-plugin-sharp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: gatsby-transformer-remark dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: msgpackr dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ua-parser-js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies label Sep 25, 2024

dshevtsov approved these changes Sep 25, 2024

View reviewed changes

dshevtsov merged commit eedda75 into main Sep 25, 2024
10 checks passed

dshevtsov deleted the dependabot/npm_and_yarn/npm_and_yarn-1e0556575e branch September 25, 2024 17:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group with 26 updates #151

Bump the npm_and_yarn group with 26 updates #151

dependabot bot commented on behalf of github Sep 25, 2024

Bump the npm_and_yarn group with 26 updates #151

Bump the npm_and_yarn group with 26 updates #151

Conversation

dependabot bot commented on behalf of github Sep 25, 2024

v7.25.6 (2024-08-29)

🐛 Bug Fix

💅 Polish

🏠 Internal

Committers: 5

v7.25.5 (2024-08-23)

🐛 Bug Fix

💅 Polish

Committers: 2

v7.25.4 (2024-08-22)

v7.25.6 (2024-08-29)

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.25.5 (2024-08-23)

🐛 Bug Fix

💅 Polish

v7.25.4 (2024-08-22)

🐛 Bug Fix

💅 Polish

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

v0.2.2

v0.2.1

DOMPurify 2.5.6

DOMPurify 2.5.5

DOMPurify 2.5.4

DOMPurify 2.5.3

DOMPurify 2.5.2

DOMPurify 2.5.1

DOMPurify 2.5.0

DOMPurify 2.4.9

DOMPurify 2.4.8

DOMPurify 2.4.7

DOMPurify 2.4.6

0.10.64 (2024-02-27)

Bug Fixes

0.10.63 (2024-02-23)

Bug Fixes

Maintenance Improvements

0.10.64 (2024-02-27)

Bug Fixes

0.10.63 (2024-02-23)

Bug Fixes

Maintenance Improvements

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

Changelog: gatsby-transformer-remark

6.13.1 (2024-01-23)

6.13.0 (2023-12-18)

6.12.3 (2023-10-26)

6.12.2 (2023-10-20)

6.12.1 (2023-10-09)

6.12.0 (2023-08-24)

Bug Fixes

6.11.0 (2023-06-15)

6.10.0 (2023-05-16)

6.9.0 (2023-04-18)

v1.0.2

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

Changelog: `gatsby-transformer-remark`