Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group across 1 directories with 6 updates #44

Merged
merged 1 commit into from
Jan 27, 2024
Merged

chore(deps): bump the npm_and_yarn group across 1 directories with 6 updates #44

merged 1 commit into from
Jan 27, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 10, 2024

Bumps the npm_and_yarn group with 6 updates in the /. directory:

Package From To
semantic-release 18.0.1 19.0.3
axios 0.21.4 ``
browser-sync 2.27.10 3.0.2
follow-redirects 1.15.2 1.15.4
postcss 8.4.25 8.4.33
vite 4.4.2 4.5.1

Updates semantic-release from 18.0.1 to 19.0.3

Release notes

Sourced from semantic-release's releases.

v19.0.3

19.0.3 (2022-06-09)

Bug Fixes

  • log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449

v19.0.2

19.0.2 (2022-01-18)

Bug Fixes

  • npm-plugin: upgraded to the stable version (0eca144)

v19.0.1

19.0.1 (2022-01-18)

Bug Fixes

  • npm-plugin: upgraded to the latest beta version (8097afb)

v19.0.0

19.0.0 (2022-01-18)

Bug Fixes

  • npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)
  • upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

BREAKING CHANGES

  • npm-plugin: @semantic-release/npm has also dropped support for node v15
  • node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.

v19.0.0-beta.2

19.0.0-beta.2 (2022-01-17)

Bug Fixes

  • npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)

... (truncated)

Commits
  • 58a226f fix(log-repo): use the original form of the repo url to remove the need to ma...
  • 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
  • ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
  • ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
  • fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
  • b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
  • 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
  • 2b94bb4 docs: update broken link to CI config recipes (#2378)
  • b4bc191 docs: Correct circleci workflow (#2365)
  • 2c30e26 Merge pull request #2333 from semantic-release/next
  • Additional commits viewable in compare view

Removes axios

Updates browser-sync from 2.27.10 to 3.0.2

Release notes

Sourced from browser-sync's releases.

v3.0.2

What's Changed

New Contributors

Full Changelog: BrowserSync/browser-sync@v3.0.1...v3.0.2

v3.0.1

⚠️ Breaking

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.3...v3.0.1

The one that fixes snippetOptions

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.2...v2.29.3

v2.29.1

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.0...v2.29.1

The one that restores IE11 support 💪

What's Changed

esbuild does not support down-level transpiling as far as IE11 - so when I switched to it, it accidentally broke IE11 support 😢

... (truncated)

Commits

Updates follow-redirects from 1.15.2 to 1.15.4

Commits
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • 3d42aec Add bracket tests.
  • bcbb096 Do not directly set Error properties.
  • 192dbe7 Release version 1.15.3 of the npm package.
  • bd8c81e Fix resource leak on destroy.
  • 9c728c3 Split linting and testing.
  • Additional commits viewable in compare view

Updates postcss from 8.4.25 to 8.4.33

Release notes

Sourced from postcss's releases.

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.
Changelog

Sourced from postcss's changelog.

8.4.33

  • Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
  • Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

  • Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.
Commits
  • ae57d83 Release 8.4.33 version
  • 2e9d029 Update dependencies
  • 892b269 Update size limit for new metric on brotli
  • f2e7a9f Merge pull request #1908 from ahmdammarr/refactor/safe-check-for-NoWorkResult
  • c751e11 Merge pull request #1909 from romainmenke/no-work-result-vs-lazy-result--inve...
  • 3c2fa2a fix
  • a4626e9 failing test
  • c37346d refactor: check all falsy conditions of plugins and opts before returning NoW...
  • a0d9f10 Release 8.4.32 version
  • 0146b3e Add Node.js 21 to CI
  • Additional commits viewable in compare view

Updates vite from 4.4.2 to 4.5.1

Changelog

Sourced from vite's changelog.

4.5.1 (2023-12-04)

4.5.0 (2023-10-18)

4.4.11 (2023-10-05)

  • revert: "fix: use string manipulation instead of regex to inject esbuild helpers (54e1275), closes #14094

4.4.10 (2023-10-03)

4.4.9 (2023-08-07)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directories with 6 …
e3b5245 
…updates

Bumps the npm_and_yarn group with 6 updates in the /. directory:

| Package | From | To |
| --- | --- | --- |
| [semantic-release](https://github.com/semantic-release/semantic-release) | `18.0.1` | `19.0.3` |
| [axios](https://github.com/axios/axios) | `0.21.4` | `` |
| [browser-sync](https://github.com/BrowserSync/browser-sync) | `2.27.10` | `3.0.2` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.4` |
| [postcss](https://github.com/postcss/postcss) | `8.4.25` | `8.4.33` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.4.2` | `4.5.1` |


Updates `semantic-release` from 18.0.1 to 19.0.3
- [Release notes](https://github.com/semantic-release/semantic-release/releases)
- [Commits](semantic-release/semantic-release@v18.0.1...v19.0.3)

Removes `axios`

Updates `browser-sync` from 2.27.10 to 3.0.2
- [Release notes](https://github.com/BrowserSync/browser-sync/releases)
- [Changelog](https://github.com/BrowserSync/browser-sync/blob/master/CHANGELOG.md)
- [Commits](BrowserSync/browser-sync@v2.27.10...v3.0.2)

Updates `follow-redirects` from 1.15.2 to 1.15.4
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.4)

Updates `postcss` from 8.4.25 to 8.4.33
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.25...8.4.33)

Updates `vite` from 4.4.2 to 4.5.1
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v4.5.1/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v4.5.1/packages/vite)

---
updated-dependencies:
- dependency-name: semantic-release
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: axios
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: browser-sync
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: postcss
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: vite
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 10, 2024
This was referenced Jan 10, 2024
Closed
Closed
Closed
@yitengjun yitengjun merged commit 377e3fd into main Jan 27, 2024
1 check passed
@yitengjun yitengjun deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-8765a51473 branch January 27, 2024 16:06
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 4.2.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@yitengjun