Bump the npm_and_yarn group with 23 updates #32

dependabot · 2024-10-11T16:35:57Z

Bumps the npm_and_yarn group with 23 updates:

Package	From	To
@adobe/css-tools	`4.1.0`	`4.4.0`
@babel/traverse	`7.20.12`	`7.25.7`
braces	`3.0.2`	`3.0.3`
es5-ext	`0.10.53`	`0.10.64`
express	`4.18.1`	`4.21.1`
follow-redirects	`1.15.1`	`1.15.9`
http-cache-semantics	`4.1.0`	`4.1.1`
json5	`1.0.1`	`1.0.2`
micromatch	`4.0.5`	`4.0.8`
normalize-url	`4.5.0`	`4.5.1`
qs	`6.5.2`	`6.5.3`
requirejs	`2.3.6`	`2.3.7`
rollup	`3.17.1`	`3.29.5`
semver	`5.7.1`	`5.7.2`
send	`0.18.0`	`0.19.0`
serve-static	`1.15.0`	`1.16.2`
shelljs	`0.8.4`	`0.8.5`
simple-get	`4.0.0`	`4.0.1`
tar	`6.0.5`	`6.2.1`
webpack-dev-middleware	`5.3.3`	`5.3.4`
webpack	`5.75.0`	`5.95.0`
word-wrap	`1.2.3`	`1.2.5`
ws	`8.12.0`	`8.18.0`

Updates @adobe/css-tools from 4.1.0 to 4.4.0

Changelog

Sourced from @adobe/css-tools's changelog.

4.4.0 / 2024-06-05

add support for @starting-style #319

4.3.3 / 2024-01-24

Update export property #271

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

4.3.1 / 2023-03-14

Fix redos vulnerability with specific crafted css string - CVE-2023-26364

4.3.0 / 2023-03-07

Update build tools

Update exports path and files

4.2.0 / 2023-02-21

Add @container support

Add @layer support

Commits

See full diff in compare view

Updates @babel/traverse from 7.20.12 to 7.25.7

Release notes

Sourced from @babel/traverse's releases.

v7.25.7 (2024-10-02)

Thanks @DylanPiercey and @YuHyeonWook for your first PRs!

🐛 Bug Fix

babel-helper-validator-identifier

#16825 fix: update identifier to unicode 16 (@JLHwung)

babel-traverse

#16814 fix: issue with node path keys updated on unrelated paths (@DylanPiercey)

babel-plugin-transform-classes

#16797 Use an inclusion rather than exclusion list for super() check (@nicolo-ribaudo)

babel-generator

#16788 Fix printing of TS infer in compact mode (@nicolo-ribaudo)

#16785 Print TS type annotations for destructuring in assignment pattern (@nicolo-ribaudo)

#16778 Respect [no LineTerminator here] after nodes (@nicolo-ribaudo)

💅 Polish

babel-types

#16852 Add deprecated JSDOC for fields (@liuxingbaoyu)

🏠 Internal

babel-core

#16820 Allow sync loading of ESM when --experimental-require-module (@nicolo-ribaudo)

babel-helper-compilation-targets, babel-helper-plugin-utils, babel-preset-env

#16858 Add browserslist config to external dependency (@JLHwung)

babel-plugin-proposal-destructuring-private, babel-plugin-syntax-decimal, babel-plugin-syntax-import-reflection, babel-standalone

#16809 Archive syntax-import-reflection and syntax-decimal (@nicolo-ribaudo)

babel-generator

#16779 Simplify logic for [no LineTerminator here] before nodes (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-plugin-transform-typescript

#16875 perf: Avoid extra cloning of namespaces (@liuxingbaoyu)

babel-types

#16842 perf: Improve @babel/types builders (@liuxingbaoyu)

#16828 Only access BABEL_TYPES_8_BREAKING at startup (@nicolo-ribaudo)

Committers: 8

Babel Bot (@babel-bot)

Dylan Piercey (@DylanPiercey)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

coderaiser (@coderaiser)

fisker Cheung (@fisker)

hwook (@YuHyeonWook)

v7.25.6 (2024-08-29)

Thanks @j4k0xb for your first PR!

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.25.7 (2024-10-02)

🐛 Bug Fix

babel-helper-validator-identifier

#16825 fix: update identifier to unicode 16 (@JLHwung)

babel-traverse

#16814 fix: issue with node path keys updated on unrelated paths (@DylanPiercey)

babel-plugin-transform-classes

#16797 Use an inclusion rather than exclusion list for super() check (@nicolo-ribaudo)

babel-generator

#16788 Fix printing of TS infer in compact mode (@nicolo-ribaudo)

#16785 Print TS type annotations for destructuring in assignment pattern (@nicolo-ribaudo)

#16778 Respect [no LineTerminator here] after nodes (@nicolo-ribaudo)

💅 Polish

babel-types

#16852 Add deprecated JSDOC for fields (@liuxingbaoyu)

🏠 Internal

babel-core

#16820 Allow sync loading of ESM when --experimental-require-module (@nicolo-ribaudo)

babel-helper-compilation-targets, babel-helper-plugin-utils, babel-preset-env

#16858 Add browserslist config to external dependency (@JLHwung)

babel-plugin-proposal-destructuring-private, babel-plugin-syntax-decimal, babel-plugin-syntax-import-reflection, babel-standalone

#16809 Archive syntax-import-reflection and syntax-decimal (@nicolo-ribaudo)

babel-generator

#16779 Simplify logic for [no LineTerminator here] before nodes (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-plugin-transform-typescript

#16875 perf: Avoid extra cloning of namespaces (@liuxingbaoyu)

babel-types

#16842 perf: Improve @babel/types builders (@liuxingbaoyu)

#16828 Only access BABEL_TYPES_8_BREAKING at startup (@nicolo-ribaudo)

v7.25.6 (2024-08-29)

🐛 Bug Fix

babel-generator

#16783 Properly print inner comments in TS array types (@nicolo-ribaudo)

#16775 fix: jsx whitespace is not properly preserved when retainLines (@liuxingbaoyu)

babel-traverse

#16727 fix: path.getAssignmentIdentifiers may be undefined (@liuxingbaoyu)

babel-parser

#16761 fix: improve static canFollowModifier checks (@JLHwung)

babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3

#16769 Only wrap functions in superPropertyGet helper (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16780 Do not enforce printing space between ( and comments (@nicolo-ribaudo)

... (truncated)

Commits

2533cfb v7.25.7
611d958 [babel 8] Create TSClassImplements|TSInterfaceHeritage nodes (#16731)
506bf91 Remove BABEL_TYPES_8_BREAKING flag and enable it by default (#16817)
9e14f7d chore: Enable more lint rules (#16827)
e69a7e5 fix: issue with node path keys updated on unrelated paths (#16814)
7467c9d [Babel 8] Remove some Scope methods (#16705)
0a55713 [Babel 8] Remove DecimalLiteral AST (#16807)
69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
2f72b97 v7.25.6
faceae9 fix: path.getAssignmentIdentifiers may be undefined (#16727)
Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates es5-ext from 0.10.53 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Manifest improvements:

(#190) (b8dc53f)

(c51d552)

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Bump dependencies (d7e0a61)

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

Manifest improvements:

(#190) (b8dc53f)

(c51d552)

0.10.61 (2022-04-20)

Bug Fixes

Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

Improve manifest wording (#122) (eb7ae59)

Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

f76b03d chore: Release v0.10.64
2881acd chore: Bump dependencies
c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
16f2b72 docs: Fix date in the changelog
de4e03c chore: Release v0.10.63
3fd53b7 chore: Upgrade lint-staged to v13
bf8ed79 chore: Ensure postinstall script does not crash on Windows
2cbbb07 chore: Bump dependencies
22d0416 chore: Bump LICENSE year
a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
Additional commits viewable in compare view

Updates express from 4.18.1 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

... (truncated)

Commits

8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
77ada90 Deprecate "back" magic string in redirects (#5935)
21df421 4.20.0
4c9ddc1 feat: upgrade to serve-static@0.16.0
9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates follow-redirects from 1.15.1 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

2449650 Update mocha
560b2d8 Don't use regex to trim whitespace
b1bdb92 Remove linting package zoo
c20dc7e Cache 308
See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

a62db1e 1.0.2
e0c23fe docs: update CHANGELOG for v1.0.2
62a6540 fix: add proto to objects and arrays
See full diff in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates normalize-url from 4.5.0 to 4.5.1

Commits

See full diff in compare view

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

[Fix] parse: ignore __proto__ keys (#428)

[Fix] utils.merge: avoid a crash with a null target and a truthy non-array source

[Fix] correctly parse nested arrays

[Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)

[Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided

[Fix] when parseArrays is false, properly handle keys ending in []

[Fix] fix for an impossible situation: when the formatter is called with a non-string value

[Fix] utils.merge: avoid a crash with a null target and an array source

[Refactor] utils: reduce observable [[Get]]s

[Refactor] use cached Array.isArray

[Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)

[Refactor] parse: only need to reassign the var once

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] Clean up license text so it’s properly detected as BSD-3-Clause

[Docs] Clarify the need for "arrayLimit" option

[meta] fix README.md (#399)

[meta] add FUNDING.yml

[actions] backport actions from main

[Tests] always use String(x) over x.toString()

[Tests] remove nonexistent tape option

[Dev Deps] backport from main

Commits

298bfa5 v6.5.3
ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
12ac1c4 [meta] fix README.md (#399)
0338716 [actions] backport actions from main
5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
51b8a0b add FUNDING.yml
45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
f814a7f [Dev Deps] backport from main
Additional commits viewable in compare view

Updates requirejs from 2.3.6 to 2.3.7

Commits

1874a29 Rev to 2.3.7
152f450 Merge pull request #1016 from requirejs/jr/1854-pollution
ecc356a Fixes requirejs/requirejs#1854, pollution
acec536 SECURITY.md
See full diff in compare view

Updates rollup from 3.17.1 to 3.29.5

Release notes

Sourced from rollup's releases.

v3.29.4

3.29.4

2023-09-28

Bug Fixes

Fix static analysis when an exported function uses callbacks (#5158)

Pull Requests

#5158: Deoptimize all parameters when losing track of a function (@lukastaegert)

v3.29.3

3.29.3

2023-09-24

Bug Fixes

Fix a bug where code was wrongly tree-shaken after mutating function parameters (#5153)

Pull Requests

#5145: docs: improve the docs repl appearance in the light mode (@TrickyPi)

#5148: chore(deps): update dependency @vue/eslint-config-typescript to v12 (@renovate[bot])

#5149: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5153: Fully deoptimize first level path when deoptimizing nested parameter paths (@lukastaegert)

v3.29.2

3.29.2

2023-09-15

Bug Fixes

Export TreeshakingPreset type (#5131)

Pull Requests

#5131: fix: exports TreeshakingPreset (@moltar)

#5134: docs: steps to enable symlinks on windows (@thebanjomatic)

#5137: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

v3.29.1

3.29.1

2023-09-10

Bug Fixes

... (truncated)

Changelog

Sourced from rollup's changelog.

rollup changelog

4.24.0

2024-10-02

Features

Support preserving and transpiling JSX syntax (#5668)

Pull Requests

#5668: Introduce JSX support (@lukastaegert, @Martin-Idel, @felixhuttmann, @AlexDroll, @tiptr)

4.23.0

2024-10-01

Features

Collect all emitted names and originalFileNames for assets (#5686)

Pull Requests

#5686: Add names and originalFileNames to assets (@lukastaegert)

4.22.5

2024-09-27

Bug Fixes

Allow parsing of certain unicode characters again (#5674)

Pull Requests

#5674: Fix panic with unicode characters (@sapphi-red, @lukastaegert)

#5675: chore(deps): update dependency rollup to v4.22.4 [security] (@renovate[bot])

#5680: chore(deps): update dependency @rollup/plugin-commonjs to v28 (@renovate[bot], @lukastaegert)

#5681: chore(deps): update dependency @rollup/plugin-replace to v6 (@renovate[bot])

#5682: chore(deps): update dependency @rollup/plugin-typescript to v12 (@renovate[bot])

#5684: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

... (truncated)

Commits

dfd233d 3.29.5
2ef77c0 Fix DOM Clobbering CVE
a6448b9 3.29.4
4e92d60 Deoptimize all parameters when losing track of a function (#5158)
801ffd1 3.29.3
353e462 Fully deoptimize first level path when deoptimizing nested parameter paths (#...
a1a89e7 chore(deps): update dependency @vue/eslint-config-typescript to v12 (#5148)
cc14f70 chore(deps): lock file maintenance minor/patch updates (#5149)
1e8355b docs: improve the docs repl appearance in the light mode (#5145)
5950fc8 Adapt branches in REPL workflow
Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41... Description has been truncated

Bumps the npm_and_yarn group with 23 updates: | Package | From | To | | --- | --- | --- | | [@adobe/css-tools](https://github.com/adobe/css-tools) | `4.1.0` | `4.4.0` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.20.12` | `7.25.7` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.18.1` | `4.21.1` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.1` | `1.15.9` | | [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [normalize-url](https://github.com/sindresorhus/normalize-url) | `4.5.0` | `4.5.1` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [requirejs](https://github.com/jrburke/r.js) | `2.3.6` | `2.3.7` | | [rollup](https://github.com/rollup/rollup) | `3.17.1` | `3.29.5` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [send](https://github.com/pillarjs/send) | `0.18.0` | `0.19.0` | | [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` | `1.16.2` | | [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` | | [simple-get](https://github.com/feross/simple-get) | `4.0.0` | `4.0.1` | | [tar](https://github.com/isaacs/node-tar) | `6.0.5` | `6.2.1` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | | [webpack](https://github.com/webpack/webpack) | `5.75.0` | `5.95.0` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [ws](https://github.com/websockets/ws) | `8.12.0` | `8.18.0` | Updates `@adobe/css-tools` from 4.1.0 to 4.4.0 - [Changelog](https://github.com/adobe/css-tools/blob/main/History.md) - [Commits](https://github.com/adobe/css-tools/commits) Updates `@babel/traverse` from 7.20.12 to 7.25.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.7/packages/babel-traverse) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `express` from 4.18.1 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.18.1...4.21.1) Updates `follow-redirects` from 1.15.1 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.1...v1.15.9) Updates `http-cache-semantics` from 4.1.0 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `normalize-url` from 4.5.0 to 4.5.1 - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](https://github.com/sindresorhus/normalize-url/commits) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `requirejs` from 2.3.6 to 2.3.7 - [Commits](requirejs/r.js@2.3.6...2.3.7) Updates `rollup` from 3.17.1 to 3.29.5 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v3.17.1...v3.29.5) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `shelljs` from 0.8.4 to 0.8.5 - [Release notes](https://github.com/shelljs/shelljs/releases) - [Changelog](https://github.com/shelljs/shelljs/blob/master/CHANGELOG.md) - [Commits](shelljs/shelljs@v0.8.4...v0.8.5) Updates `simple-get` from 4.0.0 to 4.0.1 - [Commits](feross/simple-get@v4.0.0...v4.0.1) Updates `tar` from 6.0.5 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.0.5...v6.2.1) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `webpack` from 5.75.0 to 5.95.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.75.0...v5.95.0) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `ws` from 8.12.0 to 8.18.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.12.0...8.18.0) --- updated-dependencies: - dependency-name: "@adobe/css-tools" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: normalize-url dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: requirejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shelljs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: simple-get dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 11, 2024

This was referenced Oct 11, 2024

Bump express from 4.18.1 to 4.21.1 #29

Closed

Bump webpack from 5.75.0 to 5.95.0 #30

Closed

Bump rollup from 3.17.1 to 3.29.5 #31

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group with 23 updates #32

Bump the npm_and_yarn group with 23 updates #32

Uh oh!

Uh oh!

Uh oh!

Bump the npm_and_yarn group with 23 updates #32

Are you sure you want to change the base?

Bump the npm_and_yarn group with 23 updates #32

Uh oh!

Conversation

4.4.0 / 2024-06-05

4.3.3 / 2024-01-24

4.3.2 / 2023-11-28

4.3.1 / 2023-03-14

4.3.0 / 2023-03-07

4.2.0 / 2023-02-21

v7.25.7 (2024-10-02)

🐛 Bug Fix

💅 Polish

🏠 Internal

🏃‍♀️ Performance

Committers: 8

v7.25.6 (2024-08-29)

v7.25.7 (2024-10-02)

🐛 Bug Fix

💅 Polish

🏠 Internal

🏃‍♀️ Performance

v7.25.6 (2024-08-29)

🐛 Bug Fix

💅 Polish

0.10.64 (2024-02-27)

Bug Fixes

0.10.63 (2024-02-23)

Bug Fixes

Maintenance Improvements

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

0.10.64 (2024-02-27)

Bug Fixes

0.10.63 (2024-02-23)

Bug Fixes

Maintenance Improvements

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

v1.0.2

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

v2.2.1 [code, diff]

v2.2.0 [code, diff]

v2.1.3 [code, diff]

v2.1.2 [code, diff]

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22