这是indexloc提供的服务,不要输入任何密码
Skip to content

Bump the npm_and_yarn group across 1 directory with 12 updates #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 12 updates #28

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jun 11, 2024

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
minimist 1.2.0 1.2.6
es5-ext 0.10.23 0.10.64
ini 1.3.4 1.3.8
is-my-json-valid 2.16.0 2.20.6
js-yaml 3.8.4 3.14.1
lodash 4.17.4 4.17.21
minimatch 3.0.4 3.1.2
path-parse 1.0.5 1.0.7
set-getter 0.1.0 0.1.1
tree-kill 1.1.0 1.2.2
ua-parser-js 0.7.13 0.7.38

Updates minimist from 1.2.0 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

  • test from prototype pollution PR bc8ecee
  • isConstructorOrProto adapted from PR c2b9819
  • security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

  • security notice 4cf1354
  • additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

  • more failing proto pollution tests 13c01a5
  • even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

v1.2.1 - 2020-03-10

Merged

Commits

Commits

Updates es5-ext from 0.10.23 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

... (truncated)

Commits
  • f76b03d chore: Release v0.10.64
  • 2881acd chore: Bump dependencies
  • c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
  • 16f2b72 docs: Fix date in the changelog
  • de4e03c chore: Release v0.10.63
  • 3fd53b7 chore: Upgrade lint-staged to v13
  • bf8ed79 chore: Ensure postinstall script does not crash on Windows
  • 2cbbb07 chore: Bump dependencies
  • 22d0416 chore: Bump LICENSE year
  • a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
  • Additional commits viewable in compare view

Updates ini from 1.3.4 to 1.3.8

Commits
  • a2c5da8 1.3.8
  • af5c6bb Do not use Object.create(null)
  • 8b648a1 don't test where our devdeps don't even work
  • c74c8af 1.3.7
  • 024b8b5 update deps, add linting
  • 032fbaf Use Object.create(null) to avoid default object property hazards
  • 2da9039 1.3.6
  • cfea636 better git push script, before publish instead of after
  • 56d2805 do not allow invalid hazardous string as section name
  • 738eca5 v1.3.5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.


Updates is-my-json-valid from 2.16.0 to 2.20.6

Commits
Maintainer changes

This version was pushed to npm by linusu, a new releaser for is-my-json-valid since your current version.


Updates js-yaml from 3.8.4 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

  • Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.

Fixed

  • Quote = in plain scalars #519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

  • Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

  • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

  • Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

  • Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

  • Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

  • Add arrow functions suport for !!js/function.

Fixed

  • Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits
  • 37caaad 3.14.1 released
  • 094c0f7 dist rebuild
  • 9586ebe Avoid calling hasOwnProperty of user-controlled objects
  • 34e5072 3.14.0 released
  • 7b25c83 Browser files rebuild
  • 6f73473 Dev deps bump
  • 0c29349 Travis-CI: drop old nodejs versions
  • 10be97e fix(loader): Add support for safe/loadAll(input, options)
  • d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
  • 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
  • Additional commits viewable in compare view

Updates jsonpointer from 4.0.1 to 5.0.1

Release notes

Sourced from jsonpointer's releases.

Version 5.0.1

Changelog

v5.0.0

5.0.0 (2021-10-31)

Bug Fixes

  • Fix prototype pollution (#51)

    • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
    // returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
    • When passing non-string arrays to a .set operation, an error is thrown:
    // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')

v4.1.0

4.1.0 (2020-07-03)

Bug Fixes

Features

Commits
  • 4a253c0 Adopt strictEqual changes and only return null when the get succeeded
  • bad4983 Fix null values throwing exception when traversing over while getting
  • a5706e8 test: Always use strictEqual to ensure null and undefined values are asserted...
  • b8e1e6a fix incorrect typings for compile get/set methods
  • c4de620 Merge pull request #53 from janl/release/5.0.0
  • 8dbf304 feat: v5
  • 84cf173 Merge pull request #52 from janl/fix/test
  • f716e5c chore: more rip travis
  • e2ae355 chore: remove comment
  • d23693b chore: update primary branch
  • Additional commits viewable in compare view

Updates lodash from 4.17.4 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates minimatch from 3.0.4 to 3.1.2

Commits

Updates path-parse from 1.0.5 to 1.0.7

Commits

Updates set-getter from 0.1.0 to 0.1.1

Commits

Updates tree-kill from 1.1.0 to 1.2.2

Release notes

Sourced from tree-kill's releases.

v1.2.1

Changelog:

  • add missing LICENSE file
  • fix TypeScript definitions
Commits

Updates ua-parser-js from 0.7.13 to 0.7.38

Release notes

Sourced from ua-parser-js's releases.

v0.7.38

Version 0.7.38

  • Fix error on getOS() when userAgentData.platform is undefined
  • Add new browser: Opera GX, Twitter
  • Improve browser detection: DuckDuckGo
  • Improve device detection: OPPO Pad, Oculus Quest

v0.7.37

Version 0.7.37

  • Fix misidentified WebView token as device model
  • Increase UA_MAX_LENGTH to 500
  • Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
  • Add new device: Ulefone
  • Improve device detection: Realme, Xiaomi Redmi
  • Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat
Changelog

Sourced from ua-parser-js's changelog.

Version 0.7.38 / 1.0.38

  • Fix error on getOS() when userAgentData.platform is undefined
  • Add new browser: Opera GX, Twitter
  • Improve browser detection: DuckDuckGo
  • Improve device detection: OPPO Pad, Oculus Quest

Version 0.7.37 / 1.0.37

  • Fix misidentified WebView token as device model
  • Increase UA_MAX_LENGTH to 500
  • Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
  • Add new device: Ulefone
  • Improve device detection: Realme, Xiaomi Redmi
  • Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat

Version 0.7.36 / 1.0.36

  • Add new browser: Snapchat
  • Add new devices: Infinix, Tecno
  • Improve device detection: Amazon Fire TV, Xiaomi POCO
  • Improve OS detection: iOS

Version 0.7.35 / 1.0.35

  • Fix result from user-supplied user-agent being altered
  • Add new browser: Heytap, TikTok
  • Add new engine: LibWeb
  • Add new OS: SerenityOS
  • Improve browser detection: Yandex
  • Improve device detection: iPhone, Amazon Echo
  • Improve OS detection: iOS

Version 0.7.34 / 1.0.34

  • Fix Sharp Mobile detected as Huawei Tablet
  • Fix IE8 bug
  • Add new devices : Kobo e-Reader, Apple Watch, and some new SmartTV devices
  • Add new OS : watchOS
  • Improve browser detection : Kakao, Naver, Brave
  • Improve device detection : Oculus, iPad
  • Improve OS detection : Chrome OS
  • Using navigator.userAgentData as fallback for device.type & os.name

Version 0.7.33 / 1.0.33

  • Add new browser : Cobalt
  • Identify Macintosh as an Apple device
  • Fix ReDoS vulnerability

Version 0.7.32 / 1.0.32

  • Add new browser : DuckDuckGo, Huawei Browser, LinkedIn
  • Add new OS : HarmonyOS
  • Add some Huawei models

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 12 updates
3524a5b 
Bumps the npm_and_yarn group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [minimist](https://github.com/minimistjs/minimist) | `1.2.0` | `1.2.6` |
| [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.23` | `0.10.64` |
| [ini](https://github.com/npm/ini) | `1.3.4` | `1.3.8` |
| [is-my-json-valid](https://github.com/mafintosh/is-my-json-valid) | `2.16.0` | `2.20.6` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.8.4` | `3.14.1` |
| [lodash](https://github.com/lodash/lodash) | `4.17.4` | `4.17.21` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |
| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.5` | `1.0.7` |
| [set-getter](https://github.com/doowb/set-getter) | `0.1.0` | `0.1.1` |
| [tree-kill](https://github.com/pkrumins/node-tree-kill) | `1.1.0` | `1.2.2` |
| [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `0.7.13` | `0.7.38` |



Updates `minimist` from 1.2.0 to 1.2.6
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.0...v1.2.6)

Updates `es5-ext` from 0.10.23 to 0.10.64
- [Release notes](https://github.com/medikoo/es5-ext/releases)
- [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md)
- [Commits](medikoo/es5-ext@v0.10.23...v0.10.64)

Updates `ini` from 1.3.4 to 1.3.8
- [Release notes](https://github.com/npm/ini/releases)
- [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md)
- [Commits](npm/ini@v1.3.4...v1.3.8)

Updates `is-my-json-valid` from 2.16.0 to 2.20.6
- [Commits](mafintosh/is-my-json-valid@v2.16.0...v2.20.6)

Updates `js-yaml` from 3.8.4 to 3.14.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.8.4...3.14.1)

Updates `jsonpointer` from 4.0.1 to 5.0.1
- [Release notes](https://github.com/janl/node-jsonpointer/releases)
- [Commits](janl/node-jsonpointer@4.0.1...v5.0.1)

Updates `lodash` from 4.17.4 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.4...4.17.21)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `path-parse` from 1.0.5 to 1.0.7
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

Updates `set-getter` from 0.1.0 to 0.1.1
- [Commits](https://github.com/doowb/set-getter/commits/0.1.1)

Updates `tree-kill` from 1.1.0 to 1.2.2
- [Release notes](https://github.com/pkrumins/node-tree-kill/releases)
- [Commits](pkrumins/node-tree-kill@v1.1.0...v1.2.2)

Updates `ua-parser-js` from 0.7.13 to 0.7.38
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/0.7.38/changelog.md)
- [Commits](faisalman/ua-parser-js@0.7.13...0.7.38)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: es5-ext
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ini
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: is-my-json-valid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jsonpointer
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-parse
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: set-getter
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tree-kill
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ua-parser-js
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 11, 2024
This was referenced Jun 11, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants