Bump the npm_and_yarn group across 1 directory with 7 updates #1

dependabot · 2024-09-11T09:54:48Z

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
postcss	`8.4.21`	`8.4.31`
vite	`4.1.2`	`4.5.3`
@babel/traverse	`7.20.13`	`7.25.6`
braces	`3.0.2`	`3.0.3`
micromatch	`4.0.5`	`4.0.8`
msgpackr	`1.8.3`	`1.11.0`
word-wrap	`1.2.3`	`1.2.5`

Updates postcss from 8.4.21 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by @romainmenke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by @remcohaszing).

Changelog

Sourced from postcss's changelog.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by Romain Menke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by Remco Haszing).

Commits

90208de Release 8.4.31 version
58cc860 Fix carrier return parsing
4fff8e4 Improve pnpm test output
cd43ed1 Update dependencies
caa916b Update dependencies
8972f76 Typo
11a5286 Typo
45c5501 Release 8.4.30 version
bc3c341 Update linter
b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
Additional commits viewable in compare view

Updates vite from 4.1.2 to 4.5.3

Changelog

Sourced from vite's changelog.

4.5.3 (2024-03-24)

fix: fs.deny with globs with directories (#16250) (96a7f3a), closes #16250

4.5.2 (2024-01-19)

fix: fs deny for case insensitive systems (#15653) (eeec23b), closes #15653

4.5.1 (2023-12-04)

fix: backport #15223, proxy html path should be encoded (#15226) (41bb354), closes #15223 #15226

4.5.0 (2023-10-18)

feat: backport mdx as known js source (#14560) (#14670) (45595ef), closes #14560 #14670

feat: scan .marko files (#14669) (ed7bdc5), closes #14669

feat(ssr): backport ssr.resolve.conditions and ssr.resolve.externalConditions (#14498) (#14668) (520139c), closes #14498 #14668

4.4.11 (2023-10-05)

revert: "fix: use string manipulation instead of regex to inject esbuild helpers (54e1275), closes #14094

4.4.10 (2023-10-03)

fix: add source map to Web Workers (fix #14216) (#14217) (df6f32f), closes #14216 #14217

fix: handle errors during hasWorkspacePackageJSON function (#14394) (6f6e5de), closes #14394

fix: handle sourcemap correctly when multiple line import exists (#14232) (218861f), closes #14232

fix: if host is specified check whether it is valid (#14013) (b1b816a), closes #14013

fix: include vite/types/* in exports field (#14296) (40e99a1), closes #14296

fix: initWasm options should be optional (#14152) (119c074), closes #14152

fix: restore builtins list (f8b9adb)

fix: use string manipulation instead of regex to inject esbuild helpers (#14094) (128ad8f), closes #14094

fix: ws never connects after restarting server if server.hmr.server is set (#14127) (441642e), closes #14127

fix(analysis): warnings for dynamic imports that use static template literals (#14458) (0c6d289), closes #14458

fix(cli): convert special base (#14283) (d4bc0fb), closes #14283

fix(css): remove pure css chunk sourcemap (#14290) (cd7e033), closes #14290

fix(css): reset render cache on renderStart (#14326) (d334b3d), closes #14326

fix(glob): trigger HMR for glob in a package (#14117) (0f582bf), closes #14117

fix(import-analysis): preserve importedUrls import order (#14465) (269aa43), closes #14465

fix(manifest): preserve pure css chunk assets (#14297) (3d63ae6), closes #14297

... (truncated)

Commits

aac695e release: v4.5.3
96a7f3a fix: fs.deny with globs with directories (#16250)
d0360c1 release: v4.5.2
eeec23b fix: fs deny for case insensitive systems (#15653)
c075115 release: v4.5.1
41bb354 fix: backport #15223, proxy html path should be encoded (#15226)
055d2b8 release: v4.5.0
ed7bdc5 feat: scan .marko files (#14669)
45595ef feat: backport mdx as known js source (#14560) (#14670)
520139c feat(ssr): backport ssr.resolve.conditions and ssr.resolve.externalConditions...
Additional commits viewable in compare view

Updates @babel/traverse from 7.20.13 to 7.25.6

Release notes

Sourced from @babel/traverse's releases.

v7.25.6 (2024-08-29)

Thanks @j4k0xb for your first PR!

🐛 Bug Fix

babel-generator

#16783 Properly print inner comments in TS array types (@nicolo-ribaudo)

#16775 fix: jsx whitespace is not properly preserved when retainLines (@liuxingbaoyu)

babel-traverse

#16727 fix: path.getAssignmentIdentifiers may be undefined (@liuxingbaoyu)

babel-parser

#16761 fix: improve static canFollowModifier checks (@JLHwung)

babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3

#16769 Only wrap functions in superPropertyGet helper (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16780 Do not enforce printing space between ( and comments (@nicolo-ribaudo)

babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes

#16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@nicolo-ribaudo)

babel-generator

#16782 TS union/intersection nested in union does not need parens (@nicolo-ribaudo)

🏠 Internal

babel-generator

#16777 Remove unused parent params in the generator (@nicolo-ribaudo)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@j4k0xb

@liuxingbaoyu

v7.25.5 (2024-08-23)

🐛 Bug Fix

babel-generator, babel-traverse

#16764 fix: Generate sequence expression parentheses correctly (@liuxingbaoyu)

💅 Polish

babel-generator

#16738 Only force-parenthesize satisfies's LHS if it has newlines (@nicolo-ribaudo)

Committers: 2

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.25.4 (2024-08-22)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.25.6 (2024-08-29)

🐛 Bug Fix

babel-generator

#16783 Properly print inner comments in TS array types (@nicolo-ribaudo)

#16775 fix: jsx whitespace is not properly preserved when retainLines (@liuxingbaoyu)

babel-traverse

#16727 fix: path.getAssignmentIdentifiers may be undefined (@liuxingbaoyu)

babel-parser

#16761 fix: improve static canFollowModifier checks (@JLHwung)

babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3

#16769 Only wrap functions in superPropertyGet helper (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16780 Do not enforce printing space between ( and comments (@nicolo-ribaudo)

babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes

#16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@nicolo-ribaudo)

babel-generator

#16782 TS union/intersection nested in union does not need parens (@nicolo-ribaudo)

🏠 Internal

babel-generator

#16777 Remove unused parent params in the generator (@nicolo-ribaudo)

v7.25.5 (2024-08-23)

🐛 Bug Fix

babel-generator, babel-traverse

#16764 fix: Generate parentheses correctly (@liuxingbaoyu)

💅 Polish

babel-generator

#16738 Only force-parenthesize satisfies's LHS if it has newlines (@nicolo-ribaudo)

v7.25.4 (2024-08-22)

🐛 Bug Fix

babel-traverse

#16756 fix: Skip computed key when renaming (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16755 fix: Decorator 2018-09 may throw an exception (@liuxingbaoyu)

babel-types

#16710 Visit AST fields nodes according to their syntactical order (@nicolo-ribaudo)

babel-generator

#16709 Print semicolon after TS export namespace as A (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse

#16722 Avoid unnecessary parens around sequence expressions (@nicolo-ribaudo)

babel-generator, babel-plugin-transform-class-properties

#16714 Avoid unnecessary parens around exported arrow functions (@nicolo-ribaudo)

... (truncated)

Commits

2f72b97 v7.25.6
faceae9 fix: path.getAssignmentIdentifiers may be undefined (#16727)
46ee612 Remove some NodePath methods (#16655)
2fdc8b5 fix: Generate sequence expression parentheses correctly (#16764)
cbf124c v7.25.4
2b289fb fix: skip computed key when renaming (#16756)
575863c Avoid unnecessary parens around sequence expressions (#16722)
5174ad1 Clean all always enabled parser plugins (#16572)
52718ab Discontinue babel-eslint-config-internal (#16718)
dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates msgpackr from 1.8.3 to 1.11.0

Commits

See full diff in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [postcss](https://github.com/postcss/postcss) | `8.4.21` | `8.4.31` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.1.2` | `4.5.3` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.20.13` | `7.25.6` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [msgpackr](https://github.com/kriszyp/msgpackr) | `1.8.3` | `1.11.0` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `postcss` from 8.4.21 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.21...8.4.31) Updates `vite` from 4.1.2 to 4.5.3 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.5.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.5.3/packages/vite) Updates `@babel/traverse` from 7.20.13 to 7.25.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.6/packages/babel-traverse) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `msgpackr` from 1.8.3 to 1.11.0 - [Release notes](https://github.com/kriszyp/msgpackr/releases) - [Commits](https://github.com/kriszyp/msgpackr/commits) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: msgpackr dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Uh oh!

dependabot bot commented on behalf of github Sep 11, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 11, 2024

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.23

8.4.22

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.23

8.4.22

4.5.3 (2024-03-24)

4.5.2 (2024-01-19)

4.5.1 (2023-12-04)

4.5.0 (2023-10-18)

4.4.11 (2023-10-05)

4.4.10 (2023-10-03)

v7.25.6 (2024-08-29)

🐛 Bug Fix

💅 Polish

🏠 Internal

Committers: 5

v7.25.5 (2024-08-23)

🐛 Bug Fix

💅 Polish

Committers: 2

v7.25.4 (2024-08-22)

v7.25.6 (2024-08-29)

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.25.5 (2024-08-23)

🐛 Bug Fix

💅 Polish

v7.25.4 (2024-08-22)

🐛 Bug Fix

💅 Polish

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

[4.0.6] - 2024-05-21

1.2.5

1.2.4

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants