-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump the npm_and_yarn group with 6 updates #8403
Closed
dependabot
wants to merge
1
commit into
develop
from
dependabot/npm_and_yarn/npm_and_yarn-b6e27b4559
Closed
chore(deps): bump the npm_and_yarn group with 6 updates #8403
dependabot
wants to merge
1
commit into
develop
from
dependabot/npm_and_yarn/npm_and_yarn-b6e27b4559
+566
−3,172
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependabot
bot
added
javascript
Pull requests that update Javascript code
PR: dependencies
Pull requests that update a dependency file
labels
Jul 19, 2024
I saw #8244 which seemed to be related to https://github.com/google/blockly/security/dependabot/48 |
github-actions
bot
added
PR: chore
General chores (dependencies, typos, etc)
and removed
PR: chore
General chores (dependencies, typos, etc)
labels
Jul 22, 2024
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-b6e27b4559
branch
from
July 22, 2024 15:13
f7fadb5
to
afffc0e
Compare
github-actions
bot
added
PR: chore
General chores (dependencies, typos, etc)
and removed
PR: chore
General chores (dependencies, typos, etc)
labels
Jul 22, 2024
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-b6e27b4559
branch
from
July 22, 2024 22:09
afffc0e
to
5e96930
Compare
github-actions
bot
added
PR: chore
General chores (dependencies, typos, etc)
and removed
PR: chore
General chores (dependencies, typos, etc)
labels
Jul 22, 2024
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-b6e27b4559
branch
from
July 26, 2024 18:29
5e96930
to
4418584
Compare
github-actions
bot
added
PR: chore
General chores (dependencies, typos, etc)
and removed
PR: chore
General chores (dependencies, typos, etc)
labels
Jul 26, 2024
github-actions
bot
added
PR: chore
General chores (dependencies, typos, etc)
and removed
PR: chore
General chores (dependencies, typos, etc)
labels
Aug 5, 2024
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-b6e27b4559
branch
from
August 7, 2024 16:39
c56386e
to
ddbf7be
Compare
github-actions
bot
added
PR: chore
General chores (dependencies, typos, etc)
and removed
PR: chore
General chores (dependencies, typos, etc)
labels
Aug 7, 2024
Bumps the npm_and_yarn group with 6 updates: | Package | From | To | | --- | --- | --- | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [gulp](https://github.com/gulpjs/gulp) | `4.0.2` | `5.0.0` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.4` | `1.15.6` | | [ip](https://github.com/indutny/node-ip) | `1.1.9` | `removed` | | [pac-resolver](https://github.com/TooTallNate/proxy-agents/tree/HEAD/packages/pac-resolver) | `7.0.0` | `7.0.1` | | [socks](https://github.com/JoshGlazebrook/socks) | `2.7.1` | `2.8.3` | Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `gulp` from 4.0.2 to 5.0.0 - [Release notes](https://github.com/gulpjs/gulp/releases) - [Changelog](https://github.com/gulpjs/gulp/blob/master/CHANGELOG.md) - [Commits](gulpjs/gulp@v4.0.2...v5.0.0) Updates `follow-redirects` from 1.15.4 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.4...v1.15.6) Removes `ip` Updates `pac-resolver` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/TooTallNate/proxy-agents/releases) - [Changelog](https://github.com/TooTallNate/proxy-agents/blob/main/packages/pac-resolver/CHANGELOG.md) - [Commits](https://github.com/TooTallNate/proxy-agents/commits/[email protected]/packages/pac-resolver) Updates `socks` from 2.7.1 to 2.8.3 - [Release notes](https://github.com/JoshGlazebrook/socks/releases) - [Commits](JoshGlazebrook/socks@2.7.1...2.8.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: gulp dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pac-resolver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socks dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-b6e27b4559
branch
from
August 8, 2024 22:19
ddbf7be
to
635b440
Compare
github-actions
bot
added
PR: chore
General chores (dependencies, typos, etc)
and removed
PR: chore
General chores (dependencies, typos, etc)
labels
Aug 8, 2024
Looks like these dependencies are updatable in another way, so this is no longer needed. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/npm_and_yarn-b6e27b4559
branch
August 9, 2024 18:15
github-actions
bot
added
PR: chore
General chores (dependencies, typos, etc)
and removed
PR: chore
General chores (dependencies, typos, etc)
labels
Aug 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
javascript
Pull requests that update Javascript code
PR: chore
General chores (dependencies, typos, etc)
PR: dependencies
Pull requests that update a dependency file
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 6 updates:
3.0.2
3.0.3
4.0.2
5.0.0
1.15.4
1.15.6
1.1.9
removed
7.0.0
7.0.1
2.7.1
2.8.3
Updates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
gulp
from 4.0.2 to 5.0.0Release notes
Sourced from gulp's releases.
... (truncated)
Changelog
Sourced from gulp's changelog.
... (truncated)
Commits
5c4c547
chore: Release 5.0.0 (#2762)bf72116
chore: Add index.mjs to files listb00de68
feat: Provide an ESM export (#2760)72668c6
chore!: Normalize repository, dropping node <10.13 support (#2758)85896d4
chore(docs): Update stream handbook link (#2711)818bd73
Docs: Remove gulp-sourcemaps because it is built-in (#2592)598f971
Docs: Fix broken link in recipe (#2571)9877de0
Docs: Guide CustomRegistries to maintain properties on tasks (fixes #2561) (#...f91c388
Docs: Remove typo in custom registry docs (#2543)df25250
Docs: Fix typo in task docs (#2524)Updates
follow-redirects
from 1.15.4 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.Removes
ip
Updates
pac-resolver
from 7.0.0 to 7.0.1Release notes
Sourced from pac-resolver's releases.
Changelog
Sourced from pac-resolver's changelog.
Commits
d4d3cd0
Version Packages (#271)a954da3
[pac-resolver] Removeip
dependency (#281)aaebfa4
Prettier5923589
Moved licenses to separate files (#251)Updates
socks
from 2.7.1 to 2.8.3Release notes
Sourced from socks's releases.
Commits
a2a06d9
2.8.3992b002
Fix bug with ipv6 conversion in ipToBuffer (#101)99633ae
v280 (#98)89d8c07
Fix package lock for 2.7.x (#97)66b7f73
remove ip package (#94)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.