Skip to content

Bump the npm_and_yarn group across 1 directory with 12 updates #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 12 updates #39

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2025

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package From To
@babel/runtime-corejs3 7.12.5 7.26.10
@babel/traverse 7.12.12 7.26.10
browserify-sign 4.2.1 4.2.3
elliptic 6.5.4 6.6.1
es5-ext 0.10.53 0.10.64
express 4.18.2 4.21.2
follow-redirects 1.14.8 1.15.9
nanoid 3.2.0 3.3.10
tar 6.1.11 6.2.1

Updates @babel/runtime-corejs3 from 7.12.5 to 7.26.10

Release notes

Sourced from @​babel/runtime-corejs3's releases.

v7.26.10 (2025-03-11)

Thanks @​jordan-choi and @​mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

🐛 Bug Fix

  • babel-parser, babel-template
  • babel-core
  • babel-parser, babel-plugin-transform-typescript
  • babel-traverse
  • babel-generator
  • babel-parser
  • babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

💅 Polish

  • babel-standalone

🏠 Internal

Committers: 6

v7.26.9 (2025-02-14)

🐛 Bug Fix

... (truncated)

Changelog

Sourced from @​babel/runtime-corejs3's changelog.

v7.26.10 (2025-03-11)

👓 Spec Compliance

🐛 Bug Fix

  • babel-parser, babel-template
  • babel-core
  • babel-parser, babel-plugin-transform-typescript
  • babel-traverse
  • babel-generator
  • babel-parser
  • babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

💅 Polish

  • babel-standalone

🏠 Internal

v7.26.9 (2025-02-14)

🐛 Bug Fix

🏠 Internal

v7.26.7 (2025-01-24)

🐛 Bug Fix

  • babel-helpers, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-transform-typeof-symbol

... (truncated)

Commits

Updates @babel/traverse from 7.12.12 to 7.26.10

Release notes

Sourced from @​babel/traverse's releases.

v7.26.10 (2025-03-11)

Thanks @​jordan-choi and @​mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

🐛 Bug Fix

  • babel-parser, babel-template
  • babel-core
  • babel-parser, babel-plugin-transform-typescript
  • babel-traverse
  • babel-generator
  • babel-parser
  • babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

💅 Polish

  • babel-standalone

🏠 Internal

Committers: 6

v7.26.9 (2025-02-14)

🐛 Bug Fix

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.26.10 (2025-03-11)

👓 Spec Compliance

🐛 Bug Fix

  • babel-parser, babel-template
  • babel-core
  • babel-parser, babel-plugin-transform-typescript
  • babel-traverse
  • babel-generator
  • babel-parser
  • babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

💅 Polish

  • babel-standalone

🏠 Internal

v7.26.9 (2025-02-14)

🐛 Bug Fix

🏠 Internal

v7.26.7 (2025-01-24)

🐛 Bug Fix

  • babel-helpers, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-transform-typeof-symbol

... (truncated)

Commits

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

  • Only apps should have lockfiles 09a8995
  • [eslint] switch to eslint 83fe463
  • [meta] add npmignore and auto-changelog 4418183
  • [meta] fix package.json indentation 9ac5a5e
  • [Tests] migrate from travis to github actions d845d85
  • [Fix] sign: throw on unsupported padding scheme 8767739
  • [Fix] properly check the upper bound for DSA signatures 85994cd
  • [Tests] handle openSSL not supporting a scheme f5f17c2
  • [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
  • [Dev Deps] update nyc, standard, tape cc5350b
  • [Tests] always run coverage; downgrade nyc 75ce1d5
  • [meta] add safe-publish-latest dcf49ce
  • [Tests] add npm run posttest 75dd8fd
  • [Dev Deps] update tape 3aec038
  • [Tests] skip unsupported schemes 703c83e
  • [Tests] node < 6 lacks array includes 3aa43cf
  • [Dev Deps] fix eslint range 98d4e0d
Commits
  • bf2c3ec v4.2.3
  • 9247adf [patch] widen support to 0.12
  • f427270 [Deps] update `parse-asn1
  • 87f3a35 [Dev Deps] update aud, npmignore, tape
  • fb261ce [Deps] update elliptic
  • 4d0ee49 [patch] drop minimum node support to v1
  • 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
  • 168e16f [Deps] pin elliptic due to a breaking change
  • 37a4758 [actions] remove redundant finisher
  • 4af5a90 v4.2.2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.


Updates elliptic from 6.5.4 to 6.6.1

Commits

Updates es5-ext from 0.10.53 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

... (truncated)

Commits
  • f76b03d chore: Release v0.10.64
  • 2881acd chore: Bump dependencies
  • c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
  • 16f2b72 docs: Fix date in the changelog
  • de4e03c chore: Release v0.10.63
  • 3fd53b7 chore: Upgrade lint-staged to v13
  • bf8ed79 chore: Ensure postinstall script does not crash on Windows
  • 2cbbb07 chore: Bump dependencies
  • 22d0416 chore: Bump LICENSE year
  • a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
  • Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates follow-redirects from 1.14.8 to 1.15.9

Commits
  • e4e55c7 Release version 1.15.9 of the npm package.
  • 31a1abf Attempt much more gentle detection.
  • d2aaa97 Fix url field.
  • 62558f0 Release version 1.15.8 of the npm package.
  • a8d1cee Return subtlety.
  • 458ca8e Fix native URL test for Node 20.
  • ca49e44 Handle KeepAlive connections in tests.
  • f3711d7 Test on Node 20 and 22.
  • fda0faf Fix typo.
  • 760757f Release version 1.15.7 of the npm package.
  • Additional commits viewable in compare view

Updates nanoid from 3.2.0 to 3.3.10

Release notes

Sourced from nanoid's releases.

3.3.10

3.3.9

  • Reduced npm package size.
Changelog

Sourced from nanoid's changelog.

3.3.10

3.3.9

  • Reduced npm package size.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

  • Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

  • Fixed package.

3.3.5

  • Backport funding information.

3.3.4

3.3.3

  • Reduced size (by Anton Khlynovskiy).

3.3.2

  • Fixed enhanced-resolve support.

3.3.1

  • Reduced package size.

3.3

  • Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

  • Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

  • Reduced async exports size (by Artyom Arutyunyan).
  • Moved from Jest to uvu (by Vitaly Baev).

3.1.31

  • Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

3.1.30

  • Reduced size for project with brotli compression (by Anton Khlynovskiy).

3.1.29

  • Reduced npm package size.

3.1.28

... (truncated)

Commits

Updates path-to-regexp from 0.1.7 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

  • Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

  • Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Backtrack protection

Fixed

  • Add backtrack protection to parameters 29b96b4
    • This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

  • Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

  • Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

New Contributors

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

  • Remove link renderization in html while redirecting
Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 12 updates
b2b754a 
Bumps the npm_and_yarn group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/runtime-corejs3](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime-corejs3) | `7.12.5` | `7.26.10` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.12.12` | `7.26.10` |
| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` |
| [elliptic](https://github.com/indutny/elliptic) | `6.5.4` | `6.6.1` |
| [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` |
| [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.8` | `1.15.9` |
| [nanoid](https://github.com/ai/nanoid) | `3.2.0` | `3.3.10` |
| [tar](https://github.com/isaacs/node-tar) | `6.1.11` | `6.2.1` |



Updates `@babel/runtime-corejs3` from 7.12.5 to 7.26.10
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime-corejs3)

Updates `@babel/traverse` from 7.12.12 to 7.26.10
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-traverse)

Updates `browserify-sign` from 4.2.1 to 4.2.3
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.2.1...v4.2.3)

Updates `elliptic` from 6.5.4 to 6.6.1
- [Commits](indutny/elliptic@v6.5.4...v6.6.1)

Updates `es5-ext` from 0.10.53 to 0.10.64
- [Release notes](https://github.com/medikoo/es5-ext/releases)
- [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md)
- [Commits](medikoo/es5-ext@v0.10.53...v0.10.64)

Updates `express` from 4.18.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.18.2...4.21.2)

Updates `follow-redirects` from 1.14.8 to 1.15.9
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.14.8...v1.15.9)

Updates `nanoid` from 3.2.0 to 3.3.10
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.2.0...3.3.10)

Updates `path-to-regexp` from 0.1.7 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12)

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.18.0...0.19.0)

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `tar` from 6.1.11 to 6.2.1
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.11...v6.2.1)

---
updated-dependencies:
- dependency-name: "@babel/runtime-corejs3"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: browserify-sign
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: es5-ext
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 18, 2025
This was referenced Mar 18, 2025
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants