Bump the npm_and_yarn group across 10 directories with 9 updates #4

dependabot · 2024-03-27T18:45:29Z

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
@babel/traverse	`7.11.0`	`7.23.2`
semver	`6.3.0`	`6.3.1`
electron	`23.1.2`	`24.8.5`
ip	`1.1.5`	`1.1.9`
express	`4.18.2`	`4.19.2`
follow-redirects	`1.7.0`	`1.15.6`
webpack-dev-middleware	`5.3.3`	`5.3.4`
word-wrap	`1.2.3`	`1.2.5`
Bumps the npm_and_yarn group with 4 updates in the /fixtures/attribute-behavior directory: semver, ip, express and lodash.
Bumps the npm_and_yarn group with 5 updates in the /fixtures/concurrent/time-slicing directory:

Package	From	To
semver	`5.7.1`	`5.7.2`
ip	`1.1.5`	`1.1.9`
express	`4.17.1`	`4.19.2`
follow-redirects	`1.14.0`	`1.15.6`
word-wrap	`1.2.3`	`1.2.5`
Bumps the npm_and_yarn group with 5 updates in the /fixtures/dom directory:

Package	From	To
semver	`5.7.1`	`5.7.2`
ip	`1.1.5`	`1.1.9`
express	`4.17.1`	`4.19.2`
follow-redirects	`1.13.0`	`1.15.6`
word-wrap	`1.2.3`	`1.2.5`
Bumps the npm_and_yarn group with 4 updates in the /fixtures/expiration directory: semver, ip, express and lodash.
Bumps the npm_and_yarn group with 1 update in the /fixtures/fiber-debugger directory: express.
Bumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/brunch/dev directory: semver and express.
Bumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/brunch/prod directory: semver and express.
Bumps the npm_and_yarn group with 4 updates in the /fixtures/ssr directory: semver, express, follow-redirects and word-wrap.
Bumps the npm_and_yarn group with 3 updates in the /fixtures/ssr2 directory: @babel/traverse, semver and express.

Updates @babel/traverse from 7.11.0 to 7.23.2

Release notes

Sourced from @babel/traverse's releases.

v7.23.2 (2023-10-11)

NOTE: This release also re-publishes @babel/core, even if it does not appear in the linked release commit.

Thanks @jimmydief for your first PR!

🐛 Bug Fix

babel-traverse

#16033 Only evaluate own String/Number/Math methods (@nicolo-ribaudo)

babel-preset-typescript

#16022 Rewrite .tsx extension when using rewriteImportExtensions (@jimmydief)

babel-helpers

#16017 Fix: fallback to typeof when toString is applied to incompatible object (@JLHwung)

babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16025 Avoid override mistake in namespace imports (@nicolo-ribaudo)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

James Diefenderfer (@jimmydief)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.23.1 (2023-09-25)

Re-publishing @babel/helpers due to a publishing error in 7.23.0.

v7.23.0 (2023-09-25)

Thanks @lorenzoferre and @RajShukla1 for your first PRs!

🚀 New Feature

babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-import-source, babel-plugin-transform-dynamic-import

#15870 Support transforming import source for wasm (@nicolo-ribaudo)

babel-helper-module-transforms, babel-helpers, babel-plugin-proposal-import-defer, babel-plugin-syntax-import-defer, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#15878 Implement import defer proposal transform support (@nicolo-ribaudo)

babel-generator, babel-parser, babel-types

#15845 Implement import defer parsing support (@nicolo-ribaudo)

#15829 Add parsing support for the "source phase imports" proposal (@nicolo-ribaudo)

babel-generator, babel-helper-module-transforms, babel-parser, babel-plugin-transform-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-traverse, babel-types

#15682 Add createImportExpressions parser option (@JLHwung)

babel-standalone

#15671 Pass through nonce to the transformed script element (@JLHwung)

babel-helper-function-name, babel-helper-member-expression-to-functions, babel-helpers, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-optional-chaining-assign, babel-plugin-syntax-optional-chaining-assign, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone, babel-types

#15751 Add support for optional chain in assignments (@nicolo-ribaudo)

babel-helpers, babel-plugin-proposal-decorators

#15895 Implement the "decorator metadata" proposal (@nicolo-ribaudo)

babel-traverse, babel-types

#15893 Add t.buildUndefinedNode (@liuxingbaoyu)

babel-preset-typescript

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.23.2 (2023-10-11)

🐛 Bug Fix

babel-traverse

#16033 Only evaluate own String/Number/Math methods (@nicolo-ribaudo)

babel-preset-typescript

#16022 Rewrite .tsx extension when using rewriteImportExtensions (@jimmydief)

babel-helpers

#16017 Fix: fallback to typeof when toString is applied to incompatible object (@JLHwung)

babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16025 Avoid override mistake in namespace imports (@nicolo-ribaudo)

v7.23.0 (2023-09-25)

🚀 New Feature

babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-import-source, babel-plugin-transform-dynamic-import

#15870 Support transforming import source for wasm (@nicolo-ribaudo)

babel-helper-module-transforms, babel-helpers, babel-plugin-proposal-import-defer, babel-plugin-syntax-import-defer, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#15878 Implement import defer proposal transform support (@nicolo-ribaudo)

babel-generator, babel-parser, babel-types

#15845 Implement import defer parsing support (@nicolo-ribaudo)

#15829 Add parsing support for the "source phase imports" proposal (@nicolo-ribaudo)

babel-generator, babel-helper-module-transforms, babel-parser, babel-plugin-transform-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-traverse, babel-types

#15682 Add createImportExpressions parser option (@JLHwung)

babel-standalone

#15671 Pass through nonce to the transformed script element (@JLHwung)

babel-helper-function-name, babel-helper-member-expression-to-functions, babel-helpers, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-optional-chaining-assign, babel-plugin-syntax-optional-chaining-assign, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone, babel-types

#15751 Add support for optional chain in assignments (@nicolo-ribaudo)

babel-helpers, babel-plugin-proposal-decorators

#15895 Implement the "decorator metadata" proposal (@nicolo-ribaudo)

babel-traverse, babel-types

#15893 Add t.buildUndefinedNode (@liuxingbaoyu)

babel-preset-typescript

#15913 Add rewriteImportExtensions option to TS preset (@nicolo-ribaudo)

babel-parser

#15896 Allow TS tuples to have both labeled and unlabeled elements (@yukukotani)

🐛 Bug Fix

babel-plugin-transform-block-scoping

#15962 fix: transform-block-scoping captures the variables of the method in the loop (@liuxingbaoyu)

💅 Polish

babel-traverse

#15797 Expand evaluation of global built-ins in @babel/traverse (@lorenzoferre)

babel-plugin-proposal-explicit-resource-management

#15985 Improve source maps for blocks with using declarations (@nicolo-ribaudo)

🔬 Output optimization

babel-core, babel-helper-module-transforms, babel-plugin-transform-async-to-generator, babel-plugin-transform-classes, babel-plugin-transform-dynamic-import, babel-plugin-transform-function-name, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-inline-elements, babel-plugin-transform-runtime, babel-plugin-transform-typescript, babel-preset-env

#15984 Inline exports.XXX = update in simple variable declarations (@nicolo-ribaudo)

v7.22.20 (2023-09-16)

... (truncated)

Commits

b4b9942 v7.23.2
b13376b Only evaluate own String/Number/Math methods (#16033)
ca58ec1 v7.23.0
0f333da Add createImportExpressions parser option (#15682)
3744545 Fix linting
c7e6806 Add t.buildUndefinedNode (#15893)
38ee8b4 Expand evaluation of global built-ins in @babel/traverse (#15797)
9f3dfd9 v7.22.20
3ed28b2 Fully support || and && in pluginToggleBooleanFlag (#15961)
77b0d73 v7.22.19
Additional commits viewable in compare view

Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

928e56d #591 better handling of whitespace (#591) (@lukekarrys, @joaomoreno, @nicolo-ribaudo)

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

928e56d #591 better handling of whitespace (#591) (@lukekarrys, @joaomoreno, @nicolo-ribaudo)

6.2.0

Coerce numbers to strings when passed to semver.coerce()

Add rtl option to coerce from right to left

6.1.3

Handle X-ranges properly in includePrerelease mode

6.1.2

Do not throw when testing invalid version strings

6.1.1

Add options support for semver.coerce()

Handle undefined version passed to Range.test

6.1.0

Add semver.compareBuild function

Support * in semver.intersects

6.0

Fix intersects logic.

This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits

44d27bc chore: release 6.3.1
928e56d fix: better handling of whitespace (#591)
39f6326 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates electron from 23.1.2 to 24.8.5

Commits

543f7c3 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40025)
e51dee4 fix: use generic capturer to list both screens and windows when possible (#39...
384f44d ci: fix linux builds of forks (#39942)
edb117a build: use afs on aks instead of circle cache (#39913)
3f864b2 build: fixup autoninja (#39901)
97bf8c8 build: run on circle hosts for forks (#39864)
4a9b367 build: use aks backed runners for linux builds (#39837)
0508e25 chore: cherry-pick b2eab7500a18 from chromium (#39826)
0641412 fix: ensure app load is limited to real asar files when appropriate (#39810)
c574fed chore: cherry-pick 3 changes from Release-3-M116 (#39757)
Additional commits viewable in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

1ecbf2f 1.1.9
6a3ada9 lib: fixed CVE-2023-42282 and added unit test
5dc3b2f 1.1.8
8e6f28b lib: even better node 6 support
088c9e5 1.1.7
1a4ca35 lib: add back support for Node.js 6
af82ef4 1.1.6
dba19f6 package: exclude test folder from publishing
7cd7f30 ci: use github workflows
4de50ae lib: node 18 support
See full diff in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.7.0 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates lodash from 4.17.15 to 4.17.21

Commits

f299b52 Bump to v4.17.21
c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
3469357 Prevent command injection through _.template's variable option
ded9bc6 Bump to v4.17.20.
63150ef Documentation fixes.
00f0f62 test.js: Remove trailing comma.
846e434 Temporarily use a custom fork of lodash-cli.
5d046f3 Re-enable Travis tests on 4.17 branch.
aa816b3 Remove /npm-package.
d7fbc52 Bump to v4.17.19
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

Commits

86071ea chore(release): 5.3.4
189c4ac fix(security): do not allow to read files above (#1779)
See full diff in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Updates semver from 5.4.1 to 5.7.2

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

928e56d #591 better handling of whitespace (#591) (@lukekarrys, @joaomoreno, @nicolo-ribaudo)

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

928e56d #591 better handling of whitespace (#591) (@lukekarrys, @joaomoreno, @nicolo-ribaudo)

6.2.0

Coerce numbers to strings when passed to semver.coerce()

Add rtl option to coerce from right to left

6.1.3

Handle X-ranges properly in includePrerelease mode

6.1.2

Do not throw when testing invalid version strings

6.1.1

Add options support for semver.coerce()

Handle undefined version passed to Range.test

6.1.0

Add semver.compareBuild function

Support * in semver.intersects

6.0

Fix intersects logic.

This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits

44d27bc chore: release 6.3.1
928e56d fix: better handling of whitespace (#591)
39f6326 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates ip from 1.1.5 to 1.1.9

Commits

1ecbf2f 1.1.9
6a3ada9 lib: fixed CVE-2023-42282 and added unit test
5dc3b2f 1.1.8
8e6f28b lib: even better node 6 support
088c9e5 1.1.7
1a4ca35 lib: add back support for Node.js 6
af82ef4 1.1.6
dba19f6 package: exclude test folder from publishing
7cd7f30 ci: use github workflows
4de50ae lib: node 18 support
See full diff in compare view

Updates express from 4.15.4 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates lodash from 4.17.4 to 4.17.21

Commits

f299b52 Bump to v4.17.21
c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
3469357 Prevent command injection through _.template's variable option
ded9bc6 Bump to v4.17.20.
63150ef Documentation fixes.
00f0f62 test.js: Remove trailing comma.
846e434 Temporarily use a custom fork of lodash-cli.
5d046f3 Re-enable Travis tests on 4.17 branch.
aa816b3 Remove /npm-package.
d7fbc52 Bump to v4.17.19
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

928e56d #591 better handling of whitespace (#591) (@lukekarrysDescription has been truncated

Bumps the npm_and_yarn group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.11.0` | `7.23.2` | | [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` | | [electron](https://github.com/electron/electron) | `23.1.2` | `24.8.5` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.7.0` | `1.15.6` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 4 updates in the /fixtures/attribute-behavior directory: [semver](https://github.com/npm/node-semver), [ip](https://github.com/indutny/node-ip), [express](https://github.com/expressjs/express) and [lodash](https://github.com/lodash/lodash). Bumps the npm_and_yarn group with 5 updates in the /fixtures/concurrent/time-slicing directory: | Package | From | To | | --- | --- | --- | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.19.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.0` | `1.15.6` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 5 updates in the /fixtures/dom directory: | Package | From | To | | --- | --- | --- | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.19.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.13.0` | `1.15.6` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 4 updates in the /fixtures/expiration directory: [semver](https://github.com/npm/node-semver), [ip](https://github.com/indutny/node-ip), [express](https://github.com/expressjs/express) and [lodash](https://github.com/lodash/lodash). Bumps the npm_and_yarn group with 1 update in the /fixtures/fiber-debugger directory: [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/brunch/dev directory: [semver](https://github.com/npm/node-semver) and [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/brunch/prod directory: [semver](https://github.com/npm/node-semver) and [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 4 updates in the /fixtures/ssr directory: [semver](https://github.com/npm/node-semver), [express](https://github.com/expressjs/express), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [word-wrap](https://github.com/jonschlinkert/word-wrap). Bumps the npm_and_yarn group with 3 updates in the /fixtures/ssr2 directory: [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse), [semver](https://github.com/npm/node-semver) and [express](https://github.com/expressjs/express). Updates `@babel/traverse` from 7.11.0 to 7.23.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) Updates `semver` from 6.3.0 to 6.3.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `electron` from 23.1.2 to 24.8.5 - [Release notes](https://github.com/electron/electron/releases) - [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md) - [Commits](electron/electron@v23.1.2...v24.8.5) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `follow-redirects` from 1.7.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.7.0...v1.15.6) Updates `lodash` from 4.17.15 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.4...4.17.21) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `semver` from 5.4.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `express` from 4.15.4 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `lodash` from 4.17.4 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.4...4.17.21) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `express` from 4.17.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `follow-redirects` from 1.14.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.7.0...v1.15.6) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `express` from 4.17.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `follow-redirects` from 1.13.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.7.0...v1.15.6) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `semver` from 5.4.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `express` from 4.16.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `lodash` from 4.17.4 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.4...4.17.21) Updates `express` from 4.14.0 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `semver` from 5.4.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `express` from 4.16.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `semver` from 5.4.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `express` from 4.16.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `express` from 4.17.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `follow-redirects` from 1.13.3 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.7.0...v1.15.6) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `@babel/traverse` from 7.14.2 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `express` from 4.17.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: electron dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-06-11T08:41:29Z

Superseded by #7.

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 27, 2024

dependabot bot closed this Jun 11, 2024

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-307fdf7178 branch June 11, 2024 08:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 10 directories with 9 updates #4

Bump the npm_and_yarn group across 10 directories with 9 updates #4

Uh oh!

dependabot bot commented on behalf of github Mar 27, 2024

Uh oh!

dependabot bot commented on behalf of github Jun 11, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the npm_and_yarn group across 10 directories with 9 updates #4

Bump the npm_and_yarn group across 10 directories with 9 updates #4

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 27, 2024

v7.23.2 (2023-10-11)

🐛 Bug Fix

Committers: 5

v7.23.1 (2023-09-25)

v7.23.0 (2023-09-25)

🚀 New Feature

v7.23.2 (2023-10-11)

🐛 Bug Fix

v7.23.0 (2023-09-25)

🚀 New Feature

🐛 Bug Fix

💅 Polish

🔬 Output optimization

v7.22.20 (2023-09-16)

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

6.3.1 (2023-07-10)

Bug Fixes

6.2.0

6.1.3

6.1.2

6.1.1

6.1.0

6.0

5.7

5.6

5.5

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

5.3.4 (2024-03-20)

Bug Fixes

1.2.5

1.2.4

What's Changed

New Contributors

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

6.3.1 (2023-07-10)

Bug Fixes

6.2.0

6.1.3

6.1.2

6.1.1

6.1.0

6.0

5.7

5.6

5.5

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes