Follow-up patch for 3.0.1: dependency bumps and CVE fixes #264

XFox111 · 2023-12-06T08:52:18Z

🚀 Patch Tuesday update

This pull request is a part of our new initiative!
From now on we are starting to roll out updates on every first Tuesday of the month, which will include bugfixes, security and dependency updates to keep the project's security and stability up to date!

Description

Dependencies update and security fixes.

Changelog

Dependency bumps

Fixed security vulnerabilities

CVE-2023-49293 (Bump vite from 4.5.1 to 5.0.5 #263)

Other

Extended the limit of PRs @dependabot can open

PR Checklist

[N/A] ~~Update version in package.json~~
[Post-merge] Review and publish GitHub release
[Post-deploy] Update changelog for Firefox webstore

Bumps [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react-swc) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/vitejs/vite-plugin-react-swc/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react-swc/blob/main/CHANGELOG.md) - [Commits](vitejs/vite-plugin-react-swc@v3.4.1...v3.5.0) --- updated-dependencies: - dependency-name: "@vitejs/plugin-react-swc" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@fluentui/react-components](https://github.com/microsoft/fluentui) from 9.39.0 to 9.42.0. - [Release notes](https://github.com/microsoft/fluentui/releases) - [Changelog](https://github.com/microsoft/fluentui/blob/master/azure-pipelines.release-fluentui.yml) - [Commits](https://github.com/microsoft/fluentui/compare/@fluentui/react-components_v9.39.0...@fluentui/react-components_v9.42.0) --- updated-dependencies: - dependency-name: "@fluentui/react-components" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [vite-plugin-static-copy](https://github.com/sapphi-red/vite-plugin-static-copy) from 0.17.0 to 0.17.1. - [Release notes](https://github.com/sapphi-red/vite-plugin-static-copy/releases) - [Changelog](https://github.com/sapphi-red/vite-plugin-static-copy/blob/main/CHANGELOG.md) - [Commits](sapphi-red/vite-plugin-static-copy@v0.17.0...v0.17.1) --- updated-dependencies: - dependency-name: vite-plugin-static-copy dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh) from 0.4.4 to 0.4.5. - [Release notes](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases) - [Changelog](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md) - [Commits](ArnaudBarre/eslint-plugin-react-refresh@v0.4.4...v0.4.5) --- updated-dependencies: - dependency-name: eslint-plugin-react-refresh dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [eslint](https://github.com/eslint/eslint) from 8.53.0 to 8.55.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.53.0...v8.55.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eugene Fox <eugene.xfox@outlook.com>

Bumps [vite-plugin-web-extension](https://github.com/aklinker1/vite-plugin-web-extension) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/aklinker1/vite-plugin-web-extension/releases) - [Commits](aklinker1/vite-plugin-web-extension@v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: vite-plugin-web-extension dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 6.13.1 to 6.13.2. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.13.2/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 18.2.37 to 18.2.42. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: "@types/react" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [vite-plugin-svgr](https://github.com/pd4d10/vite-plugin-svgr) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/pd4d10/vite-plugin-svgr/releases) - [Commits](pd4d10/vite-plugin-svgr@v4.1.0...v4.2.0) --- updated-dependencies: - dependency-name: vite-plugin-svgr dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eugene Fox <eugene.xfox@outlook.com>

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.10.0 to 6.13.2. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.13.2/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) from 18.2.15 to 18.2.17. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom) --- updated-dependencies: - dependency-name: "@types/react-dom" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 4.5.1 to 5.0.5. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.0.5/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot and others added 13 commits December 6, 2023 11:22

Extended limit of PRs dependabot can open

d76c16b

XFox111 added security fix dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code patch-tuesday labels Dec 6, 2023

XFox111 added this to the Patch Tuesday. December 2023 milestone Dec 6, 2023

XFox111 self-assigned this Dec 6, 2023

Updated release template

97e7058

XFox111 merged commit 2c70ca2 into main Dec 6, 2023
4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Follow-up patch for 3.0.1: dependency bumps and CVE fixes #264

Follow-up patch for 3.0.1: dependency bumps and CVE fixes #264

XFox111 commented Dec 6, 2023

Follow-up patch for 3.0.1: dependency bumps and CVE fixes #264

Follow-up patch for 3.0.1: dependency bumps and CVE fixes #264

Conversation

XFox111 commented Dec 6, 2023

🚀 Patch Tuesday update

Description

Changelog

Dependency bumps

Fixed security vulnerabilities

Other

PR Checklist