Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): Bump the npm_and_yarn group across 1 directory with 31 updates #974

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 9, 2024

Bumps the npm_and_yarn group with 27 updates in the /internal/remediation/fixtures/santatracker directory:

Package From To
dat.gui 0.7.3 0.7.8
google-closure-library v20190909.0.0 20200315.0.0
jsdom 12.2.0 16.5.0
json5 2.1.0 2.2.2
terser 3.10.11 4.8.1
semver 5.5.1 5.7.2
@babel/traverse 7.6.0 7.24.5
y18n 4.0.0 4.0.3
yargs-parser 10.1.0 21.1.1
yargs 12.0.2 17.7.2
acorn 5.7.3 8.11.3
acorn 7.1.0 8.11.3
acorn 6.0.2 8.11.3
node-fetch 2.6.6 2.6.7
firebase 8.10.0 8.10.1
get-func-name 2.0.0 2.0.2
glob-parent 5.0.0 5.1.2
ws 6.2.1 6.2.2
json-schema 0.2.3 0.4.0
jsprim 1.4.1 1.4.2
lodash 4.17.20 4.17.21
minimatch 3.0.4 3.1.2
mocha 5.2.0 10.4.0
mocha-headless-server 0.1.2 0.1.4
node-forge 0.10.0 1.3.1
google-p12-pem 3.1.2 3.1.4
path-parse 1.0.6 1.0.7
pathval 1.1.0 1.1.1
qs 6.5.2 6.5.3

Updates dat.gui from 0.7.3 to 0.7.8

Release notes

Sourced from dat.gui's releases.

0.7.8

  • Fix ReDos in CSS_RGB and CSS_RGBA #279

0.7.7

No release notes provided.

0.7.6

No release notes provided.

0.7.5

No release notes provided.

0.7.4

No release notes provided.

Commits
  • 6a444cc 0.7.8
  • 103be80 Removed CHANGELOG.md
  • f720c72 Merge pull request #279 from yetingli/master
  • 40f4fc1 Remove link to defunct tutorial.
  • 1e1aecb Fix ReDos in CSS_RGB and CSS_RGBA
  • 51d1a37 Merge pull request #274 from dataarts/dependabot/npm_and_yarn/lodash-4.17.19
  • 28b15c6 Bump lodash from 4.17.15 to 4.17.19
  • 071edeb Use primitive type instead of nullable boxed type
  • 92cebb3 Re-lint.
  • b290bf7 Update lint rules.
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by mrdoob, a new releaser for dat.gui since your current version.


Updates google-closure-library from v20190909.0.0 to 20200315.0.0

Release notes

Sourced from google-closure-library's releases.

Closure Library v20200315

New Additions

  • Add SafeHtml.comment.

Security Fixes

Backwards Incompatible Changes

  • Delete inlay css styles, which are not actually used by Closure.
  • Add non-nullable modifier to return type of functions never returning null.
  • Remove forwardDeclares from Closure Events Listenable by reducing the typing of the event key's src property to just Listenable, instead of Listenable|EventTarget. Note that EventTarget is the primary implementation of Listenable.

Other Changes

  • Added SafeUrl.fromMediaSource()
  • Fix authority parsing in Closure URI parser.
  • Document mode is now based on user agent on IE if not present in document
  • Add a define to module manager so that we can control module loading behaviors.
  • Add non-nullable modifier to return type of functions never returning null.
  • goog.isArray in deprecated in favor of Array.isArray
  • Update Thenable.then rejection handler JSDoc to reflect actual functionality.

Closure Library v20200224

New Additions

  • Create goog.debug.deepFreeze.
  • Added goog.async.promises.allMapsValues utility function

Backwards Incompatible Changes

  • AbstractRange.prototype.getTextRange(s) now return AbstractRange instead of the specific TextRange subclass

Other Changes

  • Remove some forwardDeclares from closure labs net.
  • Remove forwardDeclares from closure/graphics.
  • Remove forwardDeclare from closure/fs.
  • Linkify matching {} and () in URL like https://g\.com?res\{x=3\}
  • The functions allowed by the CSS sanitizer are now case insensitive.
  • Replace uses of goog.isArray in preparation for its removal
  • Remove special case for ie6-ie10 in nexttick.
  • Remove some forwardDeclares from closure/net.
  • Remove forwardDeclares from various Closure packages.

Closure Library v20200204

Note: the last two releases were not pushed to npm. To keep a complete changelog these release notes include the last two as well.

New Additions

  • Add TrustedResourceUrl.fromSafeScript().
  • New htmlsanitizer builder API addition.
  • Extract the version from Headless Chrome user-agent strings.

Backwards Incompatible Changes

  • goog.net.WebSocket no longer accepts direct autoReconnect and getNextReconnect arguments; specify these as fields in an options object instead.

... (truncated)

Commits
  • c6e4fe0 Bump version.
  • 2fb2c6d Migrate goog.forwardDeclare to goog.requireType.
  • ade336a Migrate goog.forwardDeclare to goog.requireType.
  • 964e8f3 RELNOTES[NEW]: Add SafeHtml.comment.
  • a93d568 RELNOTES: Add non-nullable modifier to return type of functions never returni...
  • 294fc00 Fix authority parsing in Closure URI parser.
  • 49624ab Add a define to module manager so that we can control module loading behaviors.
  • 5845fb1 Removed the legacy buffering-proxy detection (aka test-channel).
  • f4c4443 Add non-nullable modifier to return type of functions never returning null.
  • 60f4a9c Add non-nullable modifier to return type of functions never returning null.
  • Additional commits viewable in compare view

Updates jsdom from 12.2.0 to 16.5.0

Release notes

Sourced from jsdom's releases.

Version 16.5.0

  • Added window.queueMicrotask().
  • Added window.event.
  • Added inputEvent.inputType. (diegohaz)
  • Removed ondragexit from Window and friends, per a spec update.
  • Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
  • Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
  • Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
  • Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
  • Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
  • Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
  • Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
  • Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
  • Fixed xhr.response to return null for failures that occur during the middle of the download.
  • Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
  • Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
  • Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

Version 16.4.0

  • Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
  • Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
  • Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
  • Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
  • Fixed el.focus() to work on SVG elements. (zjffun)
  • Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
  • Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
  • Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
  • Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
  • Fixed the valueMissing validation check for <input type="radio">. (zjffun)
  • Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

Version 16.3.0

  • Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
  • Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
  • Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
  • Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
  • Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
  • Fixed drawing an empty canvas into another canvas. (zjffun)

Version 16.2.2

  • Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
  • Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
  • Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
  • Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
  • Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
  • Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
  • Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
  • Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
  • Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
  • Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.

... (truncated)

Changelog

Sourced from jsdom's changelog.

16.5.0

  • Added window.queueMicrotask().
  • Added window.event.
  • Added inputEvent.inputType. (diegohaz)
  • Removed ondragexit from Window and friends, per a spec update.
  • Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
  • Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
  • Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
  • Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
  • Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
  • Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
  • Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
  • Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
  • Fixed xhr.response to return null for failures that occur during the middle of the download.
  • Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
  • Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
  • Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

16.4.0

  • Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
  • Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
  • Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
  • Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
  • Fixed el.focus() to work on SVG elements. (zjffun)
  • Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
  • Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
  • Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
  • Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
  • Fixed the valueMissing validation check for <input type="radio">. (zjffun)
  • Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

16.3.0

  • Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
  • Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
  • Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
  • Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
  • Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
  • Fixed drawing an empty canvas into another canvas. (zjffun)

16.2.2

  • Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
  • Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
  • Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
  • Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
  • Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
  • Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.

... (truncated)

Commits
  • 2d82763 Version 16.5.0
  • 9741311 Fix loading of subresources with Unicode filenames
  • 5e46553 Use domenic's ESLint config as the base
  • 19b35da Fix the URL of about:blank iframes
  • 017568e Support inputType on InputEvent
  • 29f4fdf Upgrade dependencies
  • e2f7639 Refactor create‑event‑accessor.js to remove code duplication
  • ff69a75 Convert JSDOM to use callback functions
  • 19df6bc Update links in contributing guidelines
  • 1e34ff5 Test triage
  • Additional commits viewable in compare view

Updates json5 from 2.1.0 to 2.2.2

Release notes

Sourced from json5's releases.

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

v2.2.0

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

  • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
  • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
  • Fix: Spelling mistakes have been fixed. (#196)
Changelog

Sourced from json5's changelog.

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, diff]

  • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
  • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
  • Fix: Spelling mistakes have been fixed. (#196)
Commits
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • d720b4f Improve readme (e.g. explain JSON5 better!) (#291)
  • 910ce25 docs: fix spelling of Aseem
  • 2aab4dd test: require tap as t in cli tests
  • 6d42686 test: remove mocha syntax from tests
  • 4798b9d docs: update installation and usage for modules
  • Additional commits viewable in compare view

Updates terser from 3.10.11 to 4.8.1

Changelog

Sourced from terser's changelog.

v4.8.1 (backport)

  • Security fix for RegExps that should not be evaluated (regexp DDOS)

v4.8.0

  • Support for numeric separators (million = 1_000_000) was added.
  • Assigning properties to a class is now assumed to be pure.
  • Fixed bug where yield wasn't considered a valid property key in generators.

v4.7.0

  • A bug was fixed where an arrow function would have the wrong size
  • arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.
  • Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.

v4.6.13

  • Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules.
  • Fixed parsing of BigInt with lowercase e in them.

v4.6.12

  • Fixed subtree comparison code, making it see that [1,[2, 3]] is different from [1, 2, [3]]
  • Printing of unicode identifiers has been improved

v4.6.11

  • Read unused classes' properties and method keys, to figure out if they use other variables.
  • Prevent inlining into block scopes when there are name collisions
  • Functions are no longer inlined into parameter defaults, because they live in their own special scope.
  • When inlining identity functions, take into account the fact they may be used to drop this in function calls.
  • Nullish coalescing operator (x ?? y), plus basic optimization for it.
  • Template literals in binary expressions such as + have been further optimized

v4.6.10

  • Do not use reduce_vars when classes are present

v4.6.9

  • Check if block scopes actually exist in blocks

v4.6.8

  • Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects.

v4.6.7

  • Some new performance gains through a AST_Node.size() method which measures a node's source code length without printing it to a string first.

... (truncated)

Commits

Updates semver from 5.5.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates @babel/traverse from 7.6.0 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

🏠 Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

Committers: 6

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

🏠 Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

🏃‍♀️ Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

v7.24.4 (2024-04-03)

👓 Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

🐛 Bug Fix

  • babel-generator
  • babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-plugin-transform-block-scoping
  • babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits

Updates y18n from 4.0.0 to 4.0.3

Changelog

Sourced from y18n's changelog.

4.0.3 (2021-04-07)

Bug Fixes

  • release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

4.0.1 (2020-11-30)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.


Updates yargs-parser from 10.1.0 to 21.1.1

Release notes

Sourced from yargs-parser's releases.

yargs-parser: v21.1.1

21.1.1 (2022-08-04)

Bug Fixes

  • typescript: ignore .cts files during publish (#454) (d69f9c3), closes #452

yargs-parser: v21.1.0

21.1.0 (2022-08-03)

Features

  • allow the browser build to be imported (#443) (a89259f)

Bug Fixes

  • halt-at-non-option: prevent known args from being parsed when "unknown-options-as-args" is enabled (#438) (c474bc1)
  • node version check now uses process.versions.node (#450) (d07bcdb)
  • parse options ending with 3+ hyphens (#434) (4f1060b)

yargs-parser: v21.0.1

21.0.1 (2022-02-27)

Bug Fixes

yargs-parser yargs-parser-v21.0.0

⚠ BREAKING CHANGES

  • drops support for 10 (#421)

Bug Fixes

Code Refactoring

yargs-parser yargs-parser-v20.2.9

... (truncated)

Changelog

Sourced from yargs-parser's changelog.

21.1.1 (2022-08-04)

Bug Fixes

  • typescript: ignore .cts files during publish (#454) (d69f9c3), closes #452

21.1.0 (2022-08-03)

Features

  • allow the browser build to be imported (#443) (a89259f)

Bug Fixes

  • halt-at-non-option: prevent known args from being parsed when "unknown-options-as-args" is enabled (#438) (c474bc1)
  • node version check now uses process.versions.node (#450) (d07bcdb)
  • parse options ending with 3+ hyphens (#434) (4f1060b)

21.0.1 (2022-02-27)

Bug Fixes

21.0.0 (2021-11-15)

⚠ BREAKING CHANGES

  • drops support for 10 (#421)

Bug Fixes

Code Refactoring

20.2.9 (2021-06-20)

Bug Fixes

... (truncated)

Commits
  • 3aba24c chore(main): release yargs-parser 21.1.1 (

…pdates

Bumps the npm_and_yarn group with 27 updates in the /internal/remediation/fixtures/santatracker directory:

| Package | From | To |
| --- | --- | --- |
| [dat.gui](https://github.com/dataarts/dat.gui) | `0.7.3` | `0.7.8` |
| [google-closure-library](https://github.com/google/closure-library) | `v20190909.0.0` | `20200315.0.0` |
| [jsdom](https://github.com/jsdom/jsdom) | `12.2.0` | `16.5.0` |
| [json5](https://github.com/json5/json5) | `2.1.0` | `2.2.2` |
| [terser](https://github.com/terser/terser) | `3.10.11` | `4.8.1` |
| [semver](https://github.com/npm/node-semver) | `5.5.1` | `5.7.2` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.6.0` | `7.24.5` |
| [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` |
| [yargs-parser](https://github.com/yargs/yargs-parser) | `10.1.0` | `21.1.1` |
| [yargs](https://github.com/yargs/yargs) | `12.0.2` | `17.7.2` |
| [acorn](https://github.com/acornjs/acorn) | `5.7.3` | `8.11.3` |
| [acorn](https://github.com/acornjs/acorn) | `7.1.0` | `8.11.3` |
| [acorn](https://github.com/acornjs/acorn) | `6.0.2` | `8.11.3` |
| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.6` | `2.6.7` |
| [firebase](https://github.com/firebase/firebase-js-sdk) | `8.10.0` | `8.10.1` |
| [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` |
| [glob-parent](https://github.com/gulpjs/glob-parent) | `5.0.0` | `5.1.2` |
| [ws](https://github.com/websockets/ws) | `6.2.1` | `6.2.2` |
| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |
| [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` |
| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.17.21` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |
| [mocha](https://github.com/mochajs/mocha) | `5.2.0` | `10.4.0` |
| [mocha-headless-server](https://github.com/samthor/mocha-headless-server) | `0.1.2` | `0.1.4` |
| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |
| [google-p12-pem](https://github.com/googleapis/google-p12-pem) | `3.1.2` | `3.1.4` |
| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |
| [pathval](https://github.com/chaijs/pathval) | `1.1.0` | `1.1.1` |
| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |



Updates `dat.gui` from 0.7.3 to 0.7.8
- [Release notes](https://github.com/dataarts/dat.gui/releases)
- [Commits](dataarts/dat.gui@v0.7.3...v0.7.8)

Updates `google-closure-library` from v20190909.0.0 to 20200315.0.0
- [Release notes](https://github.com/google/closure-library/releases)
- [Commits](google/closure-library@v20190909...v20200315)

Updates `jsdom` from 12.2.0 to 16.5.0
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](jsdom/jsdom@12.2.0...16.5.0)

Updates `json5` from 2.1.0 to 2.2.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.1.0...v2.2.2)

Updates `terser` from 3.10.11 to 4.8.1
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](terser/terser@3.10.11...v4.8.1)

Updates `semver` from 5.5.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.5.1...v5.7.2)

Updates `@babel/traverse` from 7.6.0 to 7.24.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.5/packages/babel-traverse)

Updates `y18n` from 4.0.0 to 4.0.3
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)
- [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3)

Updates `yargs-parser` from 10.1.0 to 21.1.1
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)
- [Commits](yargs/yargs-parser@v10.1.0...yargs-parser-v21.1.1)

Updates `yargs` from 12.0.2 to 17.7.2
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](yargs/yargs@v12.0.2...v17.7.2)

Updates `acorn` from 5.7.3 to 8.11.3
- [Commits](acornjs/acorn@5.7.3...8.11.3)

Updates `acorn` from 7.1.0 to 8.11.3
- [Commits](acornjs/acorn@5.7.3...8.11.3)

Updates `acorn` from 6.0.2 to 8.11.3
- [Commits](acornjs/acorn@5.7.3...8.11.3)

Updates `ajv` from 5.5.2 to 6.12.6
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v5.5.2...v6.12.6)

Updates `browserslist` from 4.3.2 to 4.7.0
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)
- [Commits](browserslist/browserslist@4.3.2...4.7.0)

Updates `node-fetch` from 2.6.6 to 2.6.7
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.6...v2.6.7)

Updates `firebase` from 8.10.0 to 8.10.1
- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)
- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/CHANGELOG.md)
- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@8.10.0...firebase@8.10.1)

Updates `get-func-name` from 2.0.0 to 2.0.2
- [Release notes](https://github.com/chaijs/get-func-name/releases)
- [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2)

Updates `glob-parent` from 5.0.0 to 5.1.2
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](gulpjs/glob-parent@v5.0.0...v5.1.2)

Updates `tough-cookie` from 2.4.3 to 2.5.0
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v2.4.3...v2.5.0)

Updates `ws` from 6.2.1 to 6.2.2
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@6.2.1...6.2.2)

Updates `json-schema` from 0.2.3 to 0.4.0
- [Commits](kriszyp/json-schema@v0.2.3...v0.4.0)

Updates `jsprim` from 1.4.1 to 1.4.2
- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)
- [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2)

Updates `lodash` from 4.17.20 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.20...4.17.21)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `mocha` from 5.2.0 to 10.4.0
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](mochajs/mocha@v5.2.0...v10.4.0)

Updates `mocha-headless-server` from 0.1.2 to 0.1.4
- [Commits](https://github.com/samthor/mocha-headless-server/commits)

Updates `node-forge` from 0.10.0 to 1.3.1
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@0.10.0...v1.3.1)

Updates `google-p12-pem` from 3.1.2 to 3.1.4
- [Release notes](https://github.com/googleapis/google-p12-pem/releases)
- [Changelog](https://github.com/googleapis/google-p12-pem/blob/main/CHANGELOG.md)
- [Commits](googleapis/google-p12-pem@v3.1.2...v3.1.4)

Updates `path-parse` from 1.0.6 to 1.0.7
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

Updates `pathval` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/chaijs/pathval/releases)
- [Changelog](https://github.com/chaijs/pathval/blob/master/CHANGELOG.md)
- [Commits](chaijs/pathval@v1.1.0...v1.1.1)

Updates `qs` from 6.5.2 to 6.5.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.5.3)

Updates `request` from 2.88.0 to 2.88.2
- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)
- [Commits](https://github.com/request/request/commits)

---
updated-dependencies:
- dependency-name: dat.gui
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: google-closure-library
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jsdom
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: terser
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: y18n
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yargs-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yargs
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: acorn
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: acorn
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: acorn
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: browserslist
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: firebase
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: get-func-name
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: glob-parent
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json-schema
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jsprim
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mocha
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: mocha-headless-server
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: google-p12-pem
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-parse
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pathval
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: request
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 9, 2024
@G-Rath G-Rath closed this May 10, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github May 10, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-6ae23530b6 branch May 10, 2024 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant