Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group group with 12 updates #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group group with 12 updates #8

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 25, 2024
edited

Bumps the npm_and_yarn group group with 12 updates:

Package From To
katex 0.15.3 0.16.10
next 12.1.0 13.5.0
follow-redirects 1.14.9 1.15.6
http-cache-semantics 4.1.0 4.1.1
ip 1.1.5 1.1.9
json5 1.0.1 1.0.2
qs 6.5.2 6.5.3
semver 5.7.1 5.7.2
tar 4.4.13 4.4.19
webpack-dev-middleware 5.3.1 5.3.4
webpack 5.70.0 5.91.0
word-wrap 1.2.3 1.2.5

Updates katex from 0.15.3 to 0.16.10

Release notes

Sourced from katex's releases.

v0.16.10

0.16.10 (2024-03-24)

Bug Fixes

v0.16.9

0.16.9 (2023-10-02)

Features

v0.16.8

0.16.8 (2023-06-24)

Features

  • expose error length and raw error message on ParseError (#3820) (710774a)

v0.16.7

0.16.7 (2023-04-28)

Bug Fixes

  • docs/support_table.md: delete redundant "varPsi" (#3814) (33a1b98)

v0.16.6

0.16.6 (2023-04-17)

Bug Fixes

v0.16.5

0.16.5 (2023-04-17)

Features

  • __defineFunction API exposing internal defineFunction (#3805) (c7b1f84), closes #3756

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.10 (2024-03-24)

Bug Fixes

0.16.9 (2023-10-02)

Features

0.16.8 (2023-06-24)

Features

  • expose error length and raw error message on ParseError (#3820) (710774a)

0.16.7 (2023-04-28)

Bug Fixes

  • docs/support_table.md: delete redundant "varPsi" (#3814) (33a1b98)

0.16.6 (2023-04-17)

Bug Fixes

0.16.5 (2023-04-17)

Features

  • __defineFunction API exposing internal defineFunction (#3805) (c7b1f84), closes #3756

0.16.4 (2022-12-07)

Bug Fixes

... (truncated)

Commits
  • ab32359 chore(release): 0.16.10 [ci skip]
  • fc5af64 fix: force protocol to be lowercase for better protocol filtering
  • 085e21b fix: maxExpand limit with Unicode sub/superscripts
  • e88b4c3 fix: \edef bypassing maxExpand via exponential blowup
  • c5897fc fix: escape \includegraphics src and alt
  • 5677f37 chore: fix some typos (#3936)
  • d9640f1 chore(deps): update dependency json-stable-stringify to v1.1.1 [skip netlify]...
  • 9a1f2f2 chore(deps): update dependency css-loader to v6.10.0 [skip netlify] (#3887)
  • 1851860 chore(deps): update dependency cssnano to v5.1.15 [skip netlify] (#3883)
  • e69d8b1 chore(deps): update dependency browserslist to v4.23.0 [skip netlify] (#3886)
  • Additional commits viewable in compare view

Updates next from 12.1.0 to 13.5.0

Commits

Updates follow-redirects from 1.14.9 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view

Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

Updates ip from 1.1.5 to 1.1.9

Commits

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)
  • 0338716 [actions] backport actions from main
  • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
  • 51b8a0b add FUNDING.yml
  • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • f814a7f [Dev Deps] backport from main
  • Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates tar from 4.4.13 to 4.4.19

Commits
  • 9a6faa0 4.4.19
  • 70ef812 drop dirCache for symlink on all platforms
  • 3e35515 4.4.18
  • 52b09e3 fix: prevent path escape using drive-relative paths
  • bb93ba2 fix: reserve paths properly for unicode, windows
  • 2f1bca0 fix: prune dirCache properly for unicode, windows
  • 9bf70a8 4.4.17
  • 6aafff0 fix: skip extract if linkpath is stripped entirely
  • 5c5059a fix: reserve paths case-insensitively
  • fd6accb 4.4.16
  • Additional commits viewable in compare view

Updates webpack-dev-middleware from 5.3.1 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

  • node types (#1195) (d68ab36)
  • compatibility with Node.js 18
Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)

5.3.3 (2022-05-18)

Bug Fixes

5.3.2 (2022-05-17)

Bug Fixes

Commits

Updates webpack from 5.70.0 to 5.91.0

Release notes

Sourced from webpack's releases.

v5.91.0

Bug Fixes

  • Deserializer for ignored modules doesn't crash
  • Allow the unsafeCache option to be a proxy object
  • Normalize the snapshot.unmanagedPaths option
  • Fixed fs types
  • Fixed resolve's plugins types
  • Fixed wrongly calculate postOrderIndex
  • Fixed watching types
  • Output import attrbiutes/import assertions for external JS imports
  • Throw an error when DllPlugin needs to generate multiple manifest files, but the path is the same
  • [CSS] Output layer/supports/media for external CSS imports

New Features

  • Allow to customize the stage of BannerPlugin
  • [CSS] Support CSS exports convention
  • [CSS] support CSS local ident name
  • [CSS] Support __webpack_nonce__ for CSS chunks
  • [CSS] Support fetchPriority for CSS chunks
  • [CSS] Allow to use LZW to compress css head meta (enabled in the production mode by default)
  • [CSS] Support prefetch/preload for CSS chunks

v5.90.3

Bug Fixes

  • don't mangle when destructuring a reexport
  • types for Stats.toJson() and Stats.toString()
  • many internal types
  • [CSS] clean up export css local vars

Perf

  • simplify and optimize chunk graph creation

v5.90.2

Bug Fixes

  • use Math.imul in fnv1a32 to avoid loss of precision, directly hash UTF16 values
  • the setStatus() of the HMR module should not return an array, which may cause infinite recursion
  • __webpack_exports_info__.xxx.canMangle shouldn't always same as default
  • mangle export with destructuring
  • use new runtime to reconsider skipped connections activeState
  • make dynamic import optional in try/catch
  • improve auto publicPath detection

Dependencies & Maintenance

  • improve CI setup and include Node.js@21

... (truncated)

Commits
  • 60daca5 chore(release): 5.91.0
  • 8dad9ce chore(deps-dev): bump @​babel/preset-react from 7.23.3 to 7.24.1
  • a3229f9 chore(deps-dev): bump @​babel/core from 7.24.0 to 7.24.1
  • 40c2e44 chore(deps-dev): bump @​types/node from 20.11.29 to 20.11.30
  • a04faba chore(deps-dev): bump memfs from 4.7.7 to 4.8.0
  • 8f22221 chore(deps): bump es-module-lexer from 1.4.1 to 1.4.2
  • 8df6912 chore(deps): bump es-module-lexer from 1.4.1 to 1.4.2
  • 711c618 chore(deps-dev): bump memfs from 4.7.7 to 4.8.0
  • c462bb3 chore(deps-dev): bump @​types/node from 20.11.29 to 20.11.30
  • f0d3e3e chore(deps-dev): bump @​babel/preset-react from 7.23.3 to 7.24.1
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.


Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

New Contributors

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 25, 2024
@dependabot
Bump the npm_and_yarn group group with 12 updates
f2a07fc 
Bumps the npm_and_yarn group group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [katex](https://github.com/KaTeX/KaTeX) | `0.15.3` | `0.16.10` |
| [next](https://github.com/vercel/next.js) | `12.1.0` | `13.5.0` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.9` | `1.15.6` |
| [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` |
| [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` |
| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |
| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |
| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |
| [tar](https://github.com/isaacs/node-tar) | `4.4.13` | `4.4.19` |
| [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.1` | `5.3.4` |
| [webpack](https://github.com/webpack/webpack) | `5.70.0` | `5.91.0` |
| [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` |


Updates `katex` from 0.15.3 to 0.16.10
- [Release notes](https://github.com/KaTeX/KaTeX/releases)
- [Changelog](https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md)
- [Commits](KaTeX/KaTeX@v0.15.3...v0.16.10)

Updates `next` from 12.1.0 to 13.5.0
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.1.0...v13.5.0)

Updates `follow-redirects` from 1.14.9 to 1.15.6
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.6)

Updates `http-cache-semantics` from 4.1.0 to 4.1.1
- [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1)

Updates `ip` from 1.1.5 to 1.1.9
- [Commits](indutny/node-ip@v1.1.5...v1.1.9)

Updates `json5` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

Updates `qs` from 6.5.2 to 6.5.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.5.3)

Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `tar` from 4.4.13 to 4.4.19
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.13...v4.4.19)

Updates `webpack-dev-middleware` from 5.3.1 to 5.3.4
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.1...v5.3.4)

Updates `webpack` from 5.70.0 to 5.91.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.70.0...v5.91.0)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

---
updated-dependencies:
- dependency-name: katex
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: http-cache-semantics
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: ip
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: tar
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: word-wrap
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-11d0ad32be branch from 3c9908a to f2a07fc Compare March 28, 2024 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
0 participants