Skip to content

Bump the npm_and_yarn group across 1 directory with 7 updates #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 7 updates #158

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 6, 2025

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
webpack-dev-server 5.1.0 5.2.1
@eslint/plugin-kit 0.1.0 0.3.1
eslint 9.10.0 9.28.0
http-proxy-middleware 2.0.7 2.0.9
nanoid 3.3.7 3.3.11

Updates webpack-dev-server from 5.1.0 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)
Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)
Commits
  • 0d22a08 chore(release): 5.2.1
  • 6045b1e chore(deps): update (#5444)
  • ffd0b86 fix: take the first network found instead of the last one, this restores the ...
  • 9ea7b08 ci: update dependency-review-action (#5442)
  • 5c9378b Merge commit from fork
  • d2575ad Merge commit from fork
  • 8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
  • 5a39c70 ci: update codecov/codecov-action to v5 (#5406)
  • 55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
  • 09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
  • Additional commits viewable in compare view

Updates @eslint/plugin-kit from 0.1.0 to 0.3.1

Release notes

Sourced from @​eslint/plugin-kit's releases.

plugin-kit: v0.3.1

0.3.1 (2025-05-01)

Bug Fixes

core: v0.3.0

0.3.0 (2024-07-22)

⚠ BREAKING CHANGES

  • Add getLoc/getRange to SourceCode interface (#89)

Features

  • Add getLoc/getRange to SourceCode interface (#89) (d51f979)

plugin-kit: v0.3.0

0.3.0 (2025-04-30)

Features

  • make TextSourceCodeBase a generic type (#182) (484b6ca)

plugin-kit: v0.2.8

0.2.8 (2025-04-01)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.12.0 to ^0.13.0

plugin-kit: v0.2.7

0.2.7 (2025-02-21)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.11.0 to ^0.12.0

plugin-kit: v0.2.6

0.2.6 (2025-01-31)

... (truncated)

Commits

Updates eslint from 9.10.0 to 9.28.0

Release notes

Sourced from eslint's releases.

v9.28.0

Features

  • b0674be feat: Customization of serialization for languageOptions (#19760) (Nicholas C. Zakas)
  • a95721f feat: Add --pass-on-unpruned-suppressions CLI option (#19773) (Milos Djermanovic)
  • bfd0e7a feat: support TypeScript syntax in no-use-before-define (#19566) (Tanuj Kanti)
  • 68c61c0 feat: support TS syntax in no-shadow (#19565) (Nitin Kumar)
  • 0f773ef feat: support TS syntax in no-magic-numbers (#19561) (Nitin Kumar)
  • c4a6b60 feat: add allowTypeAnnotation to func-style (#19754) (sethamus)
  • b03ad17 feat: add TypeScript support to prefer-arrow-callback (#19678) (Tanuj Kanti)
  • bc3c331 feat: ignore overloaded function declarations in func-style rule (#19755) (sethamus)

Bug Fixes

  • eea3e7e fix: Remove configured global variables from GlobalScope#implicit (#19779) (Milos Djermanovic)
  • a467de3 fix: update context.report types (#19751) (Nitin Kumar)
  • fd467bb fix: remove interopDefault to use jiti's default (#19697) (sethamus)
  • 72d16e3 fix: avoid false positive in no-unassigned-vars for declare module (#19746) (Azat S.)
  • 81c3c93 fix: curly types (#19750) (Eli)

Documentation

  • 3ec2082 docs: Nested arrays in files config entry (#19799) (Nicholas C. Zakas)
  • 89a65b0 docs: clarify how config arrays can apply to subsets of files (#19788) (Shais Ch)
  • 2ba8a0d docs: Add description of meta.namespace to plugin docs (#19798) (Nicholas C. Zakas)
  • 59dd7e6 docs: update func-style with examples (#19793) (Tanuj Kanti)
  • e9129e0 docs: add global scope's implicit field to Scope Manager docs (#19770) (Milos Djermanovic)
  • 52f5b7a docs: fix minor typos and add links (#19743) (루밀LuMir)
  • 00716a3 docs: upfront recommend against using the no-return-await rule (#19727) (Mike DiDomizio)

Chores

  • 175b7b8 chore: upgrade to @eslint/js@9.28.0 (#19802) (Francesco Trotta)
  • 844f5a6 chore: package.json update for @​eslint/js release (Jenkins)
  • 62b1c1b chore: update globals to v16 (#19791) (Nitin Kumar)
  • e8a1cb8 chore: ignore jiti-v2.0 & jiti-v2.1 for renovate (#19786) (Nitin Kumar)
  • 43d3975 chore: Add Copilot Instructions file (#19753) (Nicholas C. Zakas)
  • 2dfb5eb test: update SourceCodeTraverser tests (#19763) (Milos Djermanovic)
  • 5bc21f9 chore: add *.code-workspace to .gitignore (#19771) (루밀LuMir)
  • f4fa40e refactor: NodeEventGenerator -> SourceCodeTraverser (#19679) (Nicholas C. Zakas)
  • 0f49329 refactor: use a service to emit warnings (#19725) (Francesco Trotta)
  • 20a9e59 chore: update dependency shelljs to ^0.10.0 (#19740) (renovate[bot])

v9.27.0

Features

  • d71e37f feat: Allow flags to be set in ESLINT_FLAGS env variable (#19717) (Nicholas C. Zakas)
  • ba456e0 feat: Externalize MCP server (#19699) (Nicholas C. Zakas)
  • 07c1a7e feat: add allowRegexCharacters to no-useless-escape (#19705) (sethamus)
  • 7bc6c71 feat: add no-unassigned-vars rule (#19618) (Jacob Bandes-Storch)
  • ee40364 feat: convert no-array-constructor suggestions to autofixes (#19621) (sethamus)
  • 32957cd feat: support TS syntax in max-params (#19557) (Nitin Kumar)

Bug Fixes

  • 5687ce7 fix: correct mismatched removed rules (#19734) (루밀LuMir)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.28.0 - May 30, 2025

  • 175b7b8 chore: upgrade to @eslint/js@9.28.0 (#19802) (Francesco Trotta)
  • 844f5a6 chore: package.json update for @​eslint/js release (Jenkins)
  • b0674be feat: Customization of serialization for languageOptions (#19760) (Nicholas C. Zakas)
  • 3ec2082 docs: Nested arrays in files config entry (#19799) (Nicholas C. Zakas)
  • 89a65b0 docs: clarify how config arrays can apply to subsets of files (#19788) (Shais Ch)
  • 2ba8a0d docs: Add description of meta.namespace to plugin docs (#19798) (Nicholas C. Zakas)
  • eea3e7e fix: Remove configured global variables from GlobalScope#implicit (#19779) (Milos Djermanovic)
  • a95721f feat: Add --pass-on-unpruned-suppressions CLI option (#19773) (Milos Djermanovic)
  • a467de3 fix: update context.report types (#19751) (Nitin Kumar)
  • 59dd7e6 docs: update func-style with examples (#19793) (Tanuj Kanti)
  • 62b1c1b chore: update globals to v16 (#19791) (Nitin Kumar)
  • bfd0e7a feat: support TypeScript syntax in no-use-before-define (#19566) (Tanuj Kanti)
  • 68c61c0 feat: support TS syntax in no-shadow (#19565) (Nitin Kumar)
  • e8a1cb8 chore: ignore jiti-v2.0 & jiti-v2.1 for renovate (#19786) (Nitin Kumar)
  • 0f773ef feat: support TS syntax in no-magic-numbers (#19561) (Nitin Kumar)
  • 43d3975 chore: Add Copilot Instructions file (#19753) (Nicholas C. Zakas)
  • c4a6b60 feat: add allowTypeAnnotation to func-style (#19754) (sethamus)
  • fd467bb fix: remove interopDefault to use jiti's default (#19697) (sethamus)
  • 2dfb5eb test: update SourceCodeTraverser tests (#19763) (Milos Djermanovic)
  • b03ad17 feat: add TypeScript support to prefer-arrow-callback (#19678) (Tanuj Kanti)
  • e9129e0 docs: add global scope's implicit field to Scope Manager docs (#19770) (Milos Djermanovic)
  • bc3c331 feat: ignore overloaded function declarations in func-style rule (#19755) (sethamus)
  • 5bc21f9 chore: add *.code-workspace to .gitignore (#19771) (루밀LuMir)
  • 72d16e3 fix: avoid false positive in no-unassigned-vars for declare module (#19746) (Azat S.)
  • f4fa40e refactor: NodeEventGenerator -> SourceCodeTraverser (#19679) (Nicholas C. Zakas)
  • 81c3c93 fix: curly types (#19750) (Eli)
  • 52f5b7a docs: fix minor typos and add links (#19743) (루밀LuMir)
  • 0f49329 refactor: use a service to emit warnings (#19725) (Francesco Trotta)
  • 20a9e59 chore: update dependency shelljs to ^0.10.0 (#19740) (renovate[bot])
  • 00716a3 docs: upfront recommend against using the no-return-await rule (#19727) (Mike DiDomizio)

v9.27.0 - May 16, 2025

  • f8f1560 chore: upgrade @​eslint/js@​9.27.0 (#19739) (Milos Djermanovic)
  • ecaef73 chore: package.json update for @​eslint/js release (Jenkins)
  • 25de550 docs: Update description of frozen rules to mention TypeScript (#19736) (Nicholas C. Zakas)
  • bd5def6 docs: Clean up configuration files docs (#19735) (Nicholas C. Zakas)
  • d71e37f feat: Allow flags to be set in ESLINT_FLAGS env variable (#19717) (Nicholas C. Zakas)
  • 5687ce7 fix: correct mismatched removed rules (#19734) (루밀LuMir)
  • 596fdc6 chore: update dependency @​arethetypeswrong/cli to ^0.18.0 (#19732) (renovate[bot])
  • ba456e0 feat: Externalize MCP server (#19699) (Nicholas C. Zakas)
  • dc5ed33 fix: correct types and tighten type definitions in SourceCode class (#19731) (루밀LuMir)
  • 4d0c60d docs: Add Neovim to editor integrations (#19729) (Maria José Solano)
  • f791da0 chore: remove unbalanced curly brace from .editorconfig (#19730) (Maria José Solano)
  • e86edee refactor: Consolidate Config helpers (#19675) (Nicholas C. Zakas)
  • 07c1a7e feat: add allowRegexCharacters to no-useless-escape (#19705) (sethamus)
  • cf36352 chore: remove shared types (#19718) (Francesco Trotta)
  • f60f276 refactor: Easier RuleContext creation (#19709) (Nicholas C. Zakas)

... (truncated)

Commits
  • f341f21 9.28.0
  • 779dda9 Build: changelog update for 9.28.0
  • 175b7b8 chore: upgrade to @eslint/js@9.28.0 (#19802)
  • 844f5a6 chore: package.json update for @​eslint/js release
  • b0674be feat: Customization of serialization for languageOptions (#19760)
  • 3ec2082 docs: Nested arrays in files config entry (#19799)
  • 89a65b0 docs: clarify how config arrays can apply to subsets of files (#19788)
  • 2ba8a0d docs: Add description of meta.namespace to plugin docs (#19798)
  • eea3e7e fix: Remove configured global variables from GlobalScope#implicit (#19779)
  • a95721f feat: Add --pass-on-unpruned-suppressions CLI option (#19773)
  • Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

  • update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

  • fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

Commits
  • 77cd97f chore(release): 7.0.6
  • 6717de4 chore: upgrade standard-version
  • f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
  • 9a7e3b2 chore: fix build status badge
  • 0852683 chore(release): 7.0.5
  • 640d391 fix: fix escaping bug introduced by backtracking
  • bff0c87 chore: remove codecov
  • a7c6abc chore: replace travis with github workflows
  • 9b9246e chore(release): 7.0.4
  • 5ff3a07 fix: disable regexp backtracking (#160)
  • Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.7 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

  • fix(fixRequestBody): check readableLength

v2.0.8

  • fix(fixRequestBody): prevent multiple .write() calls
  • fix(fixRequestBody): handle invalid request
Commits

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.
Changelog

Sourced from nanoid's changelog.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).
Commits

Updates path-to-regexp from 0.1.10 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

  • Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

  • Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 7 updates
0262d5f 
Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.1.0` | `5.2.1` |
| [@eslint/plugin-kit](https://github.com/eslint/rewrite) | `0.1.0` | `0.3.1` |
| [eslint](https://github.com/eslint/eslint) | `9.10.0` | `9.28.0` |
| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.7` | `2.0.9` |
| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` |



Updates `webpack-dev-server` from 5.1.0 to 5.2.1
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.1.0...v5.2.1)

Updates `@eslint/plugin-kit` from 0.1.0 to 0.3.1
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/release-please-config.json)
- [Commits](eslint/rewrite@mcp-v0.1.0...plugin-kit-v0.3.1)

Updates `eslint` from 9.10.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v9.10.0...v9.28.0)

Updates `cross-spawn` from 7.0.3 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6)

Updates `http-proxy-middleware` from 2.0.7 to 2.0.9
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.7...v2.0.9)

Updates `nanoid` from 3.3.7 to 3.3.11
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.7...3.3.11)

Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.10...v0.1.12)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@eslint/plugin-kit"
  dependency-version: 0.3.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eslint
  dependency-version: 9.28.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-version: 7.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-version: 3.3.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants