Dependabot/npm and yarn/extensions/ql vscode/npm and yarn 6618d09ac6 #3947
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [glob](https://github.com/isaacs/node-glob) and [glob-promise](https://github.com/ahmadnassri/node-glob-promise). These dependencies needed to be updated together. Updates `glob` from 7.2.0 to 8.0.3 - [Release notes](https://github.com/isaacs/node-glob/releases) - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v7.2.0...v8.0.3) Updates `glob-promise` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/ahmadnassri/node-glob-promise/releases) - [Commits](ahmadnassri/node-glob-promise@v4.2.2...v5.0.0) --- updated-dependencies: - dependency-name: glob dependency-type: direct:development update-type: version-update:semver-major - dependency-name: glob-promise dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [vscode-languageclient](https://github.com/Microsoft/vscode-languageserver-node/tree/HEAD/client) from 6.1.3 to 8.0.2. - [Release notes](https://github.com/Microsoft/vscode-languageserver-node/releases) - [Commits](https://github.com/Microsoft/vscode-languageserver-node/commits/release/client/8.0.2/client) --- updated-dependencies: - dependency-name: vscode-languageclient dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@primer/octicons-react](https://github.com/primer/octicons) from 16.3.0 to 17.4.0. - [Release notes](https://github.com/primer/octicons/releases) - [Changelog](https://github.com/primer/octicons/blob/main/CHANGELOG.md) - [Commits](primer/octicons@v16.3.0...v17.4.0) --- updated-dependencies: - dependency-name: "@primer/octicons-react" dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ns/ql-vscode/glob-and-glob-promise-8.0.3 Bump glob and glob-promise in /extensions/ql-vscode
Bumps [eslint](https://github.com/eslint/eslint) from 6.8.0 to 8.21.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v6.8.0...v8.21.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ns/ql-vscode/eslint-8.21.0 Bump eslint from 6.8.0 to 8.21.0 in /extensions/ql-vscode
…ns/ql-vscode/vscode-languageclient-8.0.2 Bump vscode-languageclient from 6.1.3 to 8.0.2 in /extensions/ql-vscode
Bumps [vscode-jsonrpc](https://github.com/Microsoft/vscode-languageserver-node/tree/HEAD/jsonrpc) from 5.0.1 to 8.0.2. - [Release notes](https://github.com/Microsoft/vscode-languageserver-node/releases) - [Commits](https://github.com/Microsoft/vscode-languageserver-node/commits/release/client/8.0.2/jsonrpc) --- updated-dependencies: - dependency-name: vscode-jsonrpc dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ns/ql-vscode/vscode-jsonrpc-8.0.2 Bump vscode-jsonrpc from 5.0.1 to 8.0.2 in /extensions/ql-vscode
…ns/ql-vscode/primer/octicons-react-17.4.0 Bump @primer/octicons-react from 16.3.0 to 17.4.0 in /extensions/ql-vscode
Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 3.1.0 to 6.7.1. - [Release notes](https://github.com/webpack-contrib/css-loader/releases) - [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md) - [Commits](webpack-contrib/css-loader@v3.1.0...v6.7.1) --- updated-dependencies: - dependency-name: css-loader dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.7 to 3.2.10. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.7...v3.2.10) --- updated-dependencies: - dependency-name: node-fetch dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [sinon](https://github.com/sinonjs/sinon) from 13.0.1 to 14.0.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](sinonjs/sinon@v13.0.1...v14.0.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [d3](https://github.com/d3/d3) and [@types/d3](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/d3). These dependencies needed to be updated together. Updates `d3` from 6.7.0 to 7.6.1 - [Release notes](https://github.com/d3/d3/releases) - [Changelog](https://github.com/d3/d3/blob/main/CHANGES.md) - [Commits](d3/d3@v6.7.0...v7.6.1) Updates `@types/d3` from 6.7.5 to 7.4.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/d3) --- updated-dependencies: - dependency-name: d3 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: "@types/d3" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
*Total -- 96.23kb -> 57.25kb (40.51%) /extensions/ql-vscode/media/dark/check.svg -- 2.16kb -> 0.75kb (65.43%) /extensions/ql-vscode/media/light/check.svg -- 2.16kb -> 0.75kb (65.37%) /extensions/ql-vscode/media/light/plus.svg -- 2.09kb -> 0.75kb (64.19%) /extensions/ql-vscode/media/dark/plus.svg -- 2.09kb -> 0.75kb (64.19%) /extensions/ql-vscode/media/red-x.svg -- 2.13kb -> 0.79kb (62.96%) /extensions/ql-vscode/media/canary-logo.png -- 27.35kb -> 11.24kb (58.9%) /extensions/ql-vscode/media/VS-marketplace-CodeQL-icon.png -- 30.67kb -> 15.63kb (49.03%) /extensions/ql-vscode/media/light/sort-alpha.svg -- 0.87kb -> 0.66kb (23.94%) /extensions/ql-vscode/media/dark/sort-alpha.svg -- 0.93kb -> 0.73kb (21.09%) /extensions/ql-vscode/media/light/sort-num.svg -- 1.57kb -> 1.40kb (11.19%) /extensions/ql-vscode/media/dark/sort-num.svg -- 1.64kb -> 1.47kb (10.55%) /extensions/ql-vscode/media/dark/github.svg -- 1.35kb -> 1.29kb (4.2%) /extensions/ql-vscode/media/light/github.svg -- 1.54kb -> 1.48kb (4.17%) /extensions/ql-vscode/media/light/folder-opened-plus.svg -- 0.80kb -> 0.79kb (1.46%) /extensions/ql-vscode/media/dark/clear-all.svg -- 0.47kb -> 0.47kb (1.24%) /extensions/ql-vscode/media/globe.svg -- 1.36kb -> 1.34kb (1.15%) /extensions/ql-vscode/media/light/clear-all.svg -- 0.64kb -> 0.64kb (0.91%) /extensions/ql-vscode/media/dark/archive-plus.svg -- 0.46kb -> 0.46kb (0.85%) /extensions/ql-vscode/media/light/archive-plus.svg -- 0.46kb -> 0.46kb (0.85%) /extensions/ql-vscode/media/dark/folder-opened-plus.svg -- 0.57kb -> 0.57kb (0.68%) /extensions/ql-vscode/media/dark/sort-date.svg -- 0.44kb -> 0.44kb (0.67%) /extensions/ql-vscode/media/light/sort-date.svg -- 0.44kb -> 0.44kb (0.67%) /extensions/ql-vscode/media/dark/preview.svg -- 0.31kb -> 0.30kb (0.64%) /extensions/ql-vscode/media/drive.svg -- 1.10kb -> 1.09kb (0.62%) /extensions/ql-vscode/media/dark/edit.svg -- 0.36kb -> 0.36kb (0.54%) /extensions/ql-vscode/media/light/edit.svg -- 0.39kb -> 0.39kb (0.5%) /extensions/ql-vscode/media/dark/trash.svg -- 0.42kb -> 0.42kb (0.46%) /extensions/ql-vscode/media/light/preview.svg -- 0.46kb -> 0.46kb (0.43%) /extensions/ql-vscode/media/dark/lgtm-plus.svg -- 2.78kb -> 2.77kb (0.39%) /extensions/ql-vscode/media/light/lgtm-plus.svg -- 2.78kb -> 2.77kb (0.39%) /extensions/ql-vscode/media/light/trash.svg -- 0.58kb -> 0.58kb (0.33%) /extensions/ql-vscode/media/logo.svg -- 1.56kb -> 1.55kb (0.25%) /extensions/ql-vscode/media/dark/cloud-download.svg -- 1.63kb -> 1.63kb (0.12%) /extensions/ql-vscode/media/light/cloud-download.svg -- 1.63kb -> 1.63kb (0.12%) Signed-off-by: ImgBotApp <ImgBotHelp@gmail.com>
[ImgBot] Optimize images
…ns/ql-vscode/css-loader-6.7.1 Bump css-loader from 3.1.0 to 6.7.1 in /extensions/ql-vscode
…ns/ql-vscode/node-fetch-3.2.10 Bump node-fetch from 2.6.7 to 3.2.10 in /extensions/ql-vscode
…ns/ql-vscode/sinon-14.0.0 Bump sinon from 13.0.1 to 14.0.0 in /extensions/ql-vscode
…ns/ql-vscode/d3-and-types/d3-7.6.1 Bump d3 and @types/d3 in /extensions/ql-vscode
Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.3 to 4.0.0. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.3...4.0.0) --- updated-dependencies: - dependency-name: nanoid dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ons/ql-vscode/nanoid-4.0.0 Bump nanoid from 3.3.3 to 4.0.0 in /extensions/ql-vscode
Bumps [husky](https://github.com/typicode/husky) from 4.3.8 to 9.1.7. - [Release notes](https://github.com/typicode/husky/releases) - [Commits](typicode/husky@v4.3.8...v9.1.7) --- updated-dependencies: - dependency-name: husky dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [d3-graphviz](https://github.com/magjac/d3-graphviz) from 2.6.1 to 5.6.0. - [Release notes](https://github.com/magjac/d3-graphviz/releases) - [Changelog](https://github.com/magjac/d3-graphviz/blob/master/CHANGELOG.md) - [Commits](magjac/d3-graphviz@v2.6.1...v5.6.0) --- updated-dependencies: - dependency-name: d3-graphviz dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [del](https://github.com/sindresorhus/del) from 6.0.0 to 8.0.0. - [Release notes](https://github.com/sindresorhus/del/releases) - [Commits](sindresorhus/del@v6.0.0...v8.0.0) --- updated-dependencies: - dependency-name: del dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the npm_and_yarn group in /extensions/ql-vscode with 9 updates: | Package | From | To | | --- | --- | --- | | [webpack](https://github.com/webpack/webpack) | `5.73.0` | `5.97.1` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.16.10` | `7.26.4` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [gulp](https://github.com/gulpjs/gulp) | `4.0.2` | `5.0.0` | | [d3-color](https://github.com/d3/d3-color) | `1.4.1` | `3.1.0` | | [d3-graphviz](https://github.com/magjac/d3-graphviz) | `2.6.1` | `5.6.0` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` | | [loader-utils](https://github.com/webpack/loader-utils) | `2.0.0` | `2.0.4` | Updates `webpack` from 5.73.0 to 5.97.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.73.0...v5.97.1) Updates `@babel/traverse` from 7.16.10 to 7.26.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.4/packages/babel-traverse) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `gulp` from 4.0.2 to 5.0.0 - [Release notes](https://github.com/gulpjs/gulp/releases) - [Changelog](https://github.com/gulpjs/gulp/blob/master/CHANGELOG.md) - [Commits](gulpjs/gulp@v4.0.2...v5.0.0) Updates `d3-color` from 1.4.1 to 3.1.0 - [Release notes](https://github.com/d3/d3-color/releases) - [Commits](d3/d3-color@v1.4.1...v3.1.0) Updates `d3-graphviz` from 2.6.1 to 5.6.0 - [Release notes](https://github.com/magjac/d3-graphviz/releases) - [Changelog](https://github.com/magjac/d3-graphviz/blob/master/CHANGELOG.md) - [Commits](magjac/d3-graphviz@v2.6.1...v5.6.0) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `json5` from 2.2.0 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `loader-utils` from 2.0.0 to 2.0.4 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](webpack/loader-utils@v2.0.0...v2.0.4) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: gulp dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: d3-color dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: d3-graphviz dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 10.2.11 to 15.4.3. - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/master/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v10.2.11...v15.4.3) --- updated-dependencies: - dependency-name: lint-staged dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ons/ql-vscode/husky-9.1.7 Bump husky from 4.3.8 to 9.1.7 in /extensions/ql-vscode
…ons/ql-vscode/d3-graphviz-5.6.0 Bump d3-graphviz from 2.6.1 to 5.6.0 in /extensions/ql-vscode
…ons/ql-vscode/del-8.0.0 Bump del from 6.0.0 to 8.0.0 in /extensions/ql-vscode
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.26.0 to 8.25.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.25.0/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…o dependabot/npm_and_yarn/extensions/ql-vscode/npm_and_yarn-9958b2fdc1
…ons/ql-vscode/npm_and_yarn-9958b2fdc1 Bump the npm_and_yarn group in /extensions/ql-vscode with 9 updates
Bumps the npm_and_yarn group in /extensions/ql-vscode with 9 updates: | Package | From | To | | --- | --- | --- | | [semver](https://github.com/npm/node-semver) | `7.3.5` | `7.7.1` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `7.7.1` | | [semver](https://github.com/npm/node-semver) | `6.3.0` | `7.7.1` | | [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) | `2.13.5` | `11.4.3` | | [@octokit/rest](https://github.com/octokit/rest.js) | `18.6.0` | `21.1.1` | | [@octokit/request](https://github.com/octokit/request.js) | `5.6.0` | `9.2.2` | | [@octokit/request-error](https://github.com/octokit/request-error.js) | `2.1.0` | `6.1.7` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` | | [mocha](https://github.com/mochajs/mocha) | `10.0.0` | `10.8.2` | Updates `semver` from 7.3.5 to 7.7.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.3.5...v7.7.1) Updates `semver` from 5.7.1 to 7.7.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.3.5...v7.7.1) Updates `semver` from 6.3.0 to 7.7.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.3.5...v7.7.1) Updates `@octokit/plugin-paginate-rest` from 2.13.5 to 11.4.3 - [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases) - [Commits](octokit/plugin-paginate-rest.js@v2.13.5...v11.4.3) Updates `@octokit/rest` from 18.6.0 to 21.1.1 - [Release notes](https://github.com/octokit/rest.js/releases) - [Commits](octokit/rest.js@v18.6.0...v21.1.1) Updates `@octokit/request` from 5.6.0 to 9.2.2 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v5.6.0...v9.2.2) Updates `@octokit/request-error` from 2.1.0 to 6.1.7 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v2.1.0...v6.1.7) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `mocha` from 10.0.0 to 10.8.2 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md) - [Commits](mochajs/mocha@v10.0.0...v10.8.2) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@octokit/plugin-paginate-rest" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/rest" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@octokit/request" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/request-error" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mocha dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…/lint-staged-15.4.3
…o dependabot/npm_and_yarn/extensions/ql-vscode/lint-staged-15.4.3
…ons/ql-vscode/lint-staged-15.4.3 Bump lint-staged from 10.2.11 to 15.4.3 in /extensions/ql-vscode
…ons/ql-vscode/typescript-eslint/eslint-plugin-8.25.0 Bump @typescript-eslint/eslint-plugin from 4.26.0 to 8.25.0 in /extensions/ql-vscode
…o dependabot/npm_and_yarn/extensions/ql-vscode/npm_and_yarn-6618d09ac6
xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replace this with a description of the changes your pull request makes.
Remember to update the changelog if there have been user-facing changes!