webpack-react-boilerplate

webpack-react-boilerplate copied to clipboard

Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. Changelog Sourced from async's changelog. v2.6.4 Fix potential prototype pollution exploit (#1828) Commits c6bdaca Version 2.6.4 8870da9 Update built files 4df6754 update changelog 8f7f903...

dependabot[bot]

Bumps [cross-fetch](https://github.com/lquixada/cross-fetch) from 3.1.4 to 3.1.5. Release notes Sourced from cross-fetch's releases. v3.1.5 What's Changed chore: updated node-fetch version to 2.6.7 by @​dlafreniere in lquixada/cross-fetch#124 New Contributors @​dlafreniere made their...

dependabot[bot]

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...

dependabot[bot]

Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.1 to 1.5.10. Commits 8cd4c6c 1.5.10 ce7a01f [fix] Improve handling of empty port 0071490 [doc] Update JSDoc comment a7044e3 [minor] Use more descriptive variable name d547792 [security]...

dependabot[bot]

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.1 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...

dependabot[bot]

Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.23 to 3.2.0. Changelog Sourced from nanoid's changelog. Change Log This project adheres to Semantic Versioning. 3.2 Added --size and --alphabet arguments to binary (by Vitaly Baev)....

dependabot[bot]

Bumps [postcss](https://github.com/postcss/postcss) from 7.0.35 to 7.0.39. Release notes Sourced from postcss's releases. 7.0.39 Reduce package size. Backport nanocolors to picocolors migration. 7.0.38 Update Processor#version. 7.0.37 Backport chalk to nanocolors migration....

dependabot[bot]

Bumps [tar](https://github.com/npm/node-tar) from 6.1.0 to 6.1.11. Commits e573aee 6.1.11 edb8e9a fix: perf regression on hot string munging path a9d9b05 chore(test): Avoid spurious failures packing node_modules/.cache 24b8bda fix(test): use posix path...

dependabot[bot]

Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [nth-check](https://github.com/fb55/nth-check) from 2.0.0 to 2.0.1. Release notes Sourced from nth-check's releases. v2.0.1 Fixes: Replace regex with hand-rolled parser for nth-expressions (#9) 9894c1d Ensures parsing will always have linear time...

dependabot[bot]