httptoolkit-website
httptoolkit-website copied to clipboard
httptoolkit
Bump xml2js, gatsby-plugin-sharp, gatsby-remark-images and gatsby-transformer-sharp
Removes xml2js. It's no longer used after updating ancestor dependencies xml2js, gatsby-plugin-sharp, gatsby-remark-images and gatsby-transformer-sharp. These dependencies need to be updated together.
Removes xml2js
Updates gatsby-plugin-sharp from 2.14.4 to 5.8.1
Release notes
Sourced from gatsby-plugin-sharp's releases.
v5.7.0
Welcome to
[email protected]release (February 2023 #2)This release focused on bug fixes and perf improvements. Check out notable bugfixes and improvements.
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.6.0
Welcome to
[email protected]release (February 2023 #1)Key highlights of this release:
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.5.0
Welcome to
[email protected]release (January 2023 #2)Key highlights of this release:
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.4.0
Welcome to
[email protected]release (January 2023 #1)The whole team took time off for a much deserved winter break and we hope you had relaxing holidays, too! Before the break we spent time doing maintenance work such as updating internal dependencies or fixing some smaller bugs here and there. In case you missed it, we shipped ES Modules (ESM) in Gatsby files in the last release.
So check out the notable bugfixes section to learn more.
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.
... (truncated)
Changelog
Sourced from gatsby-plugin-sharp's changelog.
5.8.1 (2023-03-29)
Bug Fixes
- don't serve static assets that are not result of currently triggered deferred job #37796 #37799 (5f44208)
5.8.0 (2023-03-21)
Note: Version bump only for package gatsby-plugin-sharp
5.7.0 (2023-02-21)
Note: Version bump only for package gatsby-plugin-sharp
5.6.0 (2023-02-07)
Bug Fixes
Chores
5.5.0 (2023-01-24)
Chores
5.4.0 (2023-01-10)
Bug Fixes
Chores
... (truncated)
Commits
12c91dbchore(release): Publish5f44208fix(gatsby-plugin-sharp): don't serve static assets that are not result of cu...b1abb5bchore(release): Publish3588ad1chore(changelogs): update changelogs (#37686)fed83d5chore(release): Publish next pre-minor6bf35a5chore(changelogs): update changelogs (#37628)342e393chore(release): Publish next pre-minor13a0a9efix(deps): update babel monorepo (#37568)e86d87cchore(deps): update dependency@types/sharpto ^0.31.1 (#37562)bea75aechore(release): Publish next- Additional commits viewable in compare view
Updates gatsby-remark-images from 3.11.1 to 7.8.0
Release notes
Sourced from gatsby-remark-images's releases.
v5.7.0
Welcome to
[email protected]release (February 2023 #2)This release focused on bug fixes and perf improvements. Check out notable bugfixes and improvements.
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.6.0
Welcome to
[email protected]release (February 2023 #1)Key highlights of this release:
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.5.0
Welcome to
[email protected]release (January 2023 #2)Key highlights of this release:
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.4.0
Welcome to
[email protected]release (January 2023 #1)The whole team took time off for a much deserved winter break and we hope you had relaxing holidays, too! Before the break we spent time doing maintenance work such as updating internal dependencies or fixing some smaller bugs here and there. In case you missed it, we shipped ES Modules (ESM) in Gatsby files in the last release.
So check out the notable bugfixes section to learn more.
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.
... (truncated)
Changelog
Sourced from gatsby-remark-images's changelog.
7.8.0 (2023-03-21)
Note: Version bump only for package gatsby-remark-images
7.7.0 (2023-02-21)
Note: Version bump only for package gatsby-remark-images
7.6.0 (2023-02-07)
Bug Fixes
7.5.0 (2023-01-24)
Note: Version bump only for package gatsby-remark-images
7.4.0 (2023-01-10)
Bug Fixes
Chores
7.3.1 (2022-12-14)
Note: Version bump only for package gatsby-remark-images
7.3.0 (2022-12-13)
Features
... (truncated)
Commits
b1abb5bchore(release): Publish3588ad1chore(changelogs): update changelogs (#37686)fed83d5chore(release): Publish next pre-minor6bf35a5chore(changelogs): update changelogs (#37628)342e393chore(release): Publish next pre-minor13a0a9efix(deps): update babel monorepo (#37568)bea75aechore(release): Publish next1a24414chore(changelogs): update changelogs (#37529)ede0901chore(release): Publish next pre-minorf8f084achore(release): Publish next- Additional commits viewable in compare view
Updates gatsby-transformer-sharp from 2.12.1 to 5.8.0
Release notes
Sourced from gatsby-transformer-sharp's releases.
v5.7.0
Welcome to
[email protected]release (February 2023 #2)This release focused on bug fixes and perf improvements. Check out notable bugfixes and improvements.
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.6.0
Welcome to
[email protected]release (February 2023 #1)Key highlights of this release:
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.5.0
Welcome to
[email protected]release (January 2023 #2)Key highlights of this release:
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.v5.4.0
Welcome to
[email protected]release (January 2023 #1)The whole team took time off for a much deserved winter break and we hope you had relaxing holidays, too! Before the break we spent time doing maintenance work such as updating internal dependencies or fixing some smaller bugs here and there. In case you missed it, we shipped ES Modules (ESM) in Gatsby files in the last release.
So check out the notable bugfixes section to learn more.
Bleeding Edge: Want to try new features as soon as possible? Install
gatsby@nextand let us know if you have any issues.
... (truncated)
Changelog
Sourced from gatsby-transformer-sharp's changelog.
5.8.0 (2023-03-21)
Note: Version bump only for package gatsby-transformer-sharp
5.7.0 (2023-02-21)
Note: Version bump only for package gatsby-transformer-sharp
5.6.0 (2023-02-07)
Bug Fixes
Chores
5.5.0 (2023-01-24)
Chores
5.4.0 (2023-01-10)
Bug Fixes
Chores
5.3.1 (2022-12-14)
Note: Version bump only for package gatsby-transformer-sharp
5.3.0 (2022-12-13)
... (truncated)
Commits
b1abb5bchore(release): Publish3588ad1chore(changelogs): update changelogs (#37686)fed83d5chore(release): Publish next pre-minor6bf35a5chore(changelogs): update changelogs (#37628)342e393chore(release): Publish next pre-minor13a0a9efix(deps): update babel monorepo (#37568)e86d87cchore(deps): update dependency@types/sharpto ^0.31.1 (#37562)bea75aechore(release): Publish next1a24414chore(changelogs): update changelogs (#37529)ede0901chore(release): Publish next pre-minor- Additional commits viewable in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore [email protected]@SocketSecurity ignore [email protected]
🫣 Native code
Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.
Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
| Package | Location | Source |
|---|---|---|
| [email protected] (added) | binding.gyp | package-lock.json via [email protected], [email protected], [email protected] |
| [email protected] (added) | binding.gyp | package-lock.json via [email protected], [email protected], [email protected] |
Pull request alert summary
| Issue | Status |
|---|---|
| Install scripts | ✅ 0 issues |
| Native code | ⚠️ 2 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
| ⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|---|
| [email protected] | 2.14.4...5.9.0 | filesystem | +61/-179 |
lekoarts |
| [email protected] | 2.12.1...5.9.0 | None | +62/-180 |
lekoarts |
| [email protected] | 3.11.1...7.9.0 | None | +66/-181 |
lekoarts |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}