Bump the npm_and_yarn group across 1 directory with 5 updates

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
@babel/traverse	`7.17.3`	`7.24.7`
braces	`3.0.2`	`3.0.3`
json5	`2.1.3`	`2.2.3`
tough-cookie	`4.0.0`	`4.1.4`
ws	`7.5.7`	`7.5.10`

Updates @babel/traverse from 7.17.3 to 7.24.7

Release notes

Sourced from @babel/traverse's releases.

v7.24.7 (2024-06-05)

:bug: Bug Fix

babel-node

#16554 Allow extra flags in babel-node (@nicolo-ribaudo)

babel-traverse

#16522 fix: incorrect constantViolations with destructuring (@liuxingbaoyu)

babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management

#16524 fix: Transform using in switch correctly (@liuxingbaoyu)

:house: Internal

babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16525 Delete unused array helpers (@blakewilson)

Committers: 7

Amjad Yahia Robeen Hassan (@amjed-98)

Babel Bot (@babel-bot)

Blake Wilson (@blakewilson)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Sukka (@SukkaW)

@liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @amjed-98, @blakewilson, @coelhucas, and @SukkaW for your first PRs!

:bug: Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties

#16514 Fix source maps for private member expressions (@nicolo-ribaudo)

babel-core, babel-generator, babel-plugin-transform-modules-commonjs

#16515 Fix source maps for template literals (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16485 Support undecorated static accessor in anonymous classes (@JLHwung)

#16484 Fix decorator bare yield await (@JLHwung)

babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

#16483 Fix: throw TypeError if addInitializer is called after finished (@JLHwung)

babel-parser, babel-plugin-transform-typescript

#16476 fix: Correctly parse cls.fn<C> = x (@liuxingbaoyu)

:house: Internal

babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16501 Generate helper metadata at build time (@nicolo-ribaudo)

babel-helpers

#16499 Add tsconfig.json for @babel/helpers/src/helpers (@nicolo-ribaudo)

babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16495 Move all runtime helpers to individual files (@nicolo-ribaudo)

babel-parser, babel-traverse

#16482 Statically generate boilerplate for bitfield accessors (@nicolo-ribaudo)

Other

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.24.7 (2024-06-05)

:bug: Bug Fix

babel-node

#16554 Allow extra flags in babel-node (@nicolo-ribaudo)

babel-traverse

#16522 fix: incorrect constantViolations with destructuring (@liuxingbaoyu)

babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management

#16524 fix: Transform using in switch correctly (@liuxingbaoyu)

:house: Internal

babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16525 Delete unused array helpers (@blakewilson)

v7.24.6 (2024-05-24)

:bug: Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties

#16514 Fix source maps for private member expressions (@nicolo-ribaudo)

babel-core, babel-generator, babel-plugin-transform-modules-commonjs

#16515 Fix source maps for template literals (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16485 Support undecorated static accessor in anonymous classes (@JLHwung)

#16484 Fix decorator bare yield await (@JLHwung)

babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

#16483 Fix: throw TypeError if addInitializer is called after finished (@JLHwung)

babel-parser, babel-plugin-transform-typescript

#16476 fix: Correctly parse cls.fn<C> = x (@liuxingbaoyu)

:house: Internal

babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16501 Generate helper metadata at build time (@nicolo-ribaudo)

babel-helpers

#16499 Add tsconfig.json for @babel/helpers/src/helpers (@nicolo-ribaudo)

babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16495 Move all runtime helpers to individual files (@nicolo-ribaudo)

babel-parser, babel-traverse

#16482 Statically generate boilerplate for bitfield accessors (@nicolo-ribaudo)

Other

#16466 Migrate import assertions syntax (@JLHwung)

v7.24.5 (2024-04-29)

:bug: Bug Fix

babel-plugin-transform-classes, babel-traverse

#16377 fix: TypeScript annotation affects output (@liuxingbaoyu)

babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

#16440 Fix suppressed error order (@sossost)

#16408 Await nullish async disposable (@JLHwung)

:nail_care: Polish

babel-parser

... (truncated)

Commits

bf1e9a3 v7.24.7
4463aa5 fix: incorrect constantViolations with destructuring (#16522)
07bd000 Improve getBindingIdentifiers (#16544)
17a5502 [Babel 8] Remove extra.shorthand (#16521)
7934963 Use type: module in all package.jsons (#16535)
9630250 v7.24.6
1f010df Explicitly define NodePath.prototype.* (#16488)
6e3539b [babel 8] Publish .d.ts files for every package (#16416)
e37e64d Use eslint v9 (#16479)
3ff20b9 Statically generate boilerplate for bitfield accessors (#16482)
Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates json5 from 2.1.3 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Commits

c3a7524 2.2.3
94fd06d docs: update CHANGELOG for v2.2.3
3b8cebf docs(security): use GitHub security advisories
f0fd9e1 docs: publish a security policy
6a91a05 docs(template): bug -> bug report
14f8cb1 2.2.2
10cc7ca docs: update CHANGELOG for v2.2.2
7774c10 fix: add proto to objects and arrays
edde30a Readme: slight tweak to intro
97286f8 Improve example in readme
Additional commits viewable in compare view

Updates tough-cookie from 4.0.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

Add local alias for toString by @corvidism in salesforce/tough-cookie#409

Fix incorrect string validation for URL by @coditva in salesforce/tough-cookie#261

New Contributors

@corvidism made their first contribution in salesforce/tough-cookie#409

@coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

fix: allow set cookies with localhost by @colincasey in salesforce/tough-cookie#253

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

fix: allow special use domains by default by @colincasey in salesforce/tough-cookie#249

4.1.1 Patch -- allow special use domains by default by @awaterma in salesforce/tough-cookie#250

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

Create CHANGELOG.md by @ShivanKaul in salesforce/tough-cookie#189

Missing param validation issue145 by @medelibero-sfdc in salesforce/tough-cookie#193

Create SECURITY.md by @ShivanKaul in salesforce/tough-cookie#201

Create CODE_OF_CONDUCT.md by @ShivanKaul in salesforce/tough-cookie#200

Fix for issue #195 by @medelibero-sfdc in salesforce/tough-cookie#202

Add explanation and more special-use domains by @ShivanKaul in salesforce/tough-cookie#203

Sync of constructor options for serialization by @medelibero-sfdc in salesforce/tough-cookie#204

Returned null in case of empty cookie value by @vsin12 in salesforce/tough-cookie#196

132 str trim not a function by @awaterma in salesforce/tough-cookie#209

Fix for issue #153 by @medelibero-sfdc in salesforce/tough-cookie#210

Fix permuteDomain with trailing dot by @ruoho-sfdc in salesforce/tough-cookie#216

Issue #213 -- added gh-actions flow for building and testing tough-co… by @awaterma in salesforce/tough-cookie#218

... (truncated)

Commits

cacbc37 Bump version to 4.1.4
a48fb3a Add tests for url validation
50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
1253d58 Merge pull request #409 from corvidism/validators-to-string
238367e Add local alias for toString
4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
12d4747 Prevent prototype pollution in cookie memstore (#283)
f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
cf6debd Fix incorrect string validation for URL
b1a8898 fix: allow set cookies with localhost (#253)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates ws from 7.5.7 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

Backported 0fdcc0af to the 7.x release line (2758ed35).

Backported d68ba9e1 to the 7.x release line (dc1781bc).

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
8a78f87 [dist] 7.5.9
0435e6e [security] Fix same host check for ws+unix: redirects
4271f07 [dist] 7.5.8
dc1781b [security] Drop sensitive headers when following insecure redirects
2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.

Jun 18 '24 11:06 dependabot[bot]