apiclarity
apiclarity copied to clipboard
Bump the npm_and_yarn group across 1 directory with 10 updates
Bumps the npm_and_yarn group with 10 updates in the /ui directory:
Package | From | To |
---|---|---|
axios | 1.3.1 |
1.6.0 |
semver | 6.3.0 |
6.3.1 |
@babel/traverse | 7.20.13 |
7.24.5 |
ejs | 3.1.8 |
3.1.10 |
express | 4.18.2 |
4.19.2 |
follow-redirects | 1.15.2 |
1.15.6 |
tough-cookie | 4.1.2 |
4.1.4 |
webpack | 5.75.0 |
5.91.0 |
webpack-dev-middleware | 5.3.3 |
5.3.4 |
word-wrap | 1.2.3 |
1.2.5 |
Updates axios
from 1.3.1 to 1.6.0
Release notes
Sourced from axios's releases.
Release v1.6.0
Release notes:
Bug Fixes
- CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
- dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
- types: fix AxiosHeaders types; (#5931) (a1c8ad0)
PRs
- CVE 2023 45857 ( #6028 )
⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release
Release v1.5.1
Release notes:
Bug Fixes
- adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
- formdata: fixed automatic addition of the
Content-Type
header for FormData in non-browser environments; (#5917) (bc9af51)- headers: allow
content-encoding
header to handle case-insensitive values (#5890) (#5892) (4c89f25)- types: removed duplicated code (9e62056)
Contributors to this release
Release v1.5.0
Release notes:
Bug Fixes
- adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
- dns: fixed
cacheable-lookup
integration; (#5836) (b3e327d)- headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
- headers: fixed common Content-Type header merging; (#5832) (8fda276)
Features
... (truncated)
Changelog
Sourced from axios's changelog.
1.6.0 (2023-10-26)
Bug Fixes
- CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
- dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
- types: fix AxiosHeaders types; (#5931) (a1c8ad0)
PRs
- CVE 2023 45857 ( #6028 )
⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release
1.5.1 (2023-09-26)
Bug Fixes
- adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
- formdata: fixed automatic addition of the
Content-Type
header for FormData in non-browser environments; (#5917) (bc9af51)- headers: allow
content-encoding
header to handle case-insensitive values (#5890) (#5892) (4c89f25)- types: removed duplicated code (9e62056)
Contributors to this release
PRs
- CVE 2023 45857 ( #6028 )
⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
1.5.0 (2023-08-26)
... (truncated)
Commits
f7adacd
chore(release): v1.6.0 (#6031)9917e67
chore(ci): fix release-it arg; (#6032)96ee232
fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)7d45ab2
chore(tests): fixed tests to pass in node v19 and v20 withkeep-alive
enabl...5aaff53
fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)a48a63a
chore(docs): added AxiosHeaders docs; (#5932)a1c8ad0
fix(types): fix AxiosHeaders types; (#5931)2ac731d
chore(docs): update readme.md (#5889)88fb52b
chore(release): v1.5.1 (#5920)e410779
fix(adapters): improved adapters loading logic to have clear error messages; ...- Additional commits viewable in compare view
Updates semver
from 6.3.0 to 6.3.1
Release notes
Sourced from semver's releases.
v6.3.1
6.3.1 (2023-07-10)
Bug Fixes
928e56d
#591 better handling of whitespace (#591) (@lukekarrys
,@joaomoreno
,@nicolo-ribaudo
)
Changelog
Sourced from semver's changelog.
6.3.1 (2023-07-10)
Bug Fixes
928e56d
#591 better handling of whitespace (#591) (@lukekarrys
,@joaomoreno
,@nicolo-ribaudo
)6.2.0
- Coerce numbers to strings when passed to semver.coerce()
- Add
rtl
option to coerce from right to left6.1.3
- Handle X-ranges properly in includePrerelease mode
6.1.2
- Do not throw when testing invalid version strings
6.1.1
- Add options support for semver.coerce()
- Handle undefined version passed to Range.test
6.1.0
- Add semver.compareBuild function
- Support
*
in semver.intersects6.0
Fix
intersects
logic.This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.
5.7
- Add
minVersion
method5.6
- Move boolean
loose
param to an options object, with backwards-compatibility protection.- Add ability to opt out of special prerelease version handling with the
includePrerelease
option flag.5.5
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates @babel/traverse
from 7.20.13 to 7.24.5
Release notes
Sourced from @babel/traverse
's releases.
v7.24.5 (2024-04-29)
Thanks
@romgrk
and@sossost
for your first PRs!:bug: Bug Fix
babel-plugin-transform-classes
,babel-traverse
- #16377 fix: TypeScript annotation affects output (
@liuxingbaoyu
)babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs3
:nail_care: Polish
:house: Internal
- Other
- #16414 Relax ESLint peerDependency constraint to allow v9 (
@liuxingbaoyu
)babel-parser
- #16425 Improve
@babel/parser
AST types (@nicolo-ribaudo
)- #16417 Always pass type argument to
.startNode
(@nicolo-ribaudo
)babel-helper-create-class-features-plugin
,babel-helper-member-expression-to-functions
,babel-helper-module-transforms
,babel-helper-split-export-declaration
,babel-helper-wrap-function
,babel-helpers
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-plugin-proposal-explicit-resource-management
,babel-plugin-transform-block-scoping
,babel-plugin-transform-destructuring
,babel-plugin-transform-object-rest-spread
,babel-plugin-transform-optional-chaining
,babel-plugin-transform-parameters
,babel-plugin-transform-private-property-in-object
,babel-plugin-transform-react-jsx-self
,babel-plugin-transform-typeof-symbol
,babel-plugin-transform-typescript
,babel-traverse
- #16439 Make
NodePath<T | U>
distributive (@nicolo-ribaudo
)babel-plugin-proposal-partial-application
,babel-types
- #16421 Remove
JSXNamespacedName
from validCallExpression
args (@nicolo-ribaudo
)babel-plugin-transform-class-properties
,babel-preset-env
- #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (
@nicolo-ribaudo
):running_woman: Performance
babel-helpers
,babel-preset-env
,babel-runtime-corejs3
Committers: 6
- Babel Bot (
@babel-bot
)- Huáng Jùnliàng (
@JLHwung
)- Nicolò Ribaudo (
@nicolo-ribaudo
)- Rom Grk (
@romgrk
)@liuxingbaoyu
- ynnsuis (
@sossost
)v7.24.4 (2024-04-03)
Thanks
@Dunqing
,@luiscubal
, and@samualtnorman
for your first PRs!:eyeglasses: Spec Compliance
... (truncated)
Changelog
Sourced from @babel/traverse
's changelog.
v7.24.5 (2024-04-29)
:bug: Bug Fix
babel-plugin-transform-classes
,babel-traverse
- #16377 fix: TypeScript annotation affects output (
@liuxingbaoyu
)babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs3
:nail_care: Polish
:house: Internal
- Other
- #16414 Relax ESLint peerDependency constraint to allow v9 (
@liuxingbaoyu
)babel-parser
- #16425 Improve
@babel/parser
AST types (@nicolo-ribaudo
)- #16417 Always pass type argument to
.startNode
(@nicolo-ribaudo
)babel-helper-create-class-features-plugin
,babel-helper-member-expression-to-functions
,babel-helper-module-transforms
,babel-helper-split-export-declaration
,babel-helper-wrap-function
,babel-helpers
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-plugin-proposal-explicit-resource-management
,babel-plugin-transform-block-scoping
,babel-plugin-transform-destructuring
,babel-plugin-transform-object-rest-spread
,babel-plugin-transform-optional-chaining
,babel-plugin-transform-parameters
,babel-plugin-transform-private-property-in-object
,babel-plugin-transform-react-jsx-self
,babel-plugin-transform-typeof-symbol
,babel-plugin-transform-typescript
,babel-traverse
- #16439 Make
NodePath<T | U>
distributive (@nicolo-ribaudo
)babel-plugin-proposal-partial-application
,babel-types
- #16421 Remove
JSXNamespacedName
from validCallExpression
args (@nicolo-ribaudo
)babel-plugin-transform-class-properties
,babel-preset-env
- #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (
@nicolo-ribaudo
):running_woman: Performance
babel-helpers
,babel-preset-env
,babel-runtime-corejs3
v7.24.4 (2024-04-03)
:eyeglasses: Spec Compliance
babel-parser
babel-helpers
,babel-plugin-proposal-decorators
,babel-runtime-corejs3
:bug: Bug Fix
babel-generator
- #16402 fix: Correctly prints
{ [key in Bar]? }
(@liuxingbaoyu
)- #16394 fix: Correctly generate
TSMappedType
(@liuxingbaoyu
)babel-compat-data
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-preset-env
- #16390 Create bugfix plugin for classes in computed keys in Firefox (
@nicolo-ribaudo
)babel-helper-create-class-features-plugin
,babel-plugin-proposal-decorators
- #16387 fix: support mutated outer decorated class binding (
@JLHwung
)- #16385 fix: Decorators when
super()
exists andprotoInit
is not needed (@liuxingbaoyu
)babel-plugin-transform-block-scoping
- #16384 fix: Transform scoping for
for X
in loop (@liuxingbaoyu
)- #16368 fix: Capture
let
when thefor
body is not a block (@liuxingbaoyu
)babel-core
,babel-plugin-transform-block-scoped-functions
,babel-plugin-transform-block-scoping
... (truncated)
Commits
ddbea7d
v7.24.5e779cad
fix: TypeScript annotation affects output (#16377)ee48754
Use multiple TypeScript projects (#16430)4d8b2d0
MakeNodePath\<T | U>
distributive (#16439)a84ec28
Enableeqeqeq
rule (#16404)822b025
v7.24.1fc0d5ad
Update typescript and lint tools (#16351)69e7928
Consider well-known and registered symbols as literals (#16342)40110e9
Update source map deps (#16327)ce59160
v7.24.0- Additional commits viewable in compare view
Updates ejs
from 3.1.8 to 3.1.10
Commits
d3f807d
Version 3.1.109ee26dd
Mocha TDDe469741
Basic pollution protection715e950
Merge pull request #756 from Jeffrey-mu/maincabe314
Include advanced usage examples29b076c
Added header11503c7
Merge branch 'main' of github.com:mde/ejs into main7690404
Added security banner to READMEf47d7ae
Update SECURITY.md828cea1
Update SECURITY.md- Additional commits viewable in compare view
Updates express
from 4.18.2 to 4.19.2
Release notes
Sourced from express's releases.
4.19.2
What's Changed
Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2
4.19.1
What's Changed
- Fix ci after location patch by
@wesleytodd
in expressjs/express#5552- fixed un-edited version in history.md for 4.19.0 by
@wesleytodd
in expressjs/express#5556Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1
4.19.0
What's Changed
- fix typo in release date by
@UlisesGascon
in expressjs/express#5527- docs: nominating
@wesleytodd
to be project captian by@wesleytodd
in expressjs/express#5511- docs: loosen TC activity rules by
@wesleytodd
in expressjs/express#5510- Add note on how to update docs for new release by
@crandmck
in expressjs/express#5541- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by
@wesleytodd
in expressjs/express#5551New Contributors
@crandmck
made their first contribution in expressjs/express#5541Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0
4.18.3
Main Changes
- Fix routing requests without method
- deps: [email protected]
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: [email protected]
Other Changes
- Use https: protocol instead of deprecated git: protocol by
@vcsjones
in expressjs/express#5032- build: [email protected] and [email protected] by
@abenhamdine
in expressjs/express#5034- ci: update actions/checkout to v3 by
@armujahid
in expressjs/express#5027- test: remove unused function arguments in params by
@raksbisht
in expressjs/express#5124- Remove unused originalIndex from acceptParams by
@raksbisht
in expressjs/express#5119- Fixed typos by
@raksbisht
in expressjs/express#5117- examples: remove unused params by
@raksbisht
in expressjs/express#5113- fix: parameter str is not described in JSDoc by
@raksbisht
in expressjs/express#5130- fix: typos in History.md by
@raksbisht
in expressjs/express#5131- build : add [email protected] by
@abenhamdine
in expressjs/express#5028- test: remove unused function arguments in params by
@raksbisht
in expressjs/express#5137
... (truncated)
Changelog
Sourced from express's changelog.
4.19.2 / 2024-03-25
- Improved fix for open redirect allow list bypass
4.19.1 / 2024-03-20
- Allow passing non-strings to res.location with new encoding handling checks
4.19.0 / 2024-03-20
- Prevent open redirect allow list bypass due to encodeurl
- deps: [email protected]
4.18.3 / 2024-02-29
- Fix routing requests without method
- deps: [email protected]
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: [email protected]
- deps: [email protected]
- Add
partitioned
option
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: [email protected]- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates follow-redirects
from 1.15.2 to 1.15.6
Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.- Additional commits viewable in compare view
Updates tough-cookie
from 4.1.2 to 4.1.4
Release notes
Sourced from tough-cookie's releases.
v4.1.4
https://www.npmjs.com/package/tough-cookie/v/4.1.4
What's Changed
- Add local alias for
toString
by@corvidism
in salesforce/tough-cookie#409- Fix incorrect string validation for URL by
@coditva
in salesforce/tough-cookie#261New Contributors
@corvidism
made their first contribution in salesforce/tough-cookie#409@coditva
made their first contribution in salesforce/tough-cookie#261Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.3...v4.1.4
4.1.3
Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the
inspect
utility is affected by this change, we felt this change was important enough to be pushed into the next patch.
Commits
cacbc37
Bump version to 4.1.4a48fb3a
Add tests for url validation50e69bf
Merge pull request #261 from postmanlabs/fix/url-string-validation1253d58
Merge pull request #409 from corvidism/validators-to-string238367e
Add local alias fortoString
4ff4d29
4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)12d4747
Prevent prototype pollution in cookie memstore (#283)f06b72d
Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...cf6debd
Fix incorrect string validation for URL- See full diff in compare view
Maintainer changes
This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.
Updates webpack
from 5.75.0 to 5.91.0
Release notes
Sourced from webpack's releases.
v5.91.0
Bug Fixes
- Deserializer for ignored modules doesn't crash
- Allow the
unsafeCache
option to be a proxy object- Normalize the
snapshot.unmanagedPaths
option- Fixed
fs
types- Fixed resolve's plugins types
- Fixed wrongly calculate postOrderIndex
- Fixed watching types
- Output import attrbiutes/import assertions for external JS imports
- Throw an error when DllPlugin needs to generate multiple manifest files, but the path is the same
- [CSS] Output
layer
/supports
/media
for external CSS importsNew Features
- Allow to customize the stage of BannerPlugin
- [CSS] Support CSS exports convention
- [CSS] support CSS local ident name
- [CSS] Support
__webpack_nonce__
for CSS chunks- [CSS] Support
fetchPriority
for CSS chunks- [CSS] Allow to use LZW to compress css head meta (enabled in the
production
mode by default)- [CSS] Support prefetch/preload for CSS chunks
v5.90.3
Bug Fixes
- don't mangle when destructuring a reexport
- types for
Stats.toJson()
andStats.toString()
- many internal types
- [CSS] clean up export css local vars
Perf
- simplify and optimize chunk graph creation
v5.90.2
Bug Fixes
- use
Math.imul
infnv1a32
to avoid loss of precision, directly hash UTF16 values- the
setStatus()
of the HMR module should not return an array, which may cause infinite recursion__webpack_exports_info__.xxx.canMangle
shouldn't always same as default- mangle export with destructuring
- use new runtime to reconsider skipped connections
activeState
- make dynamic import optional in
try/catch
- improve auto publicPath detection
Dependencies & Maintenance
- improve CI setup and include Node.js@21
... (truncated)
Commits
60daca5
chore(release): 5.91.08dad9ce
chore(deps-dev): bump@babel/preset-react
from 7.23.3 to 7.24.1a3229f9
chore(deps-dev): bump@babel/core
from 7.24.0 to 7.24.140c2e44
chore(deps-dev): bump@types/node
from 20.11.29 to 20.11.30a04faba
chore(deps-dev): bump memfs from 4.7.7 to 4.8.08f22221
chore(deps): bump es-module-lexer from 1.4.1 to 1.4.28df6912
chore(deps): bump es-module-lexer from 1.4.1 to 1.4.2711c618
chore(deps-dev): bump memfs from 4.7.7 to 4.8.0c462bb3
chore(deps-dev): bump@types/node
from 20.11.29 to 20.11.30f0d3e3e
chore(deps-dev): bump@babel/preset-react
from 7.23.3 to 7.24.1- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.
Updates webpack-dev-middleware
from 5.3.3 to 5.3.4
Commits
86071ea
chore(release): 5.3.4189c4ac
fix(security): do not allow to read files above (#1779)- See full diff in compare view
Updates word-wrap
from 1.2.3 to 1.2.5
Release notes
Sourced from word-wrap's releases.
1.2.5
Changes:
Reverts default value for
options.indent
to two spaces' '
.Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.4...1.2.5
1.2.4
What's Changed
- Remove default indent by
@mohd-akram
in jonschlinkert/word-wrap#24- 🔒fix: CVE 2023 26115 (2) by
@OlafConijn
in jonschlinkert/word-wrap#41- :lock: fix: CVE-2023-26115 by
@aashutoshrathi
in jonschlinkert/word-wrap#33- chore: publish workflow by
@OlafConijn
in jonschlinkert/word-wrap#42New Contributors
@mohd-akram
made their first contribution in jonschlinkert/word-wrap#24@OlafConijn
made their first contribution in jonschlinkert/word-wrap#41@aashutoshrathi
made their first contribution in jonschlinkert/word-wrap#33Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4
Commits
207044e
1.2.59894315
revert default indentf64b188
run verb to generate README03ea082
Merge pull request #42 from jonschlinkert/chore/publish-workflow420dce9
Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2bfa694e
Update .github/workflows/publish.ymlace0b3c
chore: bump version to 1.2.46fd7275
chore: add publish workflow30d6daf
chore: fix test655929c
chore: remove package-lock- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) -
@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) -
@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) -
@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency -
@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.