documentation icon indicating copy to clipboard operation
documentation copied to clipboard

Published 20 hours ago β€’ verified publisher icon pantheon-systems

Bump jpeg-js and lighthouse

Open dependabot[bot] opened this issue 3 years ago β€’ 1 comments

Bumps jpeg-js to 0.4.4 and updates ancestor dependency lighthouse. These dependencies need to be updated together.

Updates jpeg-js from 0.4.3 to 0.4.4

Release notes

Sourced from jpeg-js's releases.

v0.4.4

v0.4.4 (2022-06-07)

  • feat: add comment tag encoding (#87) (13e1ffa), closes #87
  • fix: validate sampling factors (#106) (9ccd35f), closes #106
  • fix(decoder): rethrow a more helpful error if Buffer is undefined (#93) (b58cc11), closes #93
  • chore(ci): migrate to github actions (#86) (417e8e2), closes #86
  • chore(deps): bump y18n from 4.0.0 to 4.0.3 (#98) (2c90858), closes #98
  • chore(deps): bump ws from 7.2.3 to 7.4.6 (#91) (fd73289), closes #91
  • chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 (#90) (9449a8b), closes #90
  • chore(deps): bump lodash from 4.17.15 to 4.17.21 (#89) (ffdc4a4), closes #89
Commits
  • 9ccd35f fix: validate sampling factors (#106)
  • b58cc11 fix(decoder): rethrow a more helpful error if Buffer is undefined (#93)
  • 2c90858 chore(deps): bump y18n from 4.0.0 to 4.0.3 (#98)
  • fd73289 chore(deps): bump ws from 7.2.3 to 7.4.6 (#91)
  • 9449a8b chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 (#90)
  • ffdc4a4 chore(deps): bump lodash from 4.17.15 to 4.17.21 (#89)
  • 13e1ffa feat: add comment tag encoding (#87)
  • 417e8e2 chore(ci): migrate to github actions (#86)
  • See full diff in compare view

Updates lighthouse from 5.6.0 to 9.6.7

Release notes

Sourced from lighthouse's releases.

v9.6.7

Full Changelog

This is an npm-only release. We have no plans to release this specific version to DevTools or PSI, but the changes will be rolled up into the next release in those clients.

Core

  • core(trace-elements): include LCP type in artifact (#14344)
  • core: add priority to network-requests debug audit (#14340)

v9.6.6

Full Changelog

We expect this release to ship in the DevTools of Chrome 107, and to PageSpeed Insights within 2 weeks.

New Contributors

Thanks to our new contributor πŸ‘½πŸ·πŸ°πŸ―πŸ»!

Core

  • unsized-images: ignore non-network SVGs (#13737)

Deps

  • upgrade csp-evaluator (#14281)

v9.6.5

Full Changelog

This is an npm-only release and affects only the raw JSON report. We have no plans to release this specific version to DevTools or PSI, but the changes will be rolled up into the next release in those clients.

Core

  • core(network-requests): include starting timestamp as debug data (#14253)
  • core: use trace time origin for main-thread-task time origin (#14252)

v9.6.4

Full Changelog

We expect this release to ship in the DevTools of Chrome 106, and to PageSpeed Insights within 2 weeks.

Deps

  • lighthouse-stack-packs: upgrade to 1.8.2 (#14218)

Clients

... (truncated)

Changelog

Sourced from lighthouse's changelog.

9.6.7 (2022-09-01)

Full Changelog

This is an npm-only release. We have no plans to release this specific version to DevTools or PSI, but the changes will be rolled up into the next release in those clients.

Core

  • core(trace-elements): include LCP type in artifact (#14344)
  • core: add priority to network-requests debug audit (#14340)

9.6.6 (2022-08-16)

Full Changelog

We expect this release to ship in the DevTools of Chrome 106, and to PageSpeed Insights within 2 weeks.

New Contributors

Thanks to our new contributor πŸ‘½πŸ·πŸ°πŸ―πŸ»!

Core

  • unsized-images: ignore non-network SVGs (#13737)

Deps

  • upgrade csp-evaluator (#14281)

9.6.5 (2022-08-01)

Full Changelog

This is an npm-only release and affects only the raw JSON report. We have no plans to release this specific version to DevTools or PSI, but the changes will be rolled up into the next release in those clients.

Core

  • core(network-requests): include starting timestamp as debug data (#14253)
  • core: use trace time origin for main-thread-task time origin (#14252)

9.6.4 (2022-07-26)

Full Changelog

We expect this release to ship in the DevTools of Chrome 106, and to PageSpeed Insights within 2 weeks.

Deps

  • lighthouse-stack-packs: upgrade to 1.8.2 (#14218)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Oct 04 '22 16:10 dependabot[bot]

@dependabot rebase

EdwardAngert avatar Oct 13 '22 16:10 EdwardAngert

:warning: We detected 62 security issues in this pull request:

Vulnerable Libraries (62)
Severity Details
Critical pkg:npm/[email protected]@1.0.0 (t) - no patch available
N/A pkg:npm/[email protected]@4.1.2 (t) upgrade to: 3.6.1,6.2.1
Low pkg:npm/[email protected]@2.6.1 (t) - no patch available
High pkg:npm/[email protected]@8.0.1 (t) upgrade to: 9.0.6
Medium pkg:npm/[email protected]@4.0.4 (t) - no patch available
Medium pkg:npm/[email protected]@0.11.5 (t) upgrade to: 0.11.6
Critical pkg:npm/[email protected]@3.1.1 (t) - no patch available
High pkg:npm/[email protected]@4.1.0 (t) upgrade to: 4.1.1,4.1.1
High pkg:npm/[email protected]@0.0.1 (t) upgrade to: 0.0.3
Medium pkg:npm/[email protected]@7.0.36 (t) - no patch available
High pkg:npm/[email protected]@1.27.5 (t) - no patch available
N/A pkg:npm/[email protected]@2.6.9 (t) upgrade to: 3.1.0
High pkg:npm/[email protected]@5.0.0 (t) upgrade to: 6.0.1,5.0.1,4.1.1,3.0.1
Medium pkg:npm/[email protected]@3.4.1 (t) upgrade to: 4.1.2
High pkg:npm/[email protected]@3.0.4 (t) upgrade to: 3.0.5
Critical pkg:npm/[email protected]@2.0.1 (t) - no patch available
N/A pkg:npm/[email protected]@2.0.0 (t) - no patch available
High pkg:npm/[email protected]@9.0.0 (t) - no patch available
Critical pkg:npm/[email protected]@4.0.5 (t) - no patch available
High pkg:npm/[email protected]@0.2.14 (t) - no patch available
Critical pkg:npm/[email protected]@6.5.2 (t) - no patch available
Critical pkg:npm/[email protected]@9.0.1 (t) upgrade to: 13.0.2,14.0.1
High pkg:npm/[email protected]@1.0.1 (t) upgrade to: 2.2.2
Medium pkg:npm/[email protected]@1.4.4 (t) - no patch available
High pkg:npm/[email protected]@1.29.0 (t) - no patch available
Medium pkg:npm/[email protected]@3.1.4 (t) upgrade to: 3.1.5,2.2.6
High pkg:npm/[email protected]@4.17.14 (t) upgrade to: 4.17.20,4.17.20
Medium pkg:npm/[email protected]@17.0.2 (t) - no patch available
High pkg:npm/[email protected]@7.0.2 (t) upgrade to: 10.2.7
Medium pkg:npm/[email protected]@2.88.2 (t) - no patch available
Medium pkg:npm/[email protected]@2.6.0 (t) - no patch available
Medium pkg:npm/[email protected]@0.29.3 (t) upgrade to: 0.30.5
High pkg:npm/[email protected]@2.1.3 (t) - no patch available
Critical pkg:npm/[email protected]@6.10.1 (t) - no patch available
High pkg:npm/[email protected]@6.0.2 (t) - no patch available
Medium pkg:npm/[email protected]@4.11.0 (t) - no patch available
High pkg:npm/[email protected]@2.2.1 (t) upgrade to: 2.2.2
N/A pkg:npm/[email protected]@0.0.7 (t) - no patch available
Critical pkg:npm/[email protected]@1.0.0 (t) - no patch available
Critical pkg:npm/[email protected]@1.7.2 (t) upgrade to: 1.7.3
High pkg:npm/[email protected]@3.4.2 (t) - no patch available
Critical pkg:npm/[email protected]@2.0.0 (t) upgrade to: 2.0.3
Medium pkg:npm/[email protected]@7.4.5 (t) upgrade to: 7.4.6,6.2.2,5.2.3
Medium pkg:npm/[email protected]@2.6.12 (t) - no patch available
High pkg:npm/[email protected]@0.2.5 (t) - no patch available
High pkg:npm/[email protected]@2.4.0 (t) - no patch available
Medium pkg:npm/@sideway/[email protected]@3.0.0 (t) upgrade to: 3.0.1
High pkg:npm/[email protected]@6.1.0 (t) upgrade to: 10.2.7
Low pkg:npm/[email protected]@2.6.7 (t) - no patch available
Medium pkg:npm/[email protected]@9.6.0 (t) - no patch available
Critical pkg:npm/[email protected]@1.2.3 (t) upgrade to: 2.0.3
High pkg:npm/[email protected]@3.26.1 (t) - no patch available
High pkg:npm/[email protected]@2.0.4 (t) - no patch available
Medium pkg:npm/[email protected]@11.8.5 (t) - no patch available
High pkg:npm/[email protected]@0.2.0 (t) - no patch available
Medium pkg:npm/[email protected]@4.0.5 (t) - no patch available
High pkg:npm/[email protected]@4.18.2 (t) - no patch available
Medium pkg:npm/[email protected]@4.14.2 (t) upgrade to: 4.16.5
High pkg:npm/[email protected]@1.0.2 (t) upgrade to: 2.0.1
High pkg:npm/[email protected]@4.1.0 (t) upgrade to: 6.0.1,5.0.1,4.1.1,3.0.1
Critical pkg:npm/[email protected]@1.4.2 (t) - no patch available
Medium pkg:npm/[email protected]@7.0.39 (t) - no patch available

More info on how to fix Vulnerable Libraries in JavaScript.

πŸ‘‰ Go to the dashboard for detailed results.

πŸ“₯ Happy? Share your feedback with us.

guardrails[bot] avatar Feb 17 '23 18:02 guardrails[bot]

Looks like these dependencies are no longer a dependency, so this is no longer needed.

dependabot[bot] avatar Feb 22 '23 19:02 dependabot[bot]