react-storefront-starter-app

react-storefront-starter-app copied to clipboard

Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 0.7.23 to 0.7.33. Changelog Sourced from ua-parser-js's changelog. Version 0.7.33 / 1.0.33 Add new browser : Cobalt Identify Macintosh as an Apple device Fix ReDoS vulnerability Version...

dependabot[bot]

tmountjr

Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. Release notes Sourced from json5's releases. v1.0.2 Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a...

dependabot[bot]

Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.18.2. Release notes Sourced from express's releases. 4.18.2 Fix regression routing a large stack in a single route deps: [email protected] deps: [email protected] perf: remove unnecessary...

dependabot[bot]

Bumps [qs](https://github.com/ljharb/qs) from 6.9.4 to 6.9.7. Changelog Sourced from qs's changelog. 6.9.7 [Fix] parse: ignore __proto__ keys (#428) [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424) [Robustness]...

dependabot[bot]

Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. Release notes Sourced from decode-uri-component's releases. v0.2.2 Prevent overwriting previously decoded tokens 980e0bf https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2 v0.2.1 Switch to GitHub workflows 76abc93 Fix issue where decode...

dependabot[bot]

Bumps [loader-utils](https://github.com/webpack/loader-utils) to 1.4.2 and updates ancestor dependency [next](https://github.com/vercel/next.js). These dependencies need to be updated together. Updates `loader-utils` from 1.4.0 to 1.4.2 Release notes Sourced from loader-utils's releases. v1.4.2 1.4.2...

dependabot[bot]

Bumps [terser](https://github.com/terser/terser) from 4.8.0 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) Commits See full diff in compare...

dependabot[bot]

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...

dependabot[bot]

Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.20 to 3.2.0. Changelog Sourced from nanoid's changelog. Change Log This project adheres to Semantic Versioning. 3.2 Added --size and --alphabet arguments to binary (by Vitaly Baev)....

dependabot[bot]