Bump the npm_and_yarn group across 1 directory with 7 updates #1

dependabot · 2024-12-10T08:42:35Z

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
axios	`1.7.2`	`1.7.4`
vite	`5.3.1`	`5.4.11`
cross-spawn	`7.0.3`	`7.0.6`
nanoid	`3.3.7`	`3.3.8`
path-to-regexp	`2.2.1`	`3.3.0`
serve	`14.2.3`	`14.2.4`

Updates axios from 1.7.2 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)

sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

Lev Pachmanov

Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

adapter: fix progress event emitting; (#6518) (e3c76fc)

fetch: fix withCredentials request config (#6505) (85d4d0e)

xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

Dmitriy Mozgovoy

Valerii Sidorenko

prianYu

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)

sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

Lev Pachmanov

Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

adapter: fix progress event emitting; (#6518) (e3c76fc)

fetch: fix withCredentials request config (#6505) (85d4d0e)

xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

Dmitriy Mozgovoy

Valerii Sidorenko

prianYu

Commits

abd24a7 chore(release): v1.7.4 (#6544)
6b6b605 fix(sec): CVE-2024-39338 (#6539) (#6543)
07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)
c6cce43 chore(release): v1.7.3 (#6521)
e3c76fc fix(adapter): fix progress event emitting; (#6518)
85d4d0e fix(fetch): fix withCredentials request config (#6505)
92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
See full diff in compare view

Updates vite from 5.3.1 to 5.4.11

Release notes

Sourced from vite's releases.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.1

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.3 (2024-12-05)

fix: handle postcss load unhandled rejections (#18886) (d5fb653), closes #18886

fix: make handleInvoke interface compatible with invoke (#18876) (a1dd396), closes #18876

fix: make result interfaces for ModuleRunnerTransport#invoke more explicit (#18851) (a75fc31), closes #18851

fix: merge environments.ssr.resolve with root ssr config (#18857) (3104331), closes #18857

fix: no permission to create vite config file (#18844) (ff47778), closes #18844

fix: remove CSS import in CJS correctly in some cases (#18885) (690a36f), closes #18885

fix(config): bundle files referenced with imports field (#18887) (2b5926a), closes #18887

fix(config): make stacktrace path correct when sourcemap is enabled (#18833) (20fdf21), closes #18833

fix(css): rewrite url when image-set and url exist at the same time (#18868) (d59efd8), closes #18868

fix(deps): update all non-major dependencies (#18853) (5c02236), closes #18853

fix(html): allow unexpected question mark in tag name (#18852) (1b54e50), closes #18852

fix(module-runner): decode uri for file url passed to import (#18837) (88e49aa), closes #18837

refactor: fix logic errors found by no-unnecessary-condition rule (#18891) (ea802f8), closes #18891

chore: fix duplicate attributes issue number in comment (#18860) (ffee618), closes #18860

6.0.2 (2024-12-02)

chore: run typecheck in unit tests (#18858) (49f20bb), closes #18858

chore: update broken links in changelog (#18802) (cb754f8), closes #18802

chore: update broken links in changelog (#18804) (47ec49f), closes #18804

fix: don't store temporary vite config file in node_modules if deno (#18823) (a20267b), closes #18823

fix(css): referencing aliased svg asset with lightningcss enabled errored (#18819) (ae68958), closes #18819

fix(manifest): use style.css as a key for the style file for cssCodesplit: false (#18820) (ec51115), closes #18820

fix(optimizer): resolve all promises when cancelled (#18826) (d6e6194), closes #18826

fix(resolve): don't set builtinModules to external by default (#18821) (2250ffa), closes #18821

fix(ssr): set ssr.target: 'webworker' defaults as fallback (#18827) (b39e696), closes #18827

feat(css): format lightningcss error (#18818) (dac7992), closes #18818

refactor: make properties of ResolvedServerOptions and ResolvedPreviewOptions required (#18796) (51a5569), closes #18796

6.0.1 (2024-11-27)

fix: default empty server proxy prevents starting http2 server (#18788) (bbaf514), closes #18788

fix(manifest): do not override existing js manifest entry (#18776) (3b0837e), closes #18776

fix(server): close _ssrCompatModuleRunner on server close (#18784) (9b4c410), closes #18784

fix(server): skip hot channel client normalization for wsServer (#18782) (cc7670a), closes #18782

fix(worker): fix applyToEnvironment hooks on worker build (#18793) (0c6cdb0), closes #18793

chore: flat v6 config file (#18777) (c7b3308), closes #18777

chore: split changelog (#18787) (8542632), closes #18787

chore: update changelog for v6 (#18773) (b254fac), closes #18773

revert: update moduleResolution value casing (#18409) (#18774) (b0fc6e3), closes #18409 #18774

6.0.0 (2024-11-26)

... (truncated)

Commits

c54c860 release: v5.4.11
5f52bc8 release: v5.4.10
7d1a3bc fix: backport #18367,augment hash for CSS files to prevent chromium erroring ...
898d61f release: v5.4.9
508d9ab fix: bump launch-editor-middleware to v2.9.1 (#18348)
dc5434c fix(deps): bump tsconfck (#18322)
851b258 fix(hmr): don't try to rewrite imports for direct CSS soft invalidation (#18252)
96084d6 fix(data-uri): only match ids starting with data: (#18241)
eae00b5 fix(css): fix lightningcss dep url resolution with custom root (#18125)
c23558a chore: update all url references of vitejs.dev to vite.dev (#18276)
Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
9a7e3b2 chore: fix build status badge
0852683 chore(release): 7.0.5
640d391 fix: fix escaping bug introduced by backtracking
bff0c87 chore: remove codecov
a7c6abc chore: replace travis with github workflows
9b9246e chore(release): 7.0.4
5ff3a07 fix: disable regexp backtracking (#160)
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
See full diff in compare view

Updates path-to-regexp from 2.2.1 to 3.3.0

Release notes

Sourced from path-to-regexp's releases.

Add backtracking protection

Fixed

Add backtrack protection to 3.x release (#321) d31670a

pillarjs/path-to-regexp@v3.2.0...v3.3.0

Match Function

Added

Add native match function to library

Validate and sensitive options

Add sensitive option for tokensToFunction (#191)

Add validate option to path functions (#178)

Changelog

Sourced from path-to-regexp's changelog.

Moved to GitHub Releases

3.0.0 / 2019-01-13

Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g. /:att1-:att2-:att3-:att4-:att5)

Remove partial support, prefer escaping the prefix delimiter explicitly (e.g. \\/(apple-)?icon-:res(\\d+).png)

2.4.0 / 2018-08-26

Support start option to disable anchoring from beginning of the string

2.3.0 / 2018-08-20

Use delimiter when processing repeated matching groups (e.g. foo/bar has no prefix, but has a delimiter)

Commits

2eb1293 3.3.0
d31670a Add backtrack protection to 3.x release (#321)
6d2e8db 3.2.0
0e0dce9 Add native match function to library
dd966ea Fix validate: false examples in README
ead0298 Changed coverage tool to nyc (#201)
1aa2238 Bump node version tests
f232e6d 3.1.0
cb331c6 Update dev dependencies
36344dc Rename noValidate option to validate
Additional commits viewable in compare view

Updates serve from 14.2.3 to 14.2.4

Release notes

Sourced from serve's releases.

14.2.4

Patches

Bump serve-handler, vitest, and `typescript: #812

Commits

dd53938 14.2.4
67d75e0 Bump serve-handler, vitest, and typescript (#812)
d06104a X handle has changed (#805)
See full diff in compare view

Updates rollup from 4.18.0 to 4.28.1

Release notes

Sourced from rollup's releases.

v4.28.1

4.28.1

2024-12-06

Bug Fixes

Support running Rollup natively on LoongArch (#5749)

Add optional debugId to SourceMap types (#5751)

Pull Requests

#5749: feat: add support for LoongArch (@darkyzhou)

#5751: feat: Add debugId to SourceMap types (@timfish, @lukastaegert)

#5752: chore(deps): update dependency mocha to v11 (@renovate[bot])

#5753: chore(deps): update dependency vite to v6 (@renovate[bot])

#5754: fix(deps): update swc monorepo (major) (@renovate[bot])

#5755: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5756: Test if saving the Cargo cache can speed up FreeBSD (@lukastaegert)

v4.28.0

4.28.0

2024-11-30

Features

Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

Pull Requests

#5743: fix: supports modify the import attributes key in the config file (@TrickyPi, @lukastaegert)

#5747: chore(deps): update codecov/codecov-action action to v5 (@renovate[bot])

#5748: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

v4.27.4

4.27.4

2024-11-23

Bug Fixes

Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

#5740: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

v4.27.3

4.27.3

... (truncated)

Changelog

Sourced from rollup's changelog.

4.28.1

2024-12-06

Bug Fixes

Support running Rollup natively on LoongArch (#5749)

Add optional debugId to SourceMap types (#5751)

Pull Requests

#5749: feat: add support for LoongArch (@darkyzhou)

#5751: feat: Add debugId to SourceMap types (@timfish, @lukastaegert)

#5752: chore(deps): update dependency mocha to v11 (@renovate[bot])

#5753: chore(deps): update dependency vite to v6 (@renovate[bot])

#5754: fix(deps): update swc monorepo (major) (@renovate[bot])

#5755: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5756: Test if saving the Cargo cache can speed up FreeBSD (@lukastaegert)

4.28.0

2024-11-30

Features

Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

Pull Requests

#5743: fix: supports modify the import attributes key in the config file (@TrickyPi, @lukastaegert)

#5747: chore(deps): update codecov/codecov-action action to v5 (@renovate[bot])

#5748: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

4.27.4

2024-11-23

Bug Fixes

Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

#5740: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

4.27.3

2024-11-18

Bug Fixes

... (truncated)

Commits

e60fb1c 4.28.1
224247b chore(deps): lock file maintenance minor/patch updates (#5755)
c3283cf Test if saving the Cargo cache can speed up FreeBSD (#5756)
87a911c feat: Add debugId to SourceMap types (#5751)
1b78f74 chore(deps): update dependency mocha to v11 (#5752)
89e1c70 chore(deps): update dependency vite to v6 (#5753)
4d6b077 feat: add support for LoongArch (#5749)
d3464e4 fix(deps): update swc monorepo (major) (#5754)
0595e43 4.28.0
5053019 fix: supports modify the import attributes key in the config file (#5743)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

hide display geo custom zones

Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.7.2` | `1.7.4` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.3.1` | `5.4.11` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `2.2.1` | `3.3.0` | | [serve](https://github.com/vercel/serve) | `14.2.3` | `14.2.4` | Updates `axios` from 1.7.2 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.2...v1.7.4) Updates `vite` from 5.3.1 to 5.4.11 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.11/packages/vite) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `path-to-regexp` from 2.2.1 to 3.3.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v2.2.1...v3.3.0) Updates `serve` from 14.2.3 to 14.2.4 - [Release notes](https://github.com/vercel/serve/releases) - [Commits](vercel/serve@14.2.3...14.2.4) Updates `rollup` from 4.18.0 to 4.28.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.18.0...v4.28.1) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Dec 10, 2024

stephenfreelance added a commit that referenced this pull request Dec 16, 2024

Merge pull request #1 from stephenfreelance/main

b767072

hide display geo custom zones

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-4536cef1a6 branch from 849118d to 4c1ae34 Compare December 16, 2024 09:39

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-4536cef1a6 branch from 4c1ae34 to 2378d10 Compare December 16, 2024 09:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Bump the npm_and_yarn group across 1 directory with 7 updates #1

dependabot bot commented on behalf of github Dec 10, 2024 •

edited

Loading

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Conversation

dependabot bot commented on behalf of github Dec 10, 2024 • edited Loading

Release v1.7.4

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.3

Release notes:

Bug Fixes

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes

Contributors to this release

v5.4.11

v5.4.10

v5.4.9

v5.4.8

v5.4.7

v5.4.6

v5.4.5

v5.4.4

v5.4.3

[email protected]

[email protected]

v5.4.2

[email protected]

v5.4.1

[email protected]

[email protected]

v5.4.0

6.0.3 (2024-12-05)

6.0.2 (2024-12-02)

6.0.1 (2024-11-27)

6.0.0 (2024-11-26)

7.0.6 (2024-11-18)

Bug Fixes

7.0.5 (2024-11-07)

Bug Fixes

7.0.4 (2024-11-07)

Bug Fixes

3.3.8

Add backtracking protection

Match Function

Validate and sensitive options

Moved to GitHub Releases

3.0.0 / 2019-01-13

2.4.0 / 2018-08-26

2.3.0 / 2018-08-20

14.2.4

Patches

v4.28.1

4.28.1

Bug Fixes

Pull Requests

v4.28.0

4.28.0

Features

Pull Requests

v4.27.4

4.27.4

Bug Fixes

Pull Requests

v4.27.3

4.27.3

4.28.1

Bug Fixes

Pull Requests

4.28.0

Features

Pull Requests

4.27.4

Bug Fixes

Pull Requests

4.27.3

dependabot bot commented on behalf of github Dec 10, 2024 •

edited

Loading