search

ArpNetworking / metrics-portal

2 stars 12 forks source link

Bump the npm_and_yarn group across 1 directory with 7 updates #708

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package From To
jquery 3.5.0 3.5.1
knockout 3.4.0 3.5.0
moment 2.24.0 2.29.4
moment-timezone 0.5.35 0.5.36
underscore 1.8.3 1.12.1
d3-color 1.0.3 3.1.0
d3 4.11.0 7.9.0

Updates jquery from 3.5.0 to 3.5.1

Commits
  • e1cffde 3.5.1
  • 7d2ce69 Release: update AUTHORS.txt
  • ea2d0d5 Tests: Workaround failures in recent XSS tests in iOS 8 - 12
  • ea3766c Docs: Fix typos
  • 58a8e87 Tests: Add tests for recently fixed manipulation XSS issues
  • c1c0598 Tests: Cleanup window & document handlers in a new event test
  • 46ba70c Tests: Fix flakiness in the "jQuery.ajax() - JSONP - Same Domain" test
  • f7fed7e Docs: Update the link to the jsdom repository
  • 205dd13 Build: Test on Node.js 14, stop testing on Node.js 8 & 13
  • b21d671 Build: Enable reportUnusedDisableDirectives in ESLint
  • Additional commits viewable in compare view


Updates knockout from 3.4.0 to 3.5.0

Release notes

Sourced from knockout's releases.

Version 3.5.0

Knockout 3.5.0 includes a few new bindings and new ways to interact with observables and bindings. The full list is detailed under 3.5.0 Beta, 3.5.0 RC, and 3.5.0 RC2.

The final 3.5.0 release includes fixes for a few regressions in the pre-production releases:

  • Fix performance issue with nested if bindings (#2414)
  • Fix exception with foreach and beforeRemove (#2419)
  • Fix misplaced nodes with foreach and Punches plugin (#2433)
  • Fix duplicated nodes with foreach and if (#2439)

3.5.0 Release Candidate 2

This release includes a number of fixes for regressions in the previous 3.5.0 release candidate. Given the time since the RC, we also decided to include a few small improvements.

  • Fix to maintain an element's focus when it's moved by the foreach binding.
  • Fix changes to style binding to correctly append px.
  • Fix regression to ko.contextFor when used after ko.applyBindingsToNode.
  • Revert changes in ko.utils to use native array methods.
  • Remove global createChildContextWithAs option and add noChildContext binding option. The default behavior for as matches previous releases.
  • Fix the interaction of descendantsComplete and if/ifnot/with bindings.
  • Add an option for if/ifnot/with bindings: completeOn: "render" will have the binding wait to trigger descendantsComplete until it is rendered.
  • Throw an error for unbalanced virtual elements.
  • ko.applyBindings throws an error if a non-Node is given as the second parameter.
  • Support an options objects as a parameter to createChildContext.
  • Support a custom rate-limit function as the method parameter to the rateLimit extender.
  • Support setting custom CSS properties with the style binding.
  • Optimize how many elements are moved by foreach.
  • Update TypeScript declarations.

We decided to keep the more standard return value for ko.utils.arrayFirst, which now returns undefined instead of null when no item matches.

3.5.0 Release Candidate

Changes since 3.5.0 Beta:

  • Expand descendantsComplete to include bindings other than component, such as if, with, etc.
  • ko.when will return a Promise if called without a callback function.
  • Include TypeScript declarations.
  • A few minor bug fixes.

Version 3.5.0 beta

Knockout 3.5.0 beta release notes

Full list of issues: https://github.com/knockout/knockout/milestone/9?closed=1

Important: This release includes some minor breaking changes to the foreach binding to improve performance and clarify features. These changes can be turned off using global options.

  • When using the as option with the foreach binding, Knockout will set the named value for each item in the array but won't create a child context. In other words, when using as, you will have to use the named value in bindings: text: item.property rather than text: property. This can be controlled by setting ko.options.createChildContextWithAs = true. (See #907)

  • To improve performance when array changes are from a known, single operation, such as push, the foreach binding no longer filters out destroyed items by default. To turn this off and filter out destroyed items, you can set includeDestroyed: false in the foreach binding or set ko.options.foreachHidesDestroyed = true to use the previous behavior by default. (See #2324)

Other enhancements

... (truncated)

Commits
  • 3f2a1f7 Version 3.5.0 for distribution
  • 156e3cc make sure tests pass in old-IE
  • 202e26c Merge pull request #2441 from knockout/2439-foreach-dups
  • 38de37a fix test string typo
  • f327e95 Fix problem with arrayChange where it might report stale data.
  • 6591d0f export startPossiblyAsyncContentBinding
  • c6e608f For typing, use common source for extender options and functions
  • b304535 sync test-global.ts with test-module.ts
  • 605c6bb If setDomNodeChildrenFromArrayMapping callback modified nodes, use correct no...
  • 3a5d67f fix type definitions of "arrayChange" event and ko.when.
  • Additional commits viewable in compare view


Updates moment from 2.24.0 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

  • Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

  • Release May 19, 2020

... (truncated)

Commits


Updates moment-timezone from 0.5.35 to 0.5.36

Release notes

Sourced from moment-timezone's releases.

Release 0.5.36

  • Updated data to IANA TZDB 2022c
  • Improvements/fixes to data pipeline
Changelog

Sourced from moment-timezone's changelog.

0.5.36 2022-08-25

  • IANA TZDB 2022c
  • improvements/fixes to data pipeline
Commits
  • 95f1a9b Build moment-timezone 0.5.36
  • abba28c Add changelog for 0.5.36
  • ac6de03 Bump version to 0.5.36
  • 7a5cadf tests: Fix country tests for 2022c
  • 6754c75 data: generate 2022c data+tests
  • f74a364 bugfix: Wipe tests/zones before generation
  • e850f9f grunt: do not bundle zone and contry tests
  • f13e22b data: automatically create data/*/VERSION.json for latest
  • e551fde data: allow running pipeline without wiping temp
  • 5bc88fc data: run test generation for all data pipelines
  • Additional commits viewable in compare view


Updates underscore from 1.8.3 to 1.12.1

Commits
  • c627e38 Mention CVE-2021-23358 in code, test and documentation (#2915)
  • c9e803e Add diff and docs to the 1.12.1 change log entry
  • 0c20985 Restore comments from 7e89b79f95e7b
  • bf5a0ed Merge branch 'template-variable-parameter'
  • 7e3d404 Update annotated sources and minified bundles for 1.12.1
  • 5343fbc Add version 1.12.1 to the documentation
  • 44df929 Bump the version to 1.12.1
  • 7e89b79 Un-document the fix for #2911 for the time being
  • 4c73526 Fix #2911
  • ef646cc Reflect real issue of #2911 in test from #2912
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.


Updates d3-color from 1.0.3 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

v3.0.1

  • Make build reproducible.

v3.0.0

  • Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

v1.4.1

  • Fix parsing of 4- and 8-digit hexadecimal transparent colors. #52

v1.4.0

  • Add support for parsing 4- and 8-digit hexadecimal colors. #60 Thanks, @​zerovox!
  • Add sideEffects: false to the package.json.

v1.3.0

v1.2.8

  • Revert chroma clamping in hcl.toString. (#33)

v1.2.7

  • Account for rounding when determining whether a color is displayable.

v1.2.6

  • Implement chroma clamping in hcl.toString. (#33)
  • Fix achromatic representation of white in HCL colorspace (again).

v1.2.5

  • Fix achromatic representation of white in HCL colorspace.

v1.2.4

  • Fix achromatic representation of black and white in HCL colorspace.

v1.2.3

  • Housekeeping.

... (truncated)

Commits


Updates d3 from 4.11.0 to 7.9.0

Release notes

Sourced from d3's releases.

v7.9.0

v7.8.5

  • Fix the return value of d3.medianIndex and d3.quantileIndex when the data contains missing values. #275

v7.8.4

v7.8.3

v7.8.2

v7.8.1

  • Tolerate invalid input values when generating contours. #61
  • Tolerate invalid input weights when generating density contours. #65
  • Fix missing contours at extrema when using default thresholds. #68

v7.8.0

  • Add d3.pathRound.
  • Add configurable precision when generating path data via path.digits.
  • Add likewise shape.digits method to d3.arc, d3.area, d3.line, d3.link, and d3.symbol.
  • Improve the performance of d3.geoPath’s string concatenation.
  • Fix arc rendering for small arcs with rounded corners.
  • Fix BumpRadial implementation to support multiple points.
  • Fix projection when lambda is outside the range ±3π.
  • Rename d3.symbolX to d3.symbolTimes; d3.symbolX is now deprecated.

v7.7.0

v7.6.1

v7.6.0

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ArpNetworking/metrics-portal/network/alerts).
dependabot[bot] commented 3 months ago

Superseded by #716.