search

ArpNetworking / metrics-portal

2 stars 12 forks source link

Bump the npm_and_yarn group across 1 directory with 9 updates #716

Open dependabot[bot] opened 3 months ago

dependabot[bot] commented 3 months ago

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package From To
jquery 3.5.0 3.5.1
knockout 3.4.0 3.5.0
moment 2.24.0 2.29.4
moment-timezone 0.5.35 0.5.36
underscore 1.8.3 1.12.1
braces 3.0.2 3.0.3
gulp 4.0.2 5.0.0
d3-color 1.0.3 3.1.0
d3 4.11.0 7.9.0

Updates jquery from 3.5.0 to 3.5.1

Commits
  • e1cffde 3.5.1
  • 7d2ce69 Release: update AUTHORS.txt
  • ea2d0d5 Tests: Workaround failures in recent XSS tests in iOS 8 - 12
  • ea3766c Docs: Fix typos
  • 58a8e87 Tests: Add tests for recently fixed manipulation XSS issues
  • c1c0598 Tests: Cleanup window & document handlers in a new event test
  • 46ba70c Tests: Fix flakiness in the "jQuery.ajax() - JSONP - Same Domain" test
  • f7fed7e Docs: Update the link to the jsdom repository
  • 205dd13 Build: Test on Node.js 14, stop testing on Node.js 8 & 13
  • b21d671 Build: Enable reportUnusedDisableDirectives in ESLint
  • Additional commits viewable in compare view


Updates knockout from 3.4.0 to 3.5.0

Release notes

Sourced from knockout's releases.

Version 3.5.0

Knockout 3.5.0 includes a few new bindings and new ways to interact with observables and bindings. The full list is detailed under 3.5.0 Beta, 3.5.0 RC, and 3.5.0 RC2.

The final 3.5.0 release includes fixes for a few regressions in the pre-production releases:

  • Fix performance issue with nested if bindings (#2414)
  • Fix exception with foreach and beforeRemove (#2419)
  • Fix misplaced nodes with foreach and Punches plugin (#2433)
  • Fix duplicated nodes with foreach and if (#2439)

3.5.0 Release Candidate 2

This release includes a number of fixes for regressions in the previous 3.5.0 release candidate. Given the time since the RC, we also decided to include a few small improvements.

  • Fix to maintain an element's focus when it's moved by the foreach binding.
  • Fix changes to style binding to correctly append px.
  • Fix regression to ko.contextFor when used after ko.applyBindingsToNode.
  • Revert changes in ko.utils to use native array methods.
  • Remove global createChildContextWithAs option and add noChildContext binding option. The default behavior for as matches previous releases.
  • Fix the interaction of descendantsComplete and if/ifnot/with bindings.
  • Add an option for if/ifnot/with bindings: completeOn: "render" will have the binding wait to trigger descendantsComplete until it is rendered.
  • Throw an error for unbalanced virtual elements.
  • ko.applyBindings throws an error if a non-Node is given as the second parameter.
  • Support an options objects as a parameter to createChildContext.
  • Support a custom rate-limit function as the method parameter to the rateLimit extender.
  • Support setting custom CSS properties with the style binding.
  • Optimize how many elements are moved by foreach.
  • Update TypeScript declarations.

We decided to keep the more standard return value for ko.utils.arrayFirst, which now returns undefined instead of null when no item matches.

3.5.0 Release Candidate

Changes since 3.5.0 Beta:

  • Expand descendantsComplete to include bindings other than component, such as if, with, etc.
  • ko.when will return a Promise if called without a callback function.
  • Include TypeScript declarations.
  • A few minor bug fixes.

Version 3.5.0 beta

Knockout 3.5.0 beta release notes

Full list of issues: https://github.com/knockout/knockout/milestone/9?closed=1

Important: This release includes some minor breaking changes to the foreach binding to improve performance and clarify features. These changes can be turned off using global options.

  • When using the as option with the foreach binding, Knockout will set the named value for each item in the array but won't create a child context. In other words, when using as, you will have to use the named value in bindings: text: item.property rather than text: property. This can be controlled by setting ko.options.createChildContextWithAs = true. (See #907)

  • To improve performance when array changes are from a known, single operation, such as push, the foreach binding no longer filters out destroyed items by default. To turn this off and filter out destroyed items, you can set includeDestroyed: false in the foreach binding or set ko.options.foreachHidesDestroyed = true to use the previous behavior by default. (See #2324)

Other enhancements

... (truncated)

Commits
  • 3f2a1f7 Version 3.5.0 for distribution
  • 156e3cc make sure tests pass in old-IE
  • 202e26c Merge pull request #2441 from knockout/2439-foreach-dups
  • 38de37a fix test string typo
  • f327e95 Fix problem with arrayChange where it might report stale data.
  • 6591d0f export startPossiblyAsyncContentBinding
  • c6e608f For typing, use common source for extender options and functions
  • b304535 sync test-global.ts with test-module.ts
  • 605c6bb If setDomNodeChildrenFromArrayMapping callback modified nodes, use correct no...
  • 3a5d67f fix type definitions of "arrayChange" event and ko.when.
  • Additional commits viewable in compare view


Updates moment from 2.24.0 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

  • Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

  • Release May 19, 2020

... (truncated)

Commits


Updates moment-timezone from 0.5.35 to 0.5.36

Release notes

Sourced from moment-timezone's releases.

Release 0.5.36

  • Updated data to IANA TZDB 2022c
  • Improvements/fixes to data pipeline
Changelog

Sourced from moment-timezone's changelog.

0.5.36 2022-08-25

  • IANA TZDB 2022c
  • improvements/fixes to data pipeline
Commits
  • 95f1a9b Build moment-timezone 0.5.36
  • abba28c Add changelog for 0.5.36
  • ac6de03 Bump version to 0.5.36
  • 7a5cadf tests: Fix country tests for 2022c
  • 6754c75 data: generate 2022c data+tests
  • f74a364 bugfix: Wipe tests/zones before generation
  • e850f9f grunt: do not bundle zone and contry tests
  • f13e22b data: automatically create data/*/VERSION.json for latest
  • e551fde data: allow running pipeline without wiping temp
  • 5bc88fc data: run test generation for all data pipelines
  • Additional commits viewable in compare view


Updates underscore from 1.8.3 to 1.12.1

Commits
  • c627e38 Mention CVE-2021-23358 in code, test and documentation (#2915)
  • c9e803e Add diff and docs to the 1.12.1 change log entry
  • 0c20985 Restore comments from 7e89b79f95e7b
  • bf5a0ed Merge branch 'template-variable-parameter'
  • 7e3d404 Update annotated sources and minified bundles for 1.12.1
  • 5343fbc Add version 1.12.1 to the documentation
  • 44df929 Bump the version to 1.12.1
  • 7e89b79 Un-document the fix for #2911 for the time being
  • 4c73526 Fix #2911
  • ef646cc Reflect real issue of #2911 in test from #2912
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits


Updates gulp from 4.0.2 to 5.0.0

Release notes

Sourced from gulp's releases.

gulp v5.0.0

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents
  • Support extends syntax for .gulp.* config file
  • Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

  • Resolve bugs related to symlinks on various platforms
  • Resolved some reported ReDoS CVEs and improved performance in glob-parent
  • Rework errors surfaced when encountering files or symlinks when trying to create directories
  • Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Changelog

Sourced from gulp's changelog.

5.0.0 (2024-03-29)

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents
  • Support extends syntax for .gulp.* config file
  • Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

  • Resolve bugs related to symlinks on various platforms
  • Resolved some reported ReDoS CVEs and improved performance in glob-parent
  • Rework errors surfaced when encountering files or symlinks when trying to create directories
  • Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Commits


Updates d3-color from 1.0.3 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

v3.0.1

  • Make build reproducible.

v3.0.0

  • Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

v1.4.1

  • Fix parsing of 4- and 8-digit hexadecimal transparent colors. #52

v1.4.0

  • Add support for parsing 4- and 8-digit hexadecimal colors. #60 Thanks, @​zerovox!
  • Add sideEffects: false to the package.json.

v1.3.0

v1.2.8

  • Revert chroma clamping in hcl.toString. (#33)

v1.2.7

  • Account for rounding when determining whether a color is displayable.

v1.2.6

  • Implement chroma clamping in hcl.toString. (#33)
  • Fix achromatic representation of white in HCL colorspace (again).

v1.2.5

  • Fix achromatic representation of white in HCL colorspace.

v1.2.4

  • Fix achromatic representation of black and white in HCL colorspace.

v1.2.3

  • Housekeeping.

... (truncated)

Commits


Updates d3 from 4.11.0 to 7.9.0

Release notes

Sourced from d3's releases.

v7.9.0

v7.8.5

  • Fix the return value of d3.medianIndex and d3.quantileIndex when the data contains missing values. #275

v7.8.4

v7.8.3

v7.8.2

v7.8.1

  • Tolerate invalid input values when generating contours. #61
  • Tolerate invalid input weights when generating density contours. #65
  • Fix missing contours at extrema when using default thresholds. #68

v7.8.0

  • Add d3.pathRound.
  • Add configurable precision when generating path data via path.digits.
  • Add likewise shape.digits method to d3.arc, d3.area, d3.line, d3.link, and d3.symbol.
  • Improve the performance of d3.geoPath’s string concatenation.
  • Fix arc rendering for small arcs with rounded corners.
  • Fix BumpRadial implementation to support multiple points.
  • Fix projection when lambda is outside the range ±3π.
  • Rename d3.symbolX to d3.symbolTimes; d3.symbolX is now deprecated.

v7.7.0

v7.6.1

v7.6.0

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ArpNetworking/metrics-portal/network/alerts).