Automattic / Edit-Flow

WordPress plugin to accelerate your editorial workflow
https://editflow.org
359 stars 132 forks source link

Bump tough-cookie, npm, @wordpress/scripts and node-sass #704

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps tough-cookie to 4.1.3 and updates ancestor dependencies tough-cookie, npm, @wordpress/scripts and node-sass. These dependencies need to be updated together.

Updates tough-cookie from 2.4.3 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • b1a8898 fix: allow set cookies with localhost (#253)
  • ec70796 4.1.1 Patch -- allow special use domains by default (#250)
  • d4ac580 fix: allow special use domains by default (#249)
  • 79c2f7d 4.1.0 release to NPM (#245)
  • 4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
  • aa4396d fix: distinguish between no samesite and samesite=none (#240)
  • b8d7511 Modernize README (#234)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.


Updates npm from 6.14.13 to 10.2.0

Release notes

Sourced from npm's releases.

libnpmhook: v10.0.0

10.0.0 (2023-08-31)

Features

libnpmhook: v10.0.0-pre.0

10.0.0-pre.0 (2023-08-31)

⚠️ BREAKING CHANGES

  • support for node <=16.13 has been removed
  • support for node 14 has been removed

Bug Fixes

Dependencies

libnpmpublish: v9.0.1

9.0.1 (2023-10-02)

Dependencies

libnpmpublish: v9.0.0

9.0.0 (2023-08-31)

Features

libnpmpublish: v9.0.0-pre.0

9.0.0-pre.0 (2023-08-31)

⚠️ BREAKING CHANGES

  • support for node <=16.13 has been removed
  • support for node 14 has been removed

Bug Fixes

... (truncated)

Changelog

Sourced from npm's changelog.

10.2.0 (2023-10-02)

Features

Bug Fixes

Documentation

Dependencies

10.1.0 (2023-09-08)

Features

Bug Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for npm since your current version.


Updates @wordpress/scripts from 7.2.0 to 26.13.0

Release notes

Sourced from @​wordpress/scripts's releases.

16.7.0

Changelog

Features

Block Library

  • Social Links: Add X. (54092)

Typography

Font Library:

  • Add mime type validation for font uploads. (53986)
  • Font Collection backend. (54098)
  • Frontend [Stage 1]. (53884)
  • Font Collections frontend. (54566)

Patterns

  • Allow import/export patterns as JSON files. (54337)

Block Editor

  • Adds 'nofollow' setting to inline links (rich text only). (53945)
  • Rename Group blocks in the Editor via Modal. (53735)

Enhancements

Core Data

  • Add edits data to the useEntityRecord. (54167)

Components

  • Add non-listbox functionality back to CircularOptionPicker. (54290)
  • Added missing "middle" allowed tooltip position. (52147)
  • BlockSettingsMenu: Ensure only one block settings menu is open at a time. (54083)
  • Bundle the block copy handler within the BlockCanvas component. (54207)
  • Bundle the block selection clearer hook into the BlockCanvas component. (54209)
  • Ensure that 'Duotone Filter' color pickers have relevant labels. (54468)
  • Export ProgressBar to allow it to be used. (54404)
  • FormTokenField - add prop to allow saving of tokens onBlur. (53976)
  • Refactoring BorderControl's unit tests. (54155)
  • Remove unnecessary padding-right on the dismissible notice. (52240)
  • Support controlling open/closed state for Dropdown and DropdownMenu. (54257)
  • ToggleGroupControl: Rewrite backdrop animation with framer motion shared layout animations. (50278)
  • ToolTip: Refactor using ariakit. (48440)
  • Tooltip: Add placement prop to replace deprecated position. (54264)
  • Tooltip: Add new hideOnClick prop. (54406)
  • Tweak border control button to proper metrics and simpler action. (53998)
  • Update FormTokenField styling for consistency and visibility. (54402)
  • Update spacing sizes control metrics and icons. (54470)
  • Update/form token field onblur. (54445)
  • Popover: Update positionToPlacement types. (54101)
  • SearchControl: Allow for 32px compact size, introduce option to change default size to 40px. (54548)

... (truncated)

Changelog

Sourced from @​wordpress/scripts's changelog.

26.13.0 (2023-09-20)

Enhancements

  • Added support for test-playwright script (#53108).
  • The bundled wp-prettier dependency has been upgraded from 2.8.5 to 3.0.3 (#54539).

Bug Fix

  • Correctly resolve entry points when the directory is symlinked (#54212).

26.12.0 (2023-08-31)

26.11.0 (2023-08-16)

Enhancement

  • Updated npm-package-json-lint peer dependency to require v6.0.0 #53636.
  • The bundled @svgr/webpack dependency has been updated from requiring ^6.2.1 to requiring ^8.0.1 (#53630).
  • The bundled cssnano dependency has been updated from requiring ^5.07 to requiring ^6.0.1 (#53630).

Bug Fix

  • Fix prevent watch mode from aborting when encountering a block.json file that contains invalid JSON. (#51971)

26.10.0 (2023-08-10)

26.9.0 (2023-07-20)

26.8.0 (2023-07-05)

26.7.0 (2023-06-23)

26.6.0 (2023-06-07)

Enhancements

  • The bundled terser-webpack-plugin dependency has been updated from requiring ^5.1.4 to requiring ^5.3.9 (#50994).
  • Optimize updating render paths when developing blocks with the start command (#51162).

Bug Fixes

  • Ensure files listed in render field of block.json files are always copied to the build folder when using the start command (#50939).

26.5.0 (2023-05-24)

26.4.0 (2023-05-10)

26.3.0 (2023-04-26)

... (truncated)

Commits
  • cc35f51 chore(release): publish
  • 302dd6e Update changelog files
  • 36ae397 Merge changes published in the Gutenberg plugin "release/16.7" branch
  • 5eac173 chore(release): publish
  • 1b79256 Update changelog files
  • 4c9455a Merge changes published in the Gutenberg plugin "release/16.6" branch
  • 78a288d chore(release): publish
  • 863e74c Update changelog files
  • a3b68ba Merge changes published in the Gutenberg plugin "release/16.5" branch
  • b898cf1 chore(release): publish
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by gutenbergplugin, a new releaser for @​wordpress/scripts since your current version.


Updates node-sass from 4.14.1 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

Breaking changes

Supported Environments

OS Architecture Node
Windows x86 & x64 16, 18, 19, 20
OSX x64 16, 18, 19, 20
Linux* x64 16, 18, 19, 20
Alpine Linux x64 16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

Breaking changes

Features

Dependencies

  • Bump true-case-path@2.2.1
  • Bump node-gyp @​9.0.0
  • Bump nan@^2.17.0
  • Bump sass-graph@^4.0.1

Misc

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Automattic/Edit-Flow/network/alerts).
dependabot[bot] commented 1 year ago

Looks like these dependencies are updatable in another way, so this is no longer needed.