Closed dependabot[bot] closed 1 month ago
I've never seen dependabot group a bunch of package updates like this. I'm guessing the weird npm_and_yarn
title comes from them being workspace packages.
Looks like these dependencies are updatable in another way, so this is no longer needed.
Bumps the npm_and_yarn group with 12 updates in the / directory:
3.2.3
5.0.0
8.4.31
8.4.32
4.2.0
4.4.0
3.1.9
3.1.10
0.10.62
0.10.64
4.18.2
4.19.2
1.15.5
1.15.6
1.9.1
1.11.0
5.7.1
5.7.2
6.1.14
6.2.1
5.1.4
5.3.5
1.2.3
1.2.5
Updates
gh-pages
from 3.2.3 to 5.0.0Release notes
Sourced from gh-pages's releases.
Changelog
Sourced from gh-pages's changelog.
Commits
f729b97
5.0.051534c7
Log changesace063b
Merge pull request #438 from Vicropht/patch-158e54be
Merge pull request #459 from tschaub/dependabot/npm_and_yarn/async-3.2.42189df3
Bump async from 2.6.4 to 3.2.4051846e
Merge pull request #454 from tschaub/dependabot/npm_and_yarn/email-addresses-...5c91c67
Merge pull request #455 from tschaub/dependabot/github_actions/actions/setup-...fe0ad83
Merge pull request #453 from tschaub/dependabot/github_actions/actions/checko...b89287d
Merge pull request #445 from Nezteb/patch-1e890bd1
Bump email-addresses from 3.0.1 to 5.0.0Updates
postcss
from 8.4.31 to 8.4.32Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
a0d9f10
Release 8.4.32 version0146b3e
Add Node.js 21 to CI2398534
Update dependencies1918533
Merge pull request #1902 from ferreira-tb/main395e6dc
FixProcessOptions
interfacefa8cd15
Update dependencies199a7c4
Typo2528047
Update EM linkUpdates
@adobe/css-tools
from 4.2.0 to 4.4.0Changelog
Sourced from
@adobe/css-tools
's changelog.Commits
Updates
ejs
from 3.1.9 to 3.1.10Release notes
Sourced from ejs's releases.
Commits
d3f807d
Version 3.1.109ee26dd
Mocha TDDe469741
Basic pollution protection715e950
Merge pull request #756 from Jeffrey-mu/maincabe314
Include advanced usage examples29b076c
Added header11503c7
Merge branch 'main' of github.com:mde/ejs into main7690404
Added security banner to READMEf47d7ae
Update SECURITY.md828cea1
Update SECURITY.mdUpdates
es5-ext
from 0.10.62 to 0.10.64Release notes
Sourced from es5-ext's releases.
Changelog
Sourced from es5-ext's changelog.
Commits
f76b03d
chore: Release v0.10.642881acd
chore: Bump dependenciesc2e2bb9
fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72
docs: Fix date in the changelogde4e03c
chore: Release v0.10.633fd53b7
chore: Upgradelint-staged
to v13bf8ed79
chore: Ensure postinstall script does not crash on Windows2cbbb07
chore: Bump dependencies22d0416
chore: Bump LICENSE yeara52e957
fix: Support ES2015+ function definitions infunction#toStringTokens()
Updates
express
from 4.18.2 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
follow-redirects
from 1.15.5 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.Updates
msgpackr
from 1.9.1 to 1.11.0Commits
Updates
semver
from 5.7.1 to 5.7.2Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
Commits
f8cc313
chore: release 5.7.22f8fd41
fix: better handling of whitespace (#585)deb5ad5
chore:@npmcli/template-oss
@4
.16.0Maintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates
tar
from 6.1.14 to 6.2.1Changelog
Sourced from tar's changelog.
... (truncated)
Commits
bef7b1e
6.2.1fe8cd57
prevent extraction in excessively deep subfoldersfe7ebfd
remove security.md5bc9d40
6.2.0fe1ef5e
changelog 6.2e483220
get rid of npm lint stuff689928a
ci that works outside of npm orgdb6f539
file inference improvements for .tbr and .tgz336fa8f
refactor: dry and other pr commentseeba222
chore: lint fixesUpdates
vite
from 5.1.4 to 5.3.5Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
4407839
release: v5.3.566bdb1d
refactor(asset): remove rollup 3 public file watch workaround (#16331)b240a83
fix(build): env output is not stable (#17748)b58b423
fix(importMetaGlob): handle alias that starts with hash (#17743)d906d3f
fix(css): resolve url aliases with fragments (fix: #17690) (#17691)3c1bde3
fix(client): fix vite error path (#17744)9983731
chore(deps): update all non-major dependencies (#17734)4fc9b64
chore: extend commit hash (#17709)f4f488f
revert: fix(logger): truncate log over 5000 characters long (#16581) (#17729)df5ceb3
chore(deps): update typescript (#17699)Updates
word-wrap
from 1.2.3 to 1.2.5Release notes
Sourced from word-wrap's releases.
Commits
207044e
1.2.59894315
revert default indentf64b188
run verb to generate README03ea082
Merge pull request #42 from jonschlinkert/chore/publish-workflow420dce9
Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2bfa694e
Update .github/workflows/publish.ymlace0b3c
chore: bump version to 1.2.46fd7275
chore: add publish workflow30d6daf
chore: fix test655929c
chore: remove package-lockDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show