Closed dependabot[bot] closed 1 week ago
This is a big set of changes. Voting to close the ticket while we vet them? @tamara-corbalt @kim-cmsds @pwolfert @zarahzachz
Closing sounds good to me. Dependabot's trying to do too much
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.
To ignore these dependencies, configure ignore rules in dependabot.yml
Bumps the npm_and_yarn group with 10 updates in the / directory:
8.4.31
8.4.32
4.2.0
4.4.0
3.1.9
3.1.10
0.10.62
0.10.64
4.18.2
4.19.2
1.15.5
1.15.6
1.9.1
1.11.0
6.1.14
6.2.1
5.1.4
5.4.2
1.2.3
1.2.5
Updates
postcss
from 8.4.31 to 8.4.32Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
a0d9f10
Release 8.4.32 version0146b3e
Add Node.js 21 to CI2398534
Update dependencies1918533
Merge pull request #1902 from ferreira-tb/main395e6dc
FixProcessOptions
interfacefa8cd15
Update dependencies199a7c4
Typo2528047
Update EM linkUpdates
@adobe/css-tools
from 4.2.0 to 4.4.0Changelog
Sourced from
@adobe/css-tools
's changelog.Commits
Updates
ejs
from 3.1.9 to 3.1.10Release notes
Sourced from ejs's releases.
Commits
d3f807d
Version 3.1.109ee26dd
Mocha TDDe469741
Basic pollution protection715e950
Merge pull request #756 from Jeffrey-mu/maincabe314
Include advanced usage examples29b076c
Added header11503c7
Merge branch 'main' of github.com:mde/ejs into main7690404
Added security banner to READMEf47d7ae
Update SECURITY.md828cea1
Update SECURITY.mdUpdates
es5-ext
from 0.10.62 to 0.10.64Release notes
Sourced from es5-ext's releases.
Changelog
Sourced from es5-ext's changelog.
Commits
f76b03d
chore: Release v0.10.642881acd
chore: Bump dependenciesc2e2bb9
fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72
docs: Fix date in the changelogde4e03c
chore: Release v0.10.633fd53b7
chore: Upgradelint-staged
to v13bf8ed79
chore: Ensure postinstall script does not crash on Windows2cbbb07
chore: Bump dependencies22d0416
chore: Bump LICENSE yeara52e957
fix: Support ES2015+ function definitions infunction#toStringTokens()
Updates
express
from 4.18.2 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
follow-redirects
from 1.15.5 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.Updates
msgpackr
from 1.9.1 to 1.11.0Commits
Updates
tar
from 6.1.14 to 6.2.1Changelog
Sourced from tar's changelog.
... (truncated)
Commits
bef7b1e
6.2.1fe8cd57
prevent extraction in excessively deep subfoldersfe7ebfd
remove security.md5bc9d40
6.2.0fe1ef5e
changelog 6.2e483220
get rid of npm lint stuff689928a
ci that works outside of npm orgdb6f539
file inference improvements for .tbr and .tgz336fa8f
refactor: dry and other pr commentseeba222
chore: lint fixesUpdates
vite
from 5.1.4 to 5.4.2Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
b1ecdaf
release: v5.4.2e012f29
chore: remove stale TODOs (#17866)3b8f03d
refactor: remove redundant prepend/strip base (#17887)fac3a8e
fix: resolve relative URL generated byrenderBuiltUrl
passed to module prel...7d8c0e2
feat: support originalFilename (#17867)b44c20c
release: v5.4.1391bb49
fix(worker): handle self reference url worker in dependency for build (#17846)e686d74
fix(build): avoid re-define__vite_import_meta_env__
(#17876)9018255
chore: fix picocolors import for local dev (#17884)1bda847
fix: align CorsOptions.origin type with@types/cors
(#17836)Updates
word-wrap
from 1.2.3 to 1.2.5Release notes
Sourced from word-wrap's releases.
Commits
207044e
1.2.59894315
revert default indentf64b188
run verb to generate README03ea082
Merge pull request #42 from jonschlinkert/chore/publish-workflow420dce9
Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2bfa694e
Update .github/workflows/publish.ymlace0b3c
chore: bump version to 1.2.46fd7275
chore: add publish workflow30d6daf
chore: fix test655929c
chore: remove package-lockDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show