search

NASA-PDS / doi-ui

The web interface for the PDS DOI Service providing the ability management PDS archive DOIs. See the DOI Service for more details on the available capabilities. https://nasa-pds.github.io/doi-service/
Apache License 2.0
0 stars 4 forks source link

Bump the npm_and_yarn group group with 13 updates #235

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 7 months ago

Bumps the npm_and_yarn group group with 13 updates:

Package From To
xlsx 0.17.0 0.18.5
semver 5.7.2 6.3.1
react-scripts 4.0.3 5.0.1
loader-utils 1.4.2 2.0.0
browserslist 4.14.2 4.23.0
ejs 2.7.4 3.1.9
follow-redirects 1.15.3 1.15.5
glob-parent 3.1.0 5.1.2
immer 8.0.1 9.0.21
minimatch 3.0.4 3.1.2
node-forge 0.10.0 1.3.1
postcss 7.0.36 7.0.39
shell-quote 1.7.2 1.8.1

Updates xlsx from 0.17.0 to 0.18.5

Changelog

Sourced from xlsx's changelog.

v0.18.5

  • Enabled sideEffects: false in package.json
  • Basic NUMBERS write support

v0.18.4

  • CSV output omits trailing record separator
  • Properly terminate NodeJS Streams
  • DBF preserve column types on import and use when applicable on export

v0.18.3

  • Removed references to require and process in browser builds

v0.18.2

  • Hotfix for unicode processing of XLSX exports

v0.18.1

  • Removed Node ESM build script and folded into standard ESM build
  • Removed undocumented aliases including make_formulae and get_formulae

v0.18.0

  • Browser scripts only expose XLSX variable
  • Module no longer ships with dist/jszip.js browser script

v0.17.4

  • CLI script moved to xlsx-cli package

v0.17.3

  • window.XLSX explicit assignment to satiate LWC
  • CSV Proper formatting of errors
  • HTML emit data-* attributes

v0.17.2

  • Browser and Node optional ESM support
  • DSV correct handling of bare quotes (h/t @​bgamrat)

v0.17.1

  • XLSB writer uses short cell form when viable
Commits
  • 0400a87 version bump 0.18.5: basic NUMBERS write
  • e69ecd4 remove broken CDNs [ci skip]
  • 0f0b3de popping IIFEs to appease rollup tree shaking
  • 2f274dd book_append_sheet rolling names
  • a5b3877 Fix rawNumber support inside sheet_to_json
  • 69bb1e7 "side-effect free"
  • 90a7b4e remove SSF._general_int
  • 61487bc use TextEncoder for zip strings (fixes #2616)
  • 61b17a8 version bump 0.18.4
  • 2cbc28d vue-modify demo [ci skip]
  • Additional commits viewable in compare view


Updates semver from 5.7.2 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

6.2.0

  • Coerce numbers to strings when passed to semver.coerce()
  • Add rtl option to coerce from right to left

6.1.3

  • Handle X-ranges properly in includePrerelease mode

6.1.2

  • Do not throw when testing invalid version strings

6.1.1

  • Add options support for semver.coerce()
  • Handle undefined version passed to Range.test

6.1.0

  • Add semver.compareBuild function
  • Support * in semver.intersects

6.0

  • Fix intersects logic.

    This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits


Updates react-scripts from 4.0.3 to 5.0.1

Commits


Updates loader-utils from 1.4.2 to 2.0.0

Release notes

Sourced from loader-utils's releases.

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

  • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
  • the getOptions method returns empty object on empty query (#167) (b595cfb)
  • Use md4 by default
Changelog

Sourced from loader-utils's changelog.

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

  • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
  • the getOptions method returns empty object on empty query (#167) (b595cfb)
  • Use md4 by default

1.4.0 (2020-02-19)

Features

  • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

  • support the [query] template for the interpolatedName method (#162) (469eeba)

1.2.3 (2018-12-27)

Bug Fixes

  • interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

  • fixed a hash type extracting in interpolateName (#137) (f8a71f4)

... (truncated)

Commits
  • d9f4e23 chore(release): 2.0.0
  • 865dc03 refactor: switch to md4 by default (#168)
  • b595cfb refactor: the getOptions method returns empty object on empty query (#167)
  • c937e8c chore: minimum required Node.js version is 8.9.0 (#166)
  • c78786d chore: upgrade json5 to fix a vulnerability (#165)
  • See full diff in compare view


Updates browserslist from 4.14.2 to 4.23.0

Release notes

Sourced from browserslist's releases.

4.23.0

Changelog

Sourced from browserslist's changelog.

4.23.0

4.22.3

  • Fixed white spaces support in supports query (@​g-plane).
  • Fixed shared config like @company/package/browserslist-config (@​boucodes).

4.22.2

  • Fixed idempotency in time queries with mobileToDesktop (by Aliaksei Sapach).

4.22.1

4.22

  • Added fully supports query (by Ben Scott).
  • Added partially supports alias for supports query (by Ben Scott).

4.21.11

  • Added warning to --update-db to move to new CLI (by Ivan Vasilev).
  • Fixed docs (by Tatsunori Uchino).

4.21.10

  • Updated Firefox ESR.

4.21.9

  • Fixed Opera Mobile edge cases (by Steve Repsher).

4.21.8

  • Fixed supports query and mobileToDesktop (by Steve Repsher).

4.21.7

  • Fixed last queries for Android (by Steve Repsher).

4.21.6

  • Fixed time queries with mobileToDesktop (by Steve Repsher).
  • Fixed docs (by Tatsunori Uchino, Will Stone, and Dominik Pschenitschni).

4.21.5

  • Fixed running Browserslist in browser environment.

4.21.4

  • Updated Firefox ESR.

4.21.3

  • Improved unknown region and unknown feature error (by Alexander Chabin).

4.21.2

  • Updated Firefox ESR.

4.21.1

... (truncated)

Commits


Updates ejs from 2.7.4 to 3.1.9

Release notes

Sourced from ejs's releases.

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits
  • aed0124 Version 3.1.9
  • 7083793 Updated dev deps
  • 87f1da6 Merge pull request #707 from mde/dependabot/npm_and_yarn/minimatch-3.1.2
  • e41a914 Removed old changelog, please rely on git log
  • 9ea36ba Merge pull request #719 from jportner/frozen-prototype-fix
  • 181a537 Fall back to assignment, update test
  • 58bc2eb Change approach to shadowing "toString" property for escapeXML
  • 76c9c61 Bump minimatch from 3.0.4 to 3.1.2
  • f818bce Merge pull request #706 from mde/dependabot/npm_and_yarn/flat-and-mocha-5.0.2
  • 0fca863 Bump flat and mocha
  • Additional commits viewable in compare view


Updates follow-redirects from 1.15.3 to 1.15.5

Commits
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • 3d42aec Add bracket tests.
  • bcbb096 Do not directly set Error properties.
  • See full diff in compare view


Updates glob-parent from 3.1.0 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

v5.1.1

Bug Fixes

v5.1.0

Features

  • add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

v5.0.0

⚠ BREAKING CHANGES

  • Drop support for node <6 & bump dependencies

Miscellaneous Chores

  • Drop support for node <6 & bump dependencies (896c0c0)

v4.0.0

⚠ BREAKING CHANGES

  • question marks are valid path characters on Windows so avoid flagging as a glob when alone
  • Update is-glob dependency

Features

  • hoist regexps and strings for performance gains (4a80667)
  • question marks are valid path characters on Windows so avoid flagging as a glob when alone (2a551dd)
  • Update is-glob dependency (e41fcd8)
Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

6.0.2 (2021-09-29)

Bug Fixes

6.0.1 (2021-07-20)

Bug Fixes

  • Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

  • Correct mishandled escaped path separators (#34)
  • upgrade scaffold, dropping node <10 support

Bug Fixes

  • Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

  • upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

5.1.0 (2021-01-27)

Features

  • add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

5.0.0 (2021-01-27)

⚠ BREAKING CHANGES

  • Drop support for node <6 & bump dependencies

... (truncated)

Commits
  • eb2c439 chore: update changelog
  • 12bcb6c chore: release 5.1.2
  • f923116 fix: eliminate ReDoS (#36)
  • 0b014a7 chore: add JSDoc returns information (#33)
  • 2b24ebd chore: generate initial changelog
  • 9b6e874 chore: release 5.1.1
  • 749c35e ci: try wrapping the JOB_ID in a string
  • 5d39def ci: attempt to switch to published coveralls
  • 0b5b37f ci: put the npm step back in for only Windows
  • 473f5d8 ci: update azure build images
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by phated, a new releaser for glob-parent since your current version.


Updates immer from 8.0.1 to 9.0.21

Release notes

Sourced from immer's releases.

v9.0.21

9.0.21 (2023-03-23)

Bug Fixes

  • ensure type exports is first in package.json export declaration (#1018) (b6ccd0f)

v9.0.20

9.0.20 (2023-03-23)

Bug Fixes

  • patching maps failed when using number keys (#1025) (dd83e2e)

v9.0.19

9.0.19 (2023-01-27)

Bug Fixes

  • don't freeze drafts returned from produce if they were passed in as draft (#917) (46867f8)
  • produce results should never be frozen when returned from nested produces, to prevent 'hiding' drafts. Fixes #935 (a810960)
  • release and publish from 'main' rather than 'master' branch (82acc40)
  • revert earlier fix (#990) for recursive types (#1014) (3eeb331)
  • Upgrade Github actions to Node 16 attempt 1 (9d4ea93)
  • Upgrade Github actions to Node 16 attempt 2 (082eecd)

v9.0.18

9.0.18 (2023-01-15)

Bug Fixes

v9.0.17

9.0.17 (2023-01-02)

Bug Fixes

v9.0.16

9.0.16 (2022-10-22)

... (truncated)

Commits
  • 7c15339 chore(deps): bump loader-utils from 2.0.0 to 2.0.4 in /website (#1026)
  • f07ec9d chore(deps): bump @​sideway/formula from 3.0.0 to 3.0.1 in /website (#1027)
  • b6ccd0f fix: ensure type exports is first in package.json export declaration (#1018)
  • 385837d chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /website (#1017)
  • e1696b7 chore(deps): bump webpack from 5.75.0 to 5.76.1 in /website (#1024)
  • dd83e2e fix: patching maps failed when using number keys (#1025)
  • 082eecd fix: Upgrade Github actions to Node 16 attempt 2
  • 9d4ea93 fix: Upgrade Github actions to Node 16 attempt 1
  • 82acc40 fix: release and publish from 'main' rather than 'master' branch
  • 3eeb331 fix: revert earlier fix (#990) for recursive types (#1014)
  • Additional commits viewable in compare view


Updates minimatch from 3.0.4 to 3.1.2

Commits


Updates node-forge from 0.10.0 to 1.3.1

Changelog

Sourced from node-forge's changelog.

1.3.1 - 2022-03-29

Fixes

  • RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

1.3.0 - 2022-03-17

Security

  • Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
  • HIGH: Leniency in checking digestAlgorithm structure can lead to signature forgery.
  • HIGH: Failing to check tailing garbage bytes can lead to signature forgery.
  • MEDIUM: Leniency in checking type octet.
    • DigestInfo is not properly checked for proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
    • CVE ID: CVE-2022-24773
    • GHSA ID: GHSA-2r2c-g63r-vccr

Fixed

  • [asn1] Add fallback to pretty print invalid UTF8 data.
  • [asn1] fromDer is now more strict and will default to ensuring all input bytes are parsed or throw an error. A new option parseAllBytes can disable this behavior.
    • NOTE: The previous behavior is being changed since it can lead to security issues with crafted inputs. It is possible that code doing custom DER parsing may need to adapt to this new behavior and optional flag.
  • [rsa] Add and use a validator to check for proper structure of parsed ASN.1

... (truncated)

Commits


Updates postcss from 7.0.36 to 7.0.39

Release notes

Sourced from postcss's releases.

7.0.39

  • Reduce package size.
  • Backport nanocolors to picocolors migration.

7.0.38

  • Update Processor#version.

7.0.37

  • Backport chalk to nanocolors migration.
Changelog

Sourced from postcss's changelog.

7.0.39

  • Reduce package size.
  • Backport nanocolors to picocolors migration.

7.0.38

  • Update Processor#version.

7.0.37

  • Backport chalk to nanocolors migration.
Commits


Updates shell-quote from 1.7.2 to 1.8.1

Changelog

Sourced from shell-quote's changelog.

v1.8.1 - 2023-04-07

Fixed

Commits

  • [Refactor] parse: hoist getVar to module level b42ac73
  • [Refactor] hoist some vars to module level 8f0c5c3
  • [Refactor] parse: use slice over substr, cache some values fcb2e1a
  • [Refactor] parse: a bit of cleanup 6780ec5
  • [Refactor] parse: tweak the regex to not match nothing 227d474
  • [Tests] increase coverage a66de94
  • [Refactor] parse: avoid shadowing a function arg 1d58679

v1.8.0 - 2023-01-30

Commits

  • [New] extract parse and quote to their own deep imports 553fdfc
  • [Tests] add nyc coverage fd7ddcd
  • [New] Add support for here strings (&lt;&lt;&lt;) 9802fb3
  • [New] parse: Add syntax support for duplicating input file descriptors 216b198
  • [Dev Deps] update @ljharb/eslint-config, aud, tape 85f8e31
  • [Tests] add evalmd c5549fc
  • [actions] update checkout action 62e9b49

v1.7.4 - 2022-10-12

Merged

Commits

  • [eslint] fix indentation and whitespace aaa9d1f
  • [eslint] additional cleanup 397cb62
  • [meta] add auto-changelog 497fca5
  • [actions] add reusable workflows 4763c36
  • [eslint] add eslint 6ee1437
  • [readme] rename, add badges 7eb5134
  • [meta] update URLs 67381b6
  • [meta] create FUNDING.yml; add funding in package.json 8641572
  • [meta] use npmignore to autogenerate an npmignore file 2e2007a
  • Only apps should have lockfiles f97411e
  • [Dev Deps] update tape 051f608
  • [meta] add safe-publish-latest 18cadf9
  • [Tests] add aud in posttest dc1cc12

... (truncated)

Commits
  • da8a3ab v1.8.1
  • a66de94 [Tests] increase coverage
  • b42ac73 [Refactor] parse: hoist getVar to module level
  • fcb2e1a [Refactor] parse: use slice over substr, cache some values
  • ecf2a60 [Fix] parse: preserve whitespace in comments
  • 1d58679 [Refactor] parse: avoid shadowing a function arg
  • 6780ec5 [Refactor] parse: a bit of cleanup
  • 227d474 [Refactor] parse: tweak the regex to not match nothing
  • 7bcd90e [Fix] properly support the escape option
  • 8f0c5c3 [Refactor] hoist some vars to module level
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NASA-PDS/doi-ui/network/alerts).
dependabot[bot] commented 5 months ago

Superseded by #239.