search

NREL / SystemsAnalysisReports

BSD 3-Clause "New" or "Revised" License
3 stars 0 forks source link

Bump the npm_and_yarn group across 1 directory with 16 updates #102

Open dependabot[bot] opened 1 month ago

dependabot[bot] commented 1 month ago

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package From To
ansi-regex 5.0.0 5.0.1
ansi-regex 4.1.0 5.0.1
braces 2.3.2 3.0.3
webpack 4.46.0 5.92.0
webpack-cli 3.3.12 5.1.4
webpack-dev-server 3.11.3 5.0.4
d3-color 1.4.1 3.1.0
d3-scale 3.3.0 4.0.2
d3-scale-chromatic 2.0.0 3.1.0
d3-transition 2.0.0 3.0.1
recharts 1.8.6 2.12.7
express 4.18.2 4.19.2
path-parse 1.0.6 1.0.7

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits


Updates ansi-regex from 4.1.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits


Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed

Non-breaking changes

  • Caching was removed
Commits


Updates webpack from 4.46.0 to 5.92.0

Release notes

Sourced from webpack's releases.

v5.92.0

Bug Fixes

  • Correct tidle range's comutation for module federation
  • Consider runtime for pure expression dependency update hash
  • Return value in the subtractRuntime function for runtime logic
  • Fixed failed to resolve promise when eager import a dynamic cjs
  • Avoid generation extra code for external modules when remapping is not required
  • The css/global type now handles the exports name
  • Avoid hashing for @keyframe and @property at-rules in css/global type
  • Fixed mangle with destructuring for JSON modules
  • The stats.hasWarnings() method now respects the ignoreWarnings option
  • Fixed ArrayQueue iterator
  • Correct behavior of __webpack_exports_info__.a.b.canMangle
  • Changed to the correct plugin name for the CommonJsChunkFormatPlugin plugin
  • Set the chunkLoading option to the import when environment is unknown and output is module
  • Fixed when runtimeChunk has no exports when module chunkFormat used
  • [CSS] Fixed parsing minimized CSS import
  • [CSS] URLs in CSS files now have correct public path
  • [CSS] The css module type should not allow parser to switch mode
  • [Types] Improved context module types

New Features

  • Added platform target properties to compiler
  • Improved multi compiler cache location and validating it
  • Support import attributes spec (with keyword)
  • Support node: prefix for Node.js core modules in runtime code
  • Support prefetch/preload for module chunk format
  • Support "..." in the importsFields option for resolver
  • Root module is less prone to be wrapped in IIFE
  • Export InitFragment class for plugins
  • Export compileBooleanMatcher util for plugins
  • Export InputFileSystem and OutputFileSystem types
  • [CSS] Support the esModule generator option for CSS modules
  • [CSS] Support CSS when chunk format is module

v5.91.0

Bug Fixes

  • Deserializer for ignored modules doesn't crash
  • Allow the unsafeCache option to be a proxy object
  • Normalize the snapshot.unmanagedPaths option
  • Fixed fs types
  • Fixed resolve's plugins types
  • Fixed wrongly calculate postOrderIndex
  • Fixed watching types
  • Output import attrbiutes/import assertions for external JS imports
  • Throw an error when DllPlugin needs to generate multiple manifest files, but the path is the same
  • [CSS] Output layer/supports/media for external CSS imports

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.


Updates webpack-cli from 3.3.12 to 5.1.4

Release notes

Sourced from webpack-cli's releases.

v5.1.4

5.1.4 (2023-06-07)

Bug Fixes

  • multi compiler progress output (f659624)

v5.1.3

5.1.3 (2023-06-04)

Bug Fixes

v5.1.2

5.1.2 (2023-06-04)

Bug Fixes

  • improve check for custom webpack and webpack-dev-server package existance (0931ab6)
  • improve help for some flags (f468614)
  • improved support for .cts and .mts extensions (a77daf2)

v5.1.1

5.1.1 (2023-05-09)

Bug Fixes

  • false positive warning when --watch used (#3783) (c0436ba)

v5.1.0

5.1.0 (2023-05-07)

Features

Performance Improvements

  • simplify logic, reduce extra loops and perf (#3767) (6afe1d3)

v5.0.2

5.0.2 (2023-04-21)

Bug Fixes

  • error message for missing default export in configuration (#3685) (e0a4a09)
  • perf: reduced startup time (3b79059)

v5.0.1

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

5.1.4 (2023-06-07)

Bug Fixes

  • multi compiler progress output (f659624)

5.1.3 (2023-06-04)

Bug Fixes

5.1.2 (2023-06-04)

Bug Fixes

  • improve check for custom webpack and webpack-dev-server package existance (0931ab6)
  • improve help for some flags (f468614)
  • improved support for .cts and .mts extensions (a77daf2)

5.1.1 (2023-05-09)

Bug Fixes

  • false positive warning when --watch used (#3783) (c0436ba)

5.1.0 (2023-05-07)

Features

Performance Improvements

  • simplify logic, reduce extra loops and perf (#3767) (6afe1d3)

5.0.2 (2023-04-21)

Bug Fixes

  • error message for missing default export in configuration (#3685) (e0a4a09)
  • perf: reduced startup time (3b79059)

5.0.1 (2022-12-05)

Bug Fixes

  • make define-process-env-node-env alias node-env (#3514) (346a518)

5.0.0 (2022-11-17)

... (truncated)

Commits
  • e07f0e5 chore(release): publish new version
  • 0345c6f chore(deps-dev): bump @​typescript-eslint/parser from 5.59.8 to 5.59.9 (#3839)
  • f659624 fix: multi compiler progress output
  • 0d1ff01 chore(deps-dev): bump webpack from 5.85.0 to 5.85.1 (#3837)
  • a7ec146 chore(deps-dev): bump @​typescript-eslint/eslint-plugin (#3838)
  • 9464635 chore(deps-dev): bump eslint from 8.41.0 to 8.42.0 (#3835)
  • cf1796f docs: update changelog
  • 7899c39 chore(release): publish new version
  • bb4f8eb fix: regression for custom configurations (#3834)
  • 14b9c18 docs: update changelog
  • Additional commits viewable in compare view


Updates webpack-dev-server from 3.11.3 to 5.0.4

Release notes

Sourced from webpack-dev-server's releases.

v5.0.4

5.0.4 (2024-03-19)

Bug Fixes

v5.0.3

5.0.3 (2024-03-12)

Bug Fixes

v5.0.2

5.0.2 (2024-02-16)

Bug Fixes

v5.0.1

5.0.1 (2024-02-13)

Bug Fixes

v5.0.0

5.0.0 (2024-02-12)

Migration Guide and Changes.

v4.15.2

4.15.2 (2024-03-20)

Bug Fixes

  • security: bump webpack-dev-middleware (4116209)

v4.15.1

4.15.1 (2023-06-09)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.0.4 (2024-03-19)

Bug Fixes

5.0.3 (2024-03-12)

Bug Fixes

5.0.2 (2024-02-16)

Bug Fixes

5.0.1 (2024-02-13)

Bug Fixes

5.0.0 (2024-02-12)

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

  • replace :: with localhost before openBrowser() (#4856) (874c44b)
  • types: compatibility with @types/ws (#4899) (34bcec2)

4.15.0 (2023-05-07)

Features

  • overlay displays unhandled promise rejection (#4849) (d1dd430)

4.14.0 (2023-05-06)

... (truncated)

Commits


Updates d3-color from 1.4.1 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

v3.0.1

  • Make build reproducible.

v3.0.0

  • Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

Commits


Updates d3-scale from 3.3.0 to 4.0.2

Release notes

Sourced from d3-scale's releases.

v4.0.2

  • Default the base-10 log tick format to ~s instead of .0e. #255

v4.0.1

  • Fix log.ticks to return exact values for integer bases. #253
  • Fix log.tickFormat to trim trailing zeroes by default if no precision is specified. #254

v4.0.0

  • Adopt type: module. #246
  • Adopt InternMap for ordinal scale domains. #235
  • Update dependencies.
  • Make build reproducible.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits


Updates d3-scale-chromatic from 2.0.0 to 3.1.0

Release notes

Sourced from d3-scale-chromatic's releases.

v3.1.0

  • Add d3.schemeObservable10. #51

v3.0.0

  • Adopt type: module.
  • Update dependencies.
  • Make build reproducible.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits


Updates d3-transition from 2.0.0 to 3.0.1

Release notes

Sourced from d3-transition's releases.

v3.0.1

  • Fix d3-selection peerDependency range.

v3.0.0

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits


Updates recharts from 1.8.6 to 2.12.7

Release notes

Sourced from recharts's releases.

v2.12.7

Whats changed

Fix

  • Area: re-add calculated area points to the areaDot callback props when it is a function. This was accidentally removed in v2.3. Fixes #4480
  • Brush: guard against undefined property access error when an ariaLabel is not specified. Follow up from recharts/recharts#2093

Full Changelog: https://github.com/recharts/recharts/compare/v2.12.6...v2.12.7

v2.12.6

What's Changed

Fix

Chore

Full Changelog: https://github.com/recharts/recharts/compare/v2.12.5...v2.12.6

v2.12.5

Small fixes while working on v3 continued...

What's Changed

Feat

Fix

Address recharts/recharts#4382

A recent release of @types/react broke some builds because they removed certain (unused) events from common event handler attributes. recharts was unknowingly enumerating keys of SVGProps in the Layer component with the old types and causing a type error on tsc with skipLibCheck: false

  • typescript - Layer: use SVGAttributes instead of SVGProps in forwardRef components by @​ckifer in recharts/recharts#4413
  • typescript - Pie: fix Pie ref which was cast to HTMLElement when the ref is actually referring to SVGGElement. This gave false information to whoever is using ref on the Pie component

Full Changelog: https://github.com/recharts/recharts/compare/v2.12.4...v2.12.5

v2.12.4

What's Changed

Small fixes while working on v3 continued...

... (truncated)

Changelog

Sourced from recharts's changelog.

⚠️ Next versions change notes are available only on the GitHub Releases page ⚠️

2.2.0 (Dec 8, 2022)

feat

  • Support keyboard navigation in pie chart (#2923)
  • Allow reversing the tooltip direction (#3056)

fix

  • fix rounding leading to hairline gaps (#3075)
  • fix: do not override zero brush end index (#3076)
  • fix: allow dragging brush when the mouse is outside (#3072)
  • fix: add label type to line props (#3068)
  • Ensure LabelList generic extends Data interface (#2954)

2.1.16 (Oct 29, 2022)

fix

  • Fix incorrect date in CHAGELOG (#3016)
  • Let formatter function run even when value is falsy (#3026)
  • Fix(Sankey): update tooltip active state by trigger type(hover/click) (#3021)
  • Fix Area's baseValue prop (#3013)

2.1.15 (Oct 12, 2022)

fix

  • Fix scroll on hover
  • DefaultTooltipContent.tsx Solving type error for entry.value and entry.name

chore

  • Revert D3 version

2.1.14 (Sep 7, 2022)

fix

  • Add inactiveShape prop to Pie component (#2900)
  • Revert "chore: move type deps into devDependencies (#2843)" (#2942)
  • Fix typing of default tooltip formatter (#2924)
  • Take letter-spacing and font-size into consideration while rendering ticks (#2898)
  • Add formatter function type to tooltip props (#2916)
  • doc: Update CHANGELOG.md about d3 7.x (#2919)

2.1.13 (Jul 26, 2022)

fix

  • set animate flag before chart data update (#2911)
  • Error bar domain fix (#2863)
  • fix: fix "recharts@… doesn't provide prop-types, requested by react-smooth" warning (#2895)

chore

... (truncated)

Commits
  • 2074e2e 2.12.7
  • 1e9e032 fix: guard against accidental undefined access in Brush
  • 239b3ae fix(area-dot): regressionon in parameters passed to custom area dot
  • 22064ed 2.12.6
  • 504518d Added js suffix to main module and jsnext:main paths in package json (#4431)
  • a705024 fix: The box size of the Tooltip is 0 at the first rendering of TooltipBoundi...
  • bdad6ec 2.12.5
  • ed95633 fix(layer-types): use SVGAttributes instead of SVGProps in forwardRef compone...
  • 3d2e8b9 feat(BarChart): support percentage for barSize. Fixes #3640 (#4407)
  • 981eb8f 2.12.4
  • Additional commits viewable in compare view


Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option
Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates follow-redirects from 1.15.2 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view


Updates node-forge from 0.10.0 to 1.3.1

Changelog

Sourced from node-forge's changelog.

1.3.1 - 2022-03-29

Fixes

  • RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

1.3.0 - 2022-03-17

Security

  • Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh (
  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.