OriginProtocol / oeth.com

Frontend for oeth.com
2 stars 1 forks source link

Bump the npm_and_yarn group across 1 directory with 7 updates #150

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 5 months ago

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
axios 1.5.1 1.6.0
next 13.4.19 14.2.3
sanitize-html 2.11.0 2.12.1
@babel/traverse 7.22.11 7.24.5
@solana/web3.js 1.78.4 1.91.8
follow-redirects 1.15.3 1.15.6

Updates axios from 1.5.1 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

Commits


Updates next from 13.4.19 to 14.2.3

Release notes

Sourced from next's releases.

v14.2.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Fix: resolve mixed re-exports module as cjs (#64681)
  • fix: mixing namespace import and named import client components (#64809)
  • Fix mixed exports in server component with barrel optimization (#64894)
  • Fix next/image usage in mdx(#64875)
  • fix(fetch-cache): fix additional typo, add type & data validation (#64799)
  • prevent erroneous route interception during lazy fetch (#64692)
  • fix root page revalidation when redirecting in a server action (#64730)
  • fix: remove traceparent from cachekey should not remove traceparent from original object (#64727)
  • Clean-up fetch metrics tracking (#64746)

Credits

Huge thanks to @​huozhi, @​samcx, @​ztanner, @​Jeffrey-Zutt, and @​ijjk for helping!

v14.2.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Fix Server Action error logs for unhandled POST requests (#64315)
  • Improve rendering performance (#64408)
  • Fix the method prop case in Server Actions transform (#64398)
  • fix(next-lint): update option --report-unused-disable-directives to --report-unused-disable-directives-severity (#64405)
  • tweak test for Azure (#64424)
  • router restore should take priority over pending actions (#64449)
  • Fix client boundary inheritance for barrel optimization (#64467)
  • improve turborepo caching (#64493)
  • feat: strip traceparent header from cachekey (#64499)
  • Fix more Turbopack build tests
  • Update lockfile for compatibility with turbo (#64360)
  • Fix typo in dynamic-rendering.ts (#64365)
  • Fix DynamicServerError not being thrown in fetch (#64511)
  • fix(next): Metadata.openGraph values not resolving basic values when type is set (#63620)
  • disable production chunking in dev (#64488)
  • Fix cjs client components tree-shaking (#64558)
  • fix refresh behavior for discarded actions (#64532)
  • fix: filter out middleware requests in logging (#64549)
  • Turbopack: Allow client components to be imported in app routes (#64520)
  • Fix ASL bundling for dynamic css (#64451)
  • add pathname normalizer for actions (#64592)
  • fix incorrect refresh request when basePath is set (#64589)
  • test: skip turbopack build test (#64356)
  • hotfix(turbopack): Update with patch for postcss.config.js path resolution on Windows (#64677)

... (truncated)

Commits
  • 2e7a96a v14.2.3
  • a230be4 Clean-up fetch metrics tracking (#64746)
  • 73c2d63 fix: remove traceparent from cachekey should not remove traceparent from orig...
  • dd44191 fix root page revalidation when redirecting in a server action (#64730)
  • 8b4c234 prevent erroneous route interception during lazy fetch (#64692)
  • d6a7ca0 fix(fetch-cache): fix additional typo, add type & data validation (#64799)
  • 4a6b511 Fix next/image usage in mdx (#64875)
  • 04cc13c Fix mixed exports in server component with barrel optimization (#64894)
  • 8d01d49 fix: mixing namespace import and named import client components (#64809)
  • de84e3a Fix: resolve mixed re-exports module as cjs (#64681)
  • Additional commits viewable in compare view


Updates sanitize-html from 2.11.0 to 2.12.1

Changelog

Sourced from sanitize-html's changelog.

2.12.1 (2024-02-22)

  • Do not parse sourcemaps in post-css. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the style attribute is allowed by the configuration. Thanks to the Snyk Security team for the disclosure and to Dylan Armstrong for the fix.

2.12.0 (2024-02-21)

  • Introduced the allowedEmptyAttributes option, enabling explicit specification of empty string values for select attributes, with the default attribute set to alt. Thanks to Na for the contribution.

  • Clarified the use of SVGs with a new test and changes to documentation. Thanks to Gauav Kumar for the contribution.

  • Do not process source maps when processing style tags with PostCSS.

Commits
  • 4a7d7dd Merge pull request #654 from apostrophecms/release-2.12.1
  • f8e02be release 2.12.1
  • c5dbdf7 Merge pull request #650 from dylanarmstrong/fix/ignore-source-maps
  • 5a5a74e Merge pull request #652 from apostrophecms/add-thanks-to-changelog
  • ee71ff0 Add community contribution thanks you
  • a226fe7 Merge pull request #651 from apostrophecms/release-2.12.0
  • ff18600 release 2.12.0
  • 1e2294c test: added test for postcss map
  • c376501 doc: update changelog
  • 075499d fix: ignore source maps when processing with postcss
  • Additional commits viewable in compare view


Updates postcss from 8.4.30 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

  • Fixed \r parsing to fix CVE-2023-44270.
Changelog

Sourced from postcss's changelog.

8.4.31

  • Fixed \r parsing to fix CVE-2023-44270.
Commits


Updates @babel/traverse from 7.22.11 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

:bug: Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

:nail_care: Polish

:house: Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

:running_woman: Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

Committers: 6

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

:eyeglasses: Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

:bug: Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

:nail_care: Polish

:house: Internal

  • Other
  • babel-parser
  • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • babel-plugin-proposal-partial-application, babel-types
  • babel-plugin-transform-class-properties, babel-preset-env

:running_woman: Performance

  • babel-helpers, babel-preset-env, babel-runtime-corejs3

v7.24.4 (2024-04-03)

:eyeglasses: Spec Compliance

  • babel-parser
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

:bug: Bug Fix

  • babel-generator
  • babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-plugin-transform-block-scoping
  • babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits


Updates @solana/web3.js from 1.78.4 to 1.91.8

Release notes

Sourced from @​solana/web3.js's releases.

v1.91.8

1.91.8 (2024-05-03)

Bug Fixes

  • @solana/web3.js should now be compatible with Vercel Edge runtime (4ea9bc9)

v1.91.7

1.91.7 (2024-04-19)

Bug Fixes

  • update @solana/spl-token to 0.4.5 in tests (#2529) (da22d0b)

v1.91.6

1.91.6 (2024-04-17)

Bug Fixes

  • revert use of internal fast-stable-stringify in legacy library (#2509) (7d3adbb)

v1.91.5

1.91.5 (2024-04-17)

Bug Fixes

  • use our version of fast-stable-stringify everywhere (#2504) (18d6b56)

v1.91.4

1.91.4 (2024-04-03)

Bug Fixes

  • downshift preflightCommitment to processed when bypassing preflight checks (#2415) (c801637)

v1.91.3

1.91.3 (2024-04-01)

Bug Fixes

v1.91.2

1.91.2 (2024-03-26)

... (truncated)

Commits
  • 4ea9bc9 fix: @solana/web3.js should now be compatible with Vercel Edge runtime
  • 7b4f787 Update rpc-websockets to 7.11.0 (#2610)
  • f23c878 Apply default input dependencies to every Turbo step (#2609)
  • 37bb626 chore: bump @​typescript-eslint/parser from 6.8.0 to 6.21.0 (#2604)
  • b179c89 chore: bump turbo from 1.13.0 to 1.13.3 (#2603)
  • 3554a13 refactor(experimental): graphql: token-2022 extensions: cpi guard
  • 7c9a91e refactor(experimental): graphql: token-2022 extensions: default account state
  • 8f5af23 refactor(experimental): graphql: token-2022 extensions: transfer hook
  • 4d84c7b refactor(experimental): graphql: token-2022 extensions: group member pointer
  • 37b8e09 refactor(experimental): graphql: token-2022 extensions: group pointer
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by lorisleiva, a new releaser for @​solana/web3.js since your current version.


Updates follow-redirects from 1.15.3 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/OriginProtocol/oeth.com/network/alerts).
dependabot[bot] commented 4 months ago

Superseded by #151.