Closed dependabot[bot] closed 4 months ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@babel/helper-skip-transparent-expression-wrappers@7.11.0, npm/@babel/plugin-proposal-class-properties@7.10.4, npm/@babel/plugin-proposal-export-namespace-from@7.10.4, npm/@babel/plugin-proposal-logical-assignment-operators@7.11.0, npm/@babel/plugin-proposal-private-methods@7.10.4, npm/@babel/plugin-transform-react-pure-annotations@7.10.4, npm/@babel/plugin-transform-runtime@7.11.5, npm/@babel/plugin-transform-unicode-escapes@7.10.4, npm/@babel/traverse@7.7.4, npm/@graphql-tools/schema@6.2.2, npm/@graphql-tools/utils@6.2.2, npm/@mdx-js/runtime@2.0.0-next.7, npm/@reach/alert@0.10.3, npm/@reach/auto-id@0.10.5, npm/@reach/combobox@0.10.3, npm/@reach/descendants@0.10.5, npm/@reach/dialog@0.10.3, npm/@reach/menu-button@0.10.3, npm/@reach/observe-rect@1.2.0, npm/@reach/popover@0.10.3, npm/@reach/portal@0.10.5, npm/@reach/rect@0.10.5, npm/@reach/tabs@0.10.3, npm/@reach/tooltip@0.10.3, npm/@reach/utils@0.10.5, npm/@reach/visually-hidden@0.10.4, npm/@types/history@4.7.7, npm/@types/lodash.sample@4.2.6, npm/@types/parse5@5.0.3, npm/@types/reach__router@1.3.5, npm/@types/warning@3.0.0, npm/@urql/core@1.13.0, npm/acorn-dynamic-import@4.0.0, npm/after@0.8.2, npm/arraybuffer.slice@0.0.7, npm/auto-bind@4.0.0, npm/axios@0.19.2, npm/babel-plugin-add-module-exports@0.3.3, npm/babel-plugin-extract-export-names@2.0.0-next.7, npm/babel-plugin-remove-export-keywords@1.6.16, npm/babel-preset-gatsby@0.5.9, npm/base64-arraybuffer@0.1.5, npm/better-assert@1.0.2, npm/better-opn@1.0.0, npm/blob@0.0.5, npm/body-parser@1.19.0, npm/browserify-sign@4.0.4, npm/buble-jsx-only@0.19.8, npm/builtin-modules@3.1.0, npm/cache-manager-fs-hash@0.0.9, npm/callsite@1.0.0, npm/case@1.6.3, npm/cli-table3@0.5.1, npm/cli-truncate@2.1.0, npm/colorette@1.2.1, npm/colors@1.4.0, npm/component-bind@1.0.0, npm/component-inherit@0.0.3, npm/concurrently@5.3.0, npm/contentful-management@5.28.0, npm/contentful-sdk-core@6.4.5, npm/cookie@0.4.0, npm/cross-fetch@2.2.2, npm/cross-var@1.1.0, npm/decode-uri-component@0.2.0, npm/del@6.0.0, npm/detect-indent@6.0.0, npm/detect-node-es@1.0.0, npm/dotenv@8.2.0, npm/engine.io-client@3.4.3, npm/engine.io-parser@2.2.0, npm/engine.io@3.4.2, npm/escalade@3.0.2, npm/eslint-plugin-graphql@3.1.1, npm/express@4.17.1, npm/finalhandler@1.1.2, npm/fn-name@2.0.1, npm/focus-lock@0.7.0, npm/formik@2.1.5, npm/forwarded@0.1.2, npm/gatsby-design-tokens@2.0.11, npm/gatsby-graphiql-explorer@0.4.13, npm/gatsby-interface@0.0.166, npm/gatsby-legacy-polyfills@0.0.4, npm/gatsby-link@2.4.13, npm/gatsby-page-utils@0.2.24, npm/gatsby-plugin-page-creator@2.3.27, npm/gatsby@2.24.57, npm/ncp@2.0.0, npm/ts-patch@3.0.0-beta3, npm/typescript@5.0.4, npm/upath@2.0.1
Looks like these dependencies are no longer a dependency, so this is no longer needed.
Bumps the npm_and_yarn group with 10 updates in the /ui directory:
4.17.15
4.17.21
0.2.1
0.2.4
1.1.5
1.1.9
7.7.4
7.24.1
4.0.4
4.2.3
0.2.0
0.2.2
4.17.1
4.19.2
1.5.10
1.15.6
2.24.57
2.32.13
6.5.2
6.5.3
Updates
lodash-es
from 4.17.15 to 4.17.21Commits
f299b52
Bump to v4.17.21c4847eb
Improve performance oftoNumber
,trim
andtrimEnd
on large input strings3469357
Prevent command injection through_.template
'svariable
optionded9bc6
Bump to v4.17.20.63150ef
Documentation fixes.00f0f62
test.js: Remove trailing comma.846e434
Temporarily use a custom fork oflodash-cli
.5d046f3
Re-enable Travis tests on4.17
branch.aa816b3
Remove/npm-package
.d7fbc52
Bump to v4.17.19Maintainer changes
This version was pushed to npm by bnjmnt4n, a new releaser for lodash-es since your current version.
Updates
minimist
from 0.2.1 to 0.2.4Changelog
Sourced from minimist's changelog.
Commits
8c6be48
v0.2.4d031f9b
[Dev Deps] updatetape
3dbebff
[Tests] check side-effects of pollution protection34e20b8
[Robustness] rework isConstructorOrProtoc0b2661
v0.2.363b8fee
[Fix] Fix long option followed by single dash (#17)72239e6
[Tests] Remove duplicate test (#12)34b0f1c
[eslint] fix indentation3226afa
[Dev Deps] add missingnpmignore
dev dep098873c
[Dev Deps] update@ljharb/eslint-config
,aud
Maintainer changes
This version was pushed to npm by ljharb, a new releaser for minimist since your current version.
Updates
ip
from 1.1.5 to 1.1.9Commits
1ecbf2f
1.1.96a3ada9
lib: fixed CVE-2023-42282 and added unit test5dc3b2f
1.1.88e6f28b
lib: even better node 6 support088c9e5
1.1.71a4ca35
lib: add back support for Node.js 6af82ef4
1.1.6dba19f6
package: exclude test folder from publishing7cd7f30
ci: use github workflows4de50ae
lib: node 18 supportUpdates
@babel/traverse
from 7.7.4 to 7.24.1Release notes
Sourced from
@babel/traverse
's releases.... (truncated)
Changelog
Sourced from
@babel/traverse
's changelog.... (truncated)
Commits
822b025
v7.24.1fc0d5ad
Update typescript and lint tools (#16351)69e7928
Consider well-known and registered symbols as literals (#16342)40110e9
Update source map deps (#16327)ce59160
v7.24.0bd5abd5
fix: avoidpopContext
on unvisited node paths (#16305)08a057c
UseObject.hasOwn
when available (#16248)a0dd614
v7.23.91200542
fix: Don't throw ingetTypeAnnotation
when using TS+inference (#15383)e428a6d
v7.23.7Updates
browserify-sign
from 4.0.4 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
... (truncated)
Commits
bf2c3ec
v4.2.39247adf
[patch] widen support to 0.12f427270
[Deps] update `parse-asn187f3a35
[Dev Deps] updateaud
,npmignore
,tape
fb261ce
[Deps] updateelliptic
4d0ee49
[patch] drop minimum node support to v19e2bf12
[Deps] pinhash-base
to ~3.0, due to a breaking change168e16f
[Deps] pinelliptic
due to a breaking change37a4758
[actions] remove redundant finisher4af5a90
v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
decode-uri-component
from 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea46
0.2.2980e0bf
Prevent overwriting previously decoded tokens3c8a373
0.2.176abc93
Switch to GitHub workflows746ca5d
Fix issue where decode throws - fixes #6486d7e2
Update license (#1)a650457
Tidelift tasks66e1c28
Meta tweaksUpdates
express
from 4.17.1 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
follow-redirects
from 1.5.10 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
gatsby
from 2.24.57 to 2.32.13Release notes
Sourced from gatsby's releases.