Bumps the npm_and_yarn group with 2 updates in the / directory: ejs and vite.
Bumps the npm_and_yarn group with 1 update in the /demo directory: vite.
Bumps the npm_and_yarn group with 2 updates in the /docs directory: vite and ws.
In vulnerable versions of ws, the issue can be mitigated in the following ways:
Reduce the maximum allowed length of the request headers using the
[--max-http-header-size=size][] and/or the [maxHeaderSize][] options so
that no more headers than the server.maxHeadersCount limit can be sent.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/axe-api/validator/network/alerts).
Bumps the npm_and_yarn group with 2 updates in the / directory: ejs and vite. Bumps the npm_and_yarn group with 1 update in the /demo directory: vite. Bumps the npm_and_yarn group with 2 updates in the /docs directory: vite and ws.
Updates
ejs
from 3.1.9 to 3.1.10Release notes
Sourced from ejs's releases.
Commits
d3f807d
Version 3.1.109ee26dd
Mocha TDDe469741
Basic pollution protection715e950
Merge pull request #756 from Jeffrey-mu/maincabe314
Include advanced usage examples29b076c
Added header11503c7
Merge branch 'main' of github.com:mde/ejs into main7690404
Added security banner to READMEf47d7ae
Update SECURITY.md828cea1
Update SECURITY.mdUpdates
vite
from 5.1.3 to 5.3.1Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
c608e6a
release: v5.3.16ced135
fix(build): preload treeshaking ignore equal (#17480)d355568
fix(build): handle preload treeshaking for braces (#17479)1f09344
chore: consolidate changelog for 5.3 (#17476)3e27071
fix(build): handle preload treeshaking for commas (#17472)29a260c
release: v5.3.00a76652
fix(ssrTransform): handle arbitrary module namespace identifiers (#17446)f16fae5
test: disable isolate for unit test (#17448)ec287f8
feat: asset type add bmp (#17439)68aa9f8
fix: typo in client log (#17363)Updates
vite
from 5.0.12 to 5.0.13Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
c608e6a
release: v5.3.16ced135
fix(build): preload treeshaking ignore equal (#17480)d355568
fix(build): handle preload treeshaking for braces (#17479)1f09344
chore: consolidate changelog for 5.3 (#17476)3e27071
fix(build): handle preload treeshaking for commas (#17472)29a260c
release: v5.3.00a76652
fix(ssrTransform): handle arbitrary module namespace identifiers (#17446)f16fae5
test: disable isolate for unit test (#17448)ec287f8
feat: asset type add bmp (#17439)68aa9f8
fix: typo in client log (#17363)Updates
vite
from 5.0.12 to 5.3.1Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
c608e6a
release: v5.3.16ced135
fix(build): preload treeshaking ignore equal (#17480)d355568
fix(build): handle preload treeshaking for braces (#17479)1f09344
chore: consolidate changelog for 5.3 (#17476)3e27071
fix(build): handle preload treeshaking for commas (#17472)29a260c
release: v5.3.00a76652
fix(ssrTransform): handle arbitrary module namespace identifiers (#17446)f16fae5
test: disable isolate for unit test (#17448)ec287f8
feat: asset type add bmp (#17439)68aa9f8
fix: typo in client log (#17363)Updates
ws
from 8.15.1 to 8.17.1Release notes
Sourced from ws's releases.
... (truncated)
Commits
3c56601
[dist] 8.17.1e55e510
[security] Fix crash when the Upgrade header cannot be read (#2231)6a00029
[test] Increase code coverageddfe4a8
[perf] Reduce the amount ofcrypto.randomFillSync()
callsb73b118
[dist] 8.17.029694a5
[test] Use thehighWaterMark
variable934c9d6
[ci] Test on node 221817bac
[ci] Do not test on node 2196c9b3d
[major] Flip the default value ofallowSynchronousEvents
(#2221)e5f32c7
[fix] Emit at most one event per event loop iteration (#2218)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show