search

cloudmesh-community / graphql

Apache License 2.0
0 stars 0 forks source link

Bump json5, handlebars-loader, @babel/core and loader-utils in /app #45

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps json5 to 1.0.2 and updates ancestor dependencies json5, handlebars-loader, @babel/core and loader-utils. These dependencies need to be updated together.

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits


Updates handlebars-loader from 1.7.0 to 1.7.3

Release notes

Sourced from handlebars-loader's releases.

v1.7.3

What's Changed

New Contributors

Full Changelog: https://github.com/pcardune/handlebars-loader/compare/v1.7.2...v1.7.3

Changelog

Sourced from handlebars-loader's changelog.

[1.7.3] - 2022-12-07

Fixed

  • Upgraded loader-utils dependendency to 1.4.2, which fixes a critical vulnerability

[1.7.2] - 2022-05-18

Fixed

  • Upgraded async dependency to 3.2.2 (#207)

[1.7.1] - 2018-12-18

Fixed

  • Fixed use stringifyRequest instead of absolute paths in loader output (#167)
Commits
  • e678ba7 1.7.3
  • 3f5b65f Update changelog with info about v1.7.3
  • f44f590 Merge pull request #214 from pcardune/dependabot/npm_and_yarn/loader-utils-1.4.2
  • 6f71645 Bump loader-utils from 1.0.4 to 1.4.2
  • 8810606 Update mocha and sinon dev dependencies (#210)
  • 373449e Update mocha and sinon dev dependencies
  • 788a33c remove coveralls dev dependency (#209)
  • f0e36e5 remove coveralls dev dependency
  • 31eda1d Update links in README
  • a4f23d1 Switch to github workflows in favor of travis-ci
  • Additional commits viewable in compare view


Updates @babel/core from 7.1.2 to 7.20.12

Release notes

Sourced from @​babel/core's releases.

v7.20.12 (2023-01-04)

Thanks @​cross19xx, @​JBYoshi and @​nmn for your first PRs!

:bug: Bug Fix

  • babel-traverse
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-class-properties

:nail_care: Polish

  • babel-traverse

Committers: 5

v7.20.11 (2022-12-23)

:eyeglasses: Spec Compliance

  • babel-helper-module-transforms, babel-plugin-proposal-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs

:bug: Bug Fix

  • babel-plugin-transform-block-scoping

Committers: 2

v7.20.10 (2022-12-23)

:bug: Bug Fix

Committers: 2

v7.20.9 (2022-12-23)

:bug: Bug Fix

  • babel-plugin-transform-block-scoping

... (truncated)

Changelog

Sourced from @​babel/core's changelog.

v7.20.12 (2023-01-04)

:bug: Bug Fix

  • babel-traverse
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-class-properties

:nail_care: Polish

  • babel-traverse

v7.20.11 (2022-12-23)

:eyeglasses: Spec Compliance

  • babel-helper-module-transforms, babel-plugin-proposal-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs

:bug: Bug Fix

  • babel-plugin-transform-block-scoping

v7.20.10 (2022-12-23)

:bug: Bug Fix

v7.20.9 (2022-12-23)

:bug: Bug Fix

  • babel-plugin-transform-block-scoping

v7.20.8 (2022-12-22)

:bug: Bug Fix

  • babel-plugin-transform-block-scoping
  • babel-plugin-proposal-class-properties, babel-traverse

v7.20.7 (2022-12-22)

:eyeglasses: Spec Compliance

  • babel-helper-member-expression-to-functions, babel-helper-replace-supers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes
  • babel-helpers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes, babel-plugin-transform-object-super

:bug: Bug Fix

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by nicolo-ribaudo, a new releaser for @​babel/core since your current version.


Updates loader-utils from 1.1.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

v1.4.0

1.4.0 (2020-02-19)

Features

  • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

  • support the [query] template for the interpolatedName method (#162) (469eeba)

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

  • interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

1.4.1 (2022-11-07)

Bug Fixes

1.4.0 (2020-02-19)

Features

  • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

  • support the [query] template for the interpolatedName method (#162) (469eeba)

1.2.3 (2018-12-27)

Bug Fixes

  • interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for loader-utils since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cloudmesh-community/graphql/network/alerts).