search

google / web-starter-kit

Web Starter Kit - a workflow for multi-device websites
http://developers.google.com/web/starter-kit
Apache License 2.0
18.44k stars 3.02k forks source link

Bump the npm_and_yarn group across 1 directory with 12 updates #1042

Open dependabot[bot] opened 2 months ago

dependabot[bot] commented 2 months ago

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
concat-with-sourcemaps 1.0.4 1.1.0
deap 1.0.0 1.0.1
es5-ext 0.10.12 0.10.64
fsevents 1.0.15 1.2.13
handlebars 4.0.6 4.7.8
hosted-git-info 2.1.5 2.8.9
ini 1.3.4 1.3.8
is-my-json-valid 2.15.0 2.20.6
is-url 1.2.2 1.2.4
urijs 1.18.4 1.19.11
y18n 3.2.1 3.2.2

Updates concat-with-sourcemaps from 1.0.4 to 1.1.0

Commits
Maintainer changes

This version was pushed to npm by floridoo, a new releaser for concat-with-sourcemaps since your current version.


Updates deap from 1.0.0 to 1.0.1

Commits
Maintainer changes

This version was pushed to npm by prestaul, a new releaser for deap since your current version.


Updates es5-ext from 0.10.12 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

... (truncated)

Commits
  • f76b03d chore: Release v0.10.64
  • 2881acd chore: Bump dependencies
  • c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
  • 16f2b72 docs: Fix date in the changelog
  • de4e03c chore: Release v0.10.63
  • 3fd53b7 chore: Upgrade lint-staged to v13
  • bf8ed79 chore: Ensure postinstall script does not crash on Windows
  • 2cbbb07 chore: Bump dependencies
  • 22d0416 chore: Bump LICENSE year
  • a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
  • Additional commits viewable in compare view


Updates fsevents from 1.0.15 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

  • Added node v10 for pre-built binaries
  • C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

  • BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
    • Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
  • Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
  • Compatibility updates for nan v2.9.0

v1.1.3

  • Added node v9 for pre-built binaries
  • Fixed bug related to using --no-bin-links option on install
  • Updated node-pre-gyp to latest version (0.6.39)

v1.1.2

  • Added Node.js v8 to the prebuild binary assets.
  • Stopped prebuilding for io.js (can still be built locally)
  • Updated node-pre-gyp to latest version (0.6.36)

v1.1.1

... (truncated)

Commits


Updates handlebars from 4.0.6 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#1736) - b6d3de7
  • fix: escape property names in compat mode (#1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

  • Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits
  • 8dc3d25 v4.7.8
  • 668c4fb Fix browser tests in CI pipeline
  • c65c6cc Test on Node 18
  • 3d3796c Make library compatible with workers
  • 075b354 Fix sync issue with npm lock-file
  • 30dbf04 Fix compiling of each block params in strict mode
  • e3a5448 Fix bundler issue with webpack 5
  • 8e23642 Fix integration-tests issue with npm >= 7
  • 88ac068 use https instead of git for mustache submodule
  • c68bc08 Fix typo
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.


Updates hosted-git-info from 2.1.5 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

2.8.8 (2020-02-29)

Bug Fixes

  • #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

  • Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
  • Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

  • updated pathmatch for gitlab (e8325b5), closes #51
  • updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits
  • 8d4b369 chore(release): 2.8.9
  • 29adfe5 fix: backport regex fix from #76
  • afeaefd chore(release): 2.8.8
  • 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
  • 7440afa chore(release): 2.8.7
  • 2d0bb66 fix: Do not attempt to use url.URL when unavailable
  • f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
  • e1b83df chore(release): 2.8.6
  • ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
  • 624fd6f chore(release): 2.8.5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


Updates ini from 1.3.4 to 1.3.8

Commits
  • a2c5da8 1.3.8
  • af5c6bb Do not use Object.create(null)
  • 8b648a1 don't test where our devdeps don't even work
  • c74c8af 1.3.7
  • 024b8b5 update deps, add linting
  • 032fbaf Use Object.create(null) to avoid default object property hazards
  • 2da9039 1.3.6
  • cfea636 better git push script, before publish instead of after
  • 56d2805 do not allow invalid hazardous string as section name
  • 738eca5 v1.3.5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.


Updates is-my-json-valid from 2.15.0 to 2.20.6

Commits
Maintainer changes

This version was pushed to npm by linusu, a new releaser for is-my-json-valid since your current version.


Updates is-url from 1.2.2 to 1.2.4

Commits


Updates jsonpointer from 4.0.0 to 5.0.1

Release notes

Sourced from jsonpointer's releases.

Version 5.0.1

Changelog

v5.0.0

5.0.0 (2021-10-31)

Bug Fixes

  • Fix prototype pollution (#51)

    • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
    // returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
    • When passing non-string arrays to a .set operation, an error is thrown:
    // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')

v4.1.0

4.1.0 (2020-07-03)

Bug Fixes

Features

Version 4.0.1

Whitelist production relevant files in package.json. This decreases the npm package size a bit. janl/node-jsonpointer#26

Commits
  • 4a253c0 Adopt strictEqual changes and only return null when the get succeeded
  • bad4983 Fix null values throwing exception when traversing over while getting
  • a5706e8 test: Always use strictEqual to ensure null and undefined values are asserted...
  • b8e1e6a fix incorrect typings for compile get/set methods
  • c4de620 Merge pull request #53 from janl/release/5.0.0
  • 8dbf304 feat: v5
  • 84cf173 Merge pull request #52 from janl/fix/test
  • f716e5c chore: more rip travis
  • e2ae355 chore: remove comment
  • d23693b chore: update primary branch
  • Additional commits viewable in compare view


Updates urijs from 1.18.4 to 1.19.11

Release notes

Sourced from urijs's releases.

1.19.11 (April 3rd 2022)

1.19.10 (March 5th 2022)

1.19.9 (March 3rd 2022)

1.19.8 (February 15th 2022)

1.19.7 (July 14th 2021)

  • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
  • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
  • removed obsolete build tools
  • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

1.19.6 (February 13th 2021)

  • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

1.19.5 (December 30th 2020)

1.19.4 (December 23rd 2020)

1.19.3 (December 20th 2020)

1.19.2 (October 20th 2019)

1.19.1 (February 10th 2018)

1.19.0 (October 1st 2017)

1.18.12 (August 9th 2017)

1.18.11 (August 8th 2017)

... (truncated)

Changelog

Sourced from urijs's changelog.

1.19.11 (April 3rd 2022)

1.19.10 (March 5th 2022)

1.19.9 (March 3rd 2022)

1.19.8 (February 15th 2022)

1.19.7 (July 14th 2021)

  • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
  • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
  • removed obsolete build tools
  • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

1.19.6 (February 13th 2021)

  • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

1.19.5 (December 30th 2020)

1.19.4 (December 23rd 2020)

1.19.3 (December 20th 2020)

1.19.2 (October 20th 2019)

1.19.1 (February 10th 2018)

... (truncated)

Commits
  • b655c1b chore(build): bumping to version 1.19.11
  • b0c9796 fix(parse): handle CR,LF,TAB
  • 88805fd fix(parse): handle excessive slashes in scheme-relative URLs
  • 926b2aa chore(build): bumping to version 1.19.10
  • a8166fe fix(parse): handle excessive colons in scheme delimiter
  • 01920b5 chore(build): bumping to version 1.19.9
  • 86d1052 fix(parse): remove leading whitespace
  • efae1e5 chore(build): bumping to version 1.19.8
  • 6ea641c fix(parse): case insensitive scheme - #412
  • 19e54c7 chore(build): bumping to version 1.19.7
  • Additional commits viewable in compare view


Updates y18n from 3.2.1 to 3.2.2

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

  • release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

  • security: ensure entry exists for backport (#120) (b22c0df)
Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/web-starter-kit/network/alerts).