mapcentia / vidi

Vidi – a modern take on browser GIS. It is the front-end client for GC2.
https://www.osgeo.org/projects/gc2-vidi/
GNU Affero General Public License v3.0
44 stars 25 forks source link

Bump qs and grunt-contrib-watch in /public/js/lib/bootstrap-material-design #256

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps qs to 6.5.2 and updates ancestor dependency grunt-contrib-watch. These dependencies need to be updated together.

Updates qs from 0.5.6 to 6.5.2

Changelog

Sourced from qs's changelog.

6.5.2

  • [Fix] use safer-buffer instead of Buffer constructor
  • [Refactor] utils: module.exports one thing, instead of mutating exports (#230)
  • [Dev Deps] update browserify, eslint, iconv-lite, safer-buffer, tape, browserify

6.5.1

  • [Fix] Fix parsing & compacting very deep objects (#224)
  • [Refactor] name utils functions
  • [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • [Tests] up to node v8.4; use nvm install-latest-npm so newer npm doesn’t break older node
  • [Tests] Use precise dist for Node.js 0.6 runtime (#225)
  • [Tests] make 0.6 required, now that it’s passing
  • [Tests] on node v8.2; fix npm on node 0.6

6.5.0

  • [New] add utils.assign
  • [New] pass default encoder/decoder to custom encoder/decoder functions (#206)
  • [New] parse/stringify: add ignoreQueryPrefix/addQueryPrefix options, respectively (#213)
  • [Fix] Handle stringifying empty objects with addQueryPrefix (#217)
  • [Fix] do not mutate options argument (#207)
  • [Refactor] parse: cache index to reuse in else statement (#182)
  • [Docs] add various badges to readme (#208)
  • [Dev Deps] update eslint, browserify, iconv-lite, tape
  • [Tests] up to node v8.1, v7.10, v6.11; npm v4.6 breaks on node < v1; npm v5+ breaks on node < v4
  • [Tests] add editorconfig-tools

6.4.1

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] use safer-buffer instead of Buffer constructor
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main

6.4.0

  • [New] qs.stringify: add encodeValuesOnly option
  • [Fix] follow allowPrototypes option during merge (#201, #201)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for qs since your current version.


Updates grunt-contrib-watch from 0.6.1 to 1.1.0

Changelog

Sourced from grunt-contrib-watch's changelog.

v1.1.0: date: 2018-05-12 changes: - Update to tiny-lr@1.1.1, lodash@4.17.10, async@2.6.0 v1.0.1: date: 2018-04-20 changes: - Update to gaze@1.1, lodash@4 v1.0.0: date: 2016-03-12 changes: - Updated tiny-lr, gaze, async and lodash dependencies. - Fix endless loop issue with atBegin/nospawn. - Expose hostname parameter of tiny-lr. - Support cwd.event to emit events relative to path. - Removed peerDependencies setting.

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mapcentia/vidi/network/alerts).
dependabot[bot] commented 2 years ago

Looks like these dependencies are no longer a dependency, so this is no longer needed.