microsoft / iot-cardboard-js

iot-cardboard-js is a React library for building experiences for IoT applications
https://main--601c6b2fcd385c002100f14c.chromatic.com/
MIT License
84 stars 26 forks source link

build(deps): bump the npm_and_yarn at /. security update group with 3 updates #971

Open dependabot[bot] opened 11 months ago

dependabot[bot] commented 11 months ago

Bumps the npm_and_yarn at /. security update group with 3 updates: chromatic, node-sass and tough-cookie.

Updates chromatic from 5.7.0 to 9.0.0

Release notes

Sourced from chromatic's releases.

v9.0.0

🚀 Enhancement

  • Support projectId + userToken as alternative to projectToken for auth #852 (@​ghengeveld)

Authors: 1

v8.0.0

💥 Breaking Change

🐛 Bug Fix

Authors: 3

v7.6.0

🚀 Enhancement

Authors: 2

v7.5.4

🐛 Bug Fix

Authors: 1

v7.5.3

🐛 Bug Fix

  • Fix config for Auto and add next-release tag to trigger a next release #846 (@​ghengeveld)

... (truncated)

Changelog

Sourced from chromatic's changelog.

v9.0.0 (Fri Nov 10 2023)

🚀 Enhancement

  • Support projectId + userToken as alternative to projectToken for auth #852 (@​ghengeveld)

Authors: 1


v8.0.0 (Thu Nov 09 2023)

💥 Breaking Change

🚀 Enhancement

🐛 Bug Fix

Authors: 4


v7.6.0 (Tue Oct 31 2023)

🚀 Enhancement

🐛 Bug Fix

Authors: 3

... (truncated)

Commits
  • 31677dd Bump version to: 9.0.0 [skip ci]
  • 384479c Update CHANGELOG.md [skip ci]
  • f2a52aa Merge pull request #852 from chromaui/support-oauth-token
  • 20b0b0e Bump version to: 8.0.0 [skip ci]
  • 7c7a662 Update CHANGELOG.md [skip ci]
  • 3a2eb3b Merge pull request #839 from chromaui/deprecate-node-16
  • 0c99a4e Skip makeZipFile tests until mockFs is fixed or we can replace it with memfs
  • b5b68a9 Fix package manager mocking
  • f6023ed Merge branch 'main' into deprecate-node-16
  • aed31de Merge pull request #848 from chromaui/dependabot/npm_and_yarn/browserify-sign...
  • Additional commits viewable in compare view


Updates node-sass from 5.0.0 to 7.0.0

Release notes

Sourced from node-sass's releases.

v7.0.0

Breaking changes

Features

Dependencies

Community

  • Remove double word "support" from documentation (@​pzrq, #3159)

Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Dependencies

Misc

Supported Environments

... (truncated)

Commits


Updates tough-cookie from 4.0.0 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • b1a8898 fix: allow set cookies with localhost (#253)
  • ec70796 4.1.1 Patch -- allow special use domains by default (#250)
  • d4ac580 fix: allow special use domains by default (#249)
  • 79c2f7d 4.1.0 release to NPM (#245)
  • 4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
  • aa4396d fix: distinguish between no samesite and samesite=none (#240)
  • b8d7511 Modernize README (#234)
  • Additional commits viewable in compare view


Updates node-sass from 7.0.0 to 9.0.0

Release notes

Sourced from node-sass's releases.

v7.0.0

Breaking changes

Features

Dependencies

Community

  • Remove double word "support" from documentation (@​pzrq, #3159)

Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Dependencies

Misc

Supported Environments

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/iot-cardboard-js/network/alerts).