build(deps): bump shell-quote and react-scripts in /webui

dependabot[bot] commented 10 months ago

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps shell-quote to 1.8.1 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

Updates shell-quote from 1.7.2 to 1.8.1

Changelog

Sourced from shell-quote's changelog.

v1.8.1 - 2023-04-07

Fixed

[Fix] parse: preserve whitespace in comments [#6](https://github.com/ljharb/shell-quote/issues/6)

[Fix] properly support the escape option [#5](https://github.com/ljharb/shell-quote/issues/5)

Commits

[Refactor] parse: hoist getVar to module level b42ac73

[Refactor] hoist some vars to module level 8f0c5c3

[Refactor] parse: use slice over substr, cache some values fcb2e1a

[Refactor] parse: a bit of cleanup 6780ec5

[Refactor] parse: tweak the regex to not match nothing 227d474

[Tests] increase coverage a66de94

[Refactor] parse: avoid shadowing a function arg 1d58679

v1.8.0 - 2023-01-30

Commits

[New] extract parse and quote to their own deep imports 553fdfc

[Tests] add nyc coverage fd7ddcd

[New] Add support for here strings (<<<) 9802fb3

[New] parse: Add syntax support for duplicating input file descriptors 216b198

[Dev Deps] update @ljharb/eslint-config, aud, tape 85f8e31

[Tests] add evalmd c5549fc

[actions] update checkout action 62e9b49

v1.7.4 - 2022-10-12

Merged

Add node_modules to .gitignore [#48](https://github.com/ljharb/shell-quote/issues/48)

Commits

[eslint] fix indentation and whitespace aaa9d1f

[eslint] additional cleanup 397cb62

[meta] add auto-changelog 497fca5

[actions] add reusable workflows 4763c36

[eslint] add eslint 6ee1437

[readme] rename, add badges 7eb5134

[meta] update URLs 67381b6

[meta] create FUNDING.yml; add funding in package.json 8641572

[meta] use npmignore to autogenerate an npmignore file 2e2007a

Only apps should have lockfiles f97411e

[Dev Deps] update tape 051f608

[meta] add safe-publish-latest 18cadf9

[Tests] add aud in posttest dc1cc12

... (truncated)

Commits

da8a3ab v1.8.1
a66de94 [Tests] increase coverage
b42ac73 [Refactor] parse: hoist getVar to module level
fcb2e1a [Refactor] parse: use slice over substr, cache some values
ecf2a60 [Fix] parse: preserve whitespace in comments
1d58679 [Refactor] parse: avoid shadowing a function arg
6780ec5 [Refactor] parse: a bit of cleanup
227d474 [Refactor] parse: tweak the regex to not match nothing
7bcd90e [Fix] properly support the escape option
8f0c5c3 [Refactor] hoist some vars to module level
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.

Updates react-scripts from 3.0.1 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.3 to 3.4.4

Inside any created project that has not been ejected, run:
npm install --save --save-exact react-scripts@3.4.4
or
yarn add --exact react-scripts@3.4.4
3.4.3 (2020-08-12)

v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.2 to 3.4.3

Inside any created project that has not been ejected, run:
npm install --save --save-exact react-scripts@3.4.3
or
yarn add --exact react-scripts@3.4.3
3.4.2 (2020-08-11)

v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.1 to 3.4.2

Inside any created project that has not been ejected, run:
npm install --save --save-exact react-scripts@3.4.2
or

... (truncated)

Commits

19fa58d Publish
9802941 fix: webpack noise printed only if error or warning (#12245)
2eef1d0 Update templates to use React 18 createRoot (#12220)
221e511 Publish
5614c87 Add support for Tailwind (#11717)
20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
3afbbc0 Update all dependencies (#11624)
f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
c7627ce Update webpack and dev server (#11646)
544befe Update package.json (#11597)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/moov-io/watchman/network/alerts).

codecov-commenter commented 10 months ago

Codecov Report

Merging #518 (1532964) into master (58c4b3b) will not change coverage. Report is 1 commits behind head on master. The diff coverage is n/a.

:exclamation: Current head 1532964 differs from pull request most recent head 786bc34. Consider uploading reports for the commit 786bc34 to get more accurate results

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #518 +/- ## ====================================== Coverage 8.25% 8.25% ====================================== Files 44 44 Lines 3503 3503 ====================================== Hits 289 289 Misses 3191 3191 Partials 23 23 ```

adamdecaf commented 10 months ago

@dependabot rebase

dependabot[bot] commented 9 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

moov-io / watchman