search

stellar / js-stellar-sdk

Main Stellar client library for the JavaScript language.
https://stellar.github.io/js-stellar-sdk/
Apache License 2.0
628 stars 311 forks source link

Bump the major group across 1 directory with 8 updates #1011

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the major group with 8 updates in the / directory:

Package From To
babel-plugin-istanbul 6.1.1 7.0.0
chai 4.4.1 5.1.1
chai-as-promised 7.1.2 8.0.0
chai-http 4.4.0 5.0.0
eslint 8.57.0 9.7.0
node-polyfill-webpack-plugin 3.0.0 4.0.0
nyc 15.1.0 17.0.0
sinon 17.0.2 18.0.0

Updates babel-plugin-istanbul from 6.1.1 to 7.0.0

Release notes

Sourced from babel-plugin-istanbul's releases.

babel-plugin-istanbul v7.0.0

⚠ BREAKING CHANGES

  • Drop support for Node versions 8 and 10

Bug Fixes

  • container is falsy error with block scoping transform (#291) (8e76919)
  • update istanbul-lib-instrument to v6 (#292) (643e080)
Changelog

Sourced from babel-plugin-istanbul's changelog.

7.0.0 (2024-07-05)

⚠ BREAKING CHANGES

  • Drop support for Node versions 8 and 10

Bug Fixes

  • container is falsy error with block scoping transform (#291) (8e76919)
  • update istanbul-lib-instrument to v6 (#292) (643e080)
Commits


Updates chai from 4.4.1 to 5.1.1

Release notes

Sourced from chai's releases.

v5.1.1

What's Changed

New Contributors

Full Changelog: https://github.com/chaijs/chai/compare/v5.1.0...v5.1.1

v5.1.0

What's Changed

New Contributors

Full Changelog: https://github.com/chaijs/chai/compare/v5.0.3...v5.1.0

v5.0.3

Fix bad v5.0.2 publish.

Full Changelog: https://github.com/chaijs/chai/compare/v5.0.2...v5.0.3

v5.0.2

What's Changed

Full Changelog: https://github.com/chaijs/chai/compare/v5.0.1...v5.0.2

v5.0.0

BREAKING CHANGES

  • Chai now only supports EcmaScript Modules (ESM). This means your tests will need to either have import {...} from 'chai' or import('chai'). require('chai') will cause failures in nodejs. If you're using ESM and seeing failures, it may be due to a bundler or transpiler which is incorrectly converting import statements into require calls.

... (truncated)

Commits


Updates chai-as-promised from 7.1.2 to 8.0.0

Release notes

Sourced from chai-as-promised's releases.

v8.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/chaijs/chai-as-promised/compare/v7.1.2...v8.0.0

v8.0.0-beta.1

What's Changed

Full Changelog: https://github.com/chaijs/chai-as-promised/compare/v8.0.0-beta.0...v8.0.0-beta.1

v8.0.0-beta.0

What's Changed

New Contributors

Full Changelog: https://github.com/chaijs/chai-as-promised/compare/v7.1.2...v8.0.0-beta.0

Commits


Updates chai-http from 4.4.0 to 5.0.0

Release notes

Sourced from chai-http's releases.

5.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/chaijs/chai-http/compare/4.4.0...5.0.0

5.0.0-alpha2

What's Changed

New Contributors

Full Changelog: https://github.com/chaijs/chai-http/compare/5.0.0-alpha1...5.0.0-alpha2

5.0.0-alpha1

Breaking Changes

The minimum supported version of Node goes from >= 0.10 to >= v16.20

What's Changed

... (truncated)

Commits


Updates eslint from 8.57.0 to 9.7.0

Release notes

Sourced from eslint's releases.

v9.7.0

Features

  • 7bd9839 feat: add support for es2025 duplicate named capturing groups (#18630) (Yosuke Ota)
  • 1381394 feat: add regex option in no-restricted-imports (#18622) (Nitin Kumar)

Bug Fixes

  • 14e9f81 fix: destructuring in catch clause in no-unused-vars (#18636) (Francesco Trotta)

Documentation

  • 9f416db docs: Add Powered by Algolia label to the search. (#18633) (Amaresh S M)
  • c8d26cb docs: Open JS Foundation -> OpenJS Foundation (#18649) (Milos Djermanovic)
  • 6e79ac7 docs: loadESLint does not support option cwd (#18641) (Francesco Trotta)

Chores

  • 793b718 chore: upgrade @​eslint/js@​9.7.0 (#18680) (Francesco Trotta)
  • 7ed6f9a chore: package.json update for @​eslint/js release (Jenkins)
  • 7bcda76 refactor: Add type references (#18652) (Nicholas C. Zakas)
  • 51bf57c chore: add tech sponsors through actions (#18624) (Strek)
  • 6320732 refactor: don't use parent property in NodeEventGenerator (#18653) (Milos Djermanovic)
  • 9e6d640 refactor: move "Parsing error" prefix adding to Linter (#18650) (Milos Djermanovic)

v9.6.0

Features

  • e2b16e2 feat: Implement feature flags (#18516) (Nicholas C. Zakas)
  • 8824aa1 feat: add ecmaVersion: 2025, parsing duplicate named capturing groups (#18596) (Milos Djermanovic)

Bug Fixes

  • 1613e2e fix: Allow escaping characters in config patterns on Windows (#18628) (Milos Djermanovic)
  • 21d3766 fix: no-unused-vars include caught errors pattern in report message (#18609) (Kirk Waiblinger)
  • d7a7736 fix: improve no-unused-vars message on unused caught errors (#18608) (Kirk Waiblinger)
  • f9e95d2 fix: correct locations of invalid /* eslint */ comments (#18593) (Milos Djermanovic)

Documentation

  • 13dbecd docs: Limit search to just docs (#18627) (Nicholas C. Zakas)
  • 375227f docs: Update getting-started.md - add pnpm to init eslint config (#18599) (Kostiantyn Ochenash)
  • 44915bb docs: Update README (GitHub Actions Bot)
  • d50db7b docs: Update vscode-eslint info (#18595) (Nicholas C. Zakas)

Chores

  • b15ee30 chore: upgrade @​eslint/js@​9.6.0 (#18632) (Milos Djermanovic)
  • d655503 chore: package.json update for @​eslint/js release (Jenkins)
  • 7c78ad9 refactor: Use language.visitorKeys and check for non-JS SourceCode (#18625) (Nicholas C. Zakas)
  • 69ff64e refactor: Return value of applyInlineConfig() (#18623) (Nicholas C. Zakas)
  • d2d06f7 refactor: use / separator when adjusting ignorePatterns on Windows (#18613) (Milos Djermanovic)
  • 6421973 refactor: fix disable directives for languages with 0-based lines (#18605) (Milos Djermanovic)
  • 0a13539 refactor: Allow optional methods for languages (#18604) (Nicholas C. Zakas)
  • c7ddee0 chore: make internal-rules not being a package (#18601) (Milos Djermanovic)
  • 3379164 chore: remove .eslintrc.js (#18011) (唯然)
  • d0c3a32 chore: update knip (with webdriver-io plugin) (#18594) (Lars Kappert)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.7.0 - July 12, 2024

  • 793b718 chore: upgrade @​eslint/js@​9.7.0 (#18680) (Francesco Trotta)
  • 7ed6f9a chore: package.json update for @​eslint/js release (Jenkins)
  • 14e9f81 fix: destructuring in catch clause in no-unused-vars (#18636) (Francesco Trotta)
  • 7bcda76 refactor: Add type references (#18652) (Nicholas C. Zakas)
  • 51bf57c chore: add tech sponsors through actions (#18624) (Strek)
  • 9f416db docs: Add Powered by Algolia label to the search. (#18633) (Amaresh S M)
  • 6320732 refactor: don't use parent property in NodeEventGenerator (#18653) (Milos Djermanovic)
  • 7bd9839 feat: add support for es2025 duplicate named capturing groups (#18630) (Yosuke Ota)
  • 1381394 feat: add regex option in no-restricted-imports (#18622) (Nitin Kumar)
  • 9e6d640 refactor: move "Parsing error" prefix adding to Linter (#18650) (Milos Djermanovic)
  • c8d26cb docs: Open JS Foundation -> OpenJS Foundation (#18649) (Milos Djermanovic)
  • 6e79ac7 docs: loadESLint does not support option cwd (#18641) (Francesco Trotta)

v9.6.0 - June 28, 2024

  • b15ee30 chore: upgrade @​eslint/js@​9.6.0 (#18632) (Milos Djermanovic)
  • d655503 chore: package.json update for @​eslint/js release (Jenkins)
  • 1613e2e fix: Allow escaping characters in config patterns on Windows (#18628) (Milos Djermanovic)
  • 13dbecd docs: Limit search to just docs (#18627) (Nicholas C. Zakas)
  • 7c78ad9 refactor: Use language.visitorKeys and check for non-JS SourceCode (#18625) (Nicholas C. Zakas)
  • e2b16e2 feat: Implement feature flags (#18516) (Nicholas C. Zakas)
  • 69ff64e refactor: Return value of applyInlineConfig() (#18623) (Nicholas C. Zakas)
  • 375227f docs: Update getting-started.md - add pnpm to init eslint config (#18599) (Kostiantyn Ochenash)
  • 44915bb docs: Update README (GitHub Actions Bot)
  • d2d06f7 refactor: use / separator when adjusting ignorePatterns on Windows (#18613) (Milos Djermanovic)
  • 21d3766 fix: no-unused-vars include caught errors pattern in report message (#18609) (Kirk Waiblinger)
  • 6421973 refactor: fix disable directives for languages with 0-based lines (#18605) (Milos Djermanovic)
  • d7a7736 fix: improve no-unused-vars message on unused caught errors (#18608) (Kirk Waiblinger)
  • 0a13539 refactor: Allow optional methods for languages (#18604) (Nicholas C. Zakas)
  • f9e95d2 fix: correct locations of invalid /* eslint */ comments (#18593) (Milos Djermanovic)
  • 8824aa1 feat: add ecmaVersion: 2025, parsing duplicate named capturing groups (#18596) (Milos Djermanovic)
  • c7ddee0 chore: make internal-rules not being a package (#18601) (Milos Djermanovic)
  • 3379164 chore: remove .eslintrc.js (#18011) (唯然)
  • d0c3a32 chore: update knip (with webdriver-io plugin) (#18594) (Lars Kappert)
  • d50db7b docs: Update vscode-eslint info (#18595) (Nicholas C. Zakas)

v9.5.0 - June 14, 2024

  • f588160 chore: upgrade @​eslint/js@​9.5.0 (#18591) (Milos Djermanovic)
  • 5890841 chore: package.json update for @​eslint/js release (Jenkins)
  • 455f7fd docs: add section about including .gitignore files (#18590) (Milos Djermanovic)
  • e9f4ccd chore: remove unused eslint-disable directive (#18589) (Milos Djermanovic)
  • 721eafe docs: update info about universal files patterns (#18587) (Francesco Trotta)
  • 4b23ffd refactor: Move JS parsing logic into JS language (#18448) (Nicholas C. Zakas)
  • 6880286 fix: treat * as a universal pattern (#18586) (Milos Djermanovic)
  • 8127127 docs: Update README (GitHub Actions Bot)
  • b2d256c feat: no-sparse-arrays report on "comma" instead of the whole array (#18579) (fisker Cheung)
  • 1495b93 chore: update WebdriverIO packages (#18558) (Christian Bromann)

... (truncated)

Commits


Updates node-polyfill-webpack-plugin from 3.0.0 to 4.0.0

Release notes

Sourced from node-polyfill-webpack-plugin's releases.

v4.0.0

  • Update dependencies 4d26fb0
  • Add fs null fallback (#45) 010fc94
  • Stop polyfilling console, domain, process, and internal stream modules by default 08f793b
  • Rename includeAliases to additionalAliases 08f793b
  • Allow ignoring the defaults with onlyAliases 08f793b

https://github.com/Richienb/node-polyfill-webpack-plugin/compare/v3.0.0...v4.0.0

Commits


Updates nyc from 15.1.0 to 17.0.0

Release notes

Sourced from nyc's releases.

nyc: v17.0.0

17.0.0 (2024-04-19)

⚠ BREAKING CHANGES

  • minimum Node version now 18

Bug Fixes

Build System

  • minimum Node version now 18 (9ef340e)
Changelog

Sourced from nyc's changelog.

17.0.0 (2024-04-19)

⚠ BREAKING CHANGES

  • minimum Node version now 18

Bug Fixes

Build System

  • minimum Node version now 18 (9ef340e)

16.0.0 (2024-04-10)

⚠ BREAKING CHANGES

  • minimum Node version now 18

Bug Fixes

Build System

  • minimum Node version now 18 (9ef340e)
Commits
  • fee2821 chore(main): release nyc 17.0.0 (#1558)
  • 10daacc build: explicitly point to config files
  • 8120112 test: remove dependency on "true" which is not on all windows sytems
  • f6e5aba chore(main): release 16.0.0 (#1554)
  • b6ed598 fix(deps): address security alerts in deps (#1555)
  • dda8e44 build: migrate to main branch (#1553)
  • 9ef340e build: move tests over to latest tapjs (#1552)
  • ab7c53b chore: Remove package-lock.json
  • 91ae8b8 chore(deps-dev): bump standard-version from 8.0.0 to 8.0.1
  • a6336e1 chore(deps): bump lodash from 4.17.15 to 4.17.19
  • Additional commits viewable in compare view


Updates sinon from 17.0.2 to 18.0.0

Changelog

Sourced from sinon's changelog.

18.0.0

This is what 17.0.2 should have been, as that contained two breaking changes. After updating Nise we are down to one breaking change, which only affects sinon-test (which has been updated), so most people are not affected. The legacyRoutes flag that is currently enabled in Nise by default will at some later version be disabled. We will then issue a little migration note.

  • 01d45312 Use Nise 6 with legacyRoutes flag enabled (Carl-Erik Kopseng)

    This should be disabled in a future Sinon version by default.

  • c618edc5 fix #2594: remove needless sandbox creation (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2024-05-15.

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
socket-security[bot] commented 2 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@eslint-community/regexpp@4.11.0 None 0 446 kB eslint-community-bot
npm/acorn@8.12.1 None 0 538 kB marijn
npm/babel-plugin-istanbul@7.0.0 environment, filesystem, shell Transitive: unsafe +12 633 kB oss-bot
npm/chai-as-promised@8.0.0 None 0 27.9 kB chaijs
npm/chai-http@5.0.0 network Transitive: environment, filesystem +21 1.02 MB chaijs
npm/chai@5.1.1 None +5 620 kB chaijs
npm/check-error@2.1.1 None 0 11.4 kB chaijs
npm/eslint@9.7.0 environment Transitive: filesystem, unsafe +32 4.77 MB eslintbot
npm/node-polyfill-webpack-plugin@4.0.0 network, unsafe Transitive: environment, eval +46 2.79 MB richienb
npm/nyc@17.0.0 environment, filesystem, unsafe Transitive: shell +60 1.59 MB bcoe
npm/qs@6.12.3 None 0 249 kB ljharb
npm/sinon@18.0.0 Transitive: environment, eval +9 7.6 MB fatso83

🚮 Removed packages: npm/@eslint-community/regexpp@4.10.1, npm/acorn@8.12.0, npm/babel-plugin-istanbul@6.1.1, npm/chai-as-promised@7.1.2, npm/chai-http@4.4.0, npm/node-polyfill-webpack-plugin@3.0.0, npm/nyc@15.1.0, npm/qs@6.12.1, npm/sinon@17.0.2

View full report↗︎

socket-security[bot] commented 2 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Mixed license npm/chai-as-promised@8.0.0
  • License: MIT AND WTFPL
 🚫

View full report↗︎

Next steps

What is a mixed license?

(Experimental) Package contains multiple licenses.

A new version of the package should be published that includes a single license. Consumers may seek clarification from the package author. Ensure that the license details are consistent across the LICENSE file, package.json license field and license details mentioned in the README.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/chai-as-promised@8.0.0
dependabot[bot] commented 2 months ago

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml