Closed dependabot[bot] closed 2 months ago
This PR is stale because it has been open for 7 days with no activity. Remove stale label or comment or this PR will be closed in 3 days.
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.
To ignore these dependencies, configure ignore rules in dependabot.yml
Bumps the npm_and_yarn group with 1 update in the / directory: @grpc/grpc-js. Bumps the npm_and_yarn group with 1 update in the /sdk directory: braces.
Updates
@grpc/grpc-js
from 1.8.21 to 1.8.22Release notes
Sourced from
@grpc/grpc-js
's releases.Commits
a8a0203
Merge pull request from GHSA-7v5v-9h63-cj863b110cd
grpc-js: Bump to 1.8.228e62222
grpc-js: Avoid buffering significantly more than max_receive_message_size per...9d83947
Merge pull request #2742 from sergiitk/backport-1.8-psm-interop-common-prod-t...00f348c
Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests36d105b
Merge pull request #2737 from murgatroid99/backport-1.8-grpc-js_linkify-it_fix969e305
Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fixd78216f
Merge pull request #2715 from sergiitk/backport-1.8-psm-interop-pkg-devf38966a
Merge pull request #2712 from sergiitk/psm-interop-pkg-devffefff2
Merge pull request #2640 from XuanWang-Amos/backport-1.8-psm-interop-shared-b...Updates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
PR-Codex overview
This PR updates dependencies in
yarn.lock
andsdk/yarn.lock
files. The changes include updating@grpc/grpc-js
,braces
, andfill-range
packages to newer versions.Detailed summary
@grpc/grpc-js
to versions 1.10.10 and 1.8.22braces
to version 3.0.3fill-range
to version 7.1.1