fix: bump the npm-security group across 1 directory with 18 updates#328
fix: bump the npm-security group across 1 directory with 18 updates#328dependabot[bot] wants to merge 1 commit into
Conversation
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Bumps the npm-security group with 1 update in the / directory: [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt). Updates `nuxt` from 4.4.2 to 4.4.8 - [Release notes](https://github.com/nuxt/nuxt/releases) - [Commits](https://github.com/nuxt/nuxt/commits/v4.4.8/packages/nuxt) Updates `brace-expansion` from 2.0.1 to 2.1.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v2.0.1...v2.1.2) Updates `defu` from 6.1.4 to 6.1.7 - [Release notes](https://github.com/unjs/defu/releases) - [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md) - [Commits](unjs/defu@v6.1.4...v6.1.7) Updates `devalue` from 5.6.3 to 5.8.1 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.6.3...v5.8.1) Updates `h3` from 1.15.5 to 1.15.11 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md) - [Commits](h3js/h3@v1.15.5...v1.15.11) Updates `launch-editor` from 2.13.1 to 2.14.1 - [Commits](vitejs/launch-editor@v2.13.1...v2.14.1) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v5.1.6...v5.1.9) Updates `node-forge` from 1.3.3 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.3...v1.4.0) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `serialize-javascript` from 6.0.2 to 7.0.7 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.7) Updates `shell-quote` from 1.8.3 to 1.10.0 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.8.3...v1.10.0) Updates `simple-git` from 3.33.0 to 3.36.0 - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git) Updates `srvx` from 0.11.12 to 0.11.21 - [Release notes](https://github.com/h3js/srvx/releases) - [Changelog](https://github.com/h3js/srvx/blob/main/CHANGELOG.md) - [Commits](h3js/srvx@v0.11.12...v0.11.21) Updates `tar` from 7.5.9 to 7.5.19 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.9...v7.5.19) Updates `unhead` from 2.1.12 to 2.1.15 - [Release notes](https://github.com/unjs/unhead/releases) - [Commits](https://github.com/unjs/unhead/commits/v2.1.15/packages/unhead) Updates `ws` from 8.19.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.19.0...8.21.0) Updates `yaml` from 2.8.2 to 2.8.4 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.2...v2.8.4) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 2.1.1 dependency-type: indirect dependency-group: npm-security - dependency-name: defu dependency-version: 6.1.7 dependency-type: indirect dependency-group: npm-security - dependency-name: devalue dependency-version: 5.8.1 dependency-type: indirect dependency-group: npm-security - dependency-name: h3 dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm-security - dependency-name: launch-editor dependency-version: 2.14.1 dependency-type: indirect dependency-group: npm-security - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm-security - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm-security - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm-security - dependency-name: nuxt dependency-version: 4.4.8 dependency-type: indirect dependency-group: npm-security - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm-security - dependency-name: serialize-javascript dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm-security - dependency-name: shell-quote dependency-version: 1.9.0 dependency-type: indirect dependency-group: npm-security - dependency-name: simple-git dependency-version: 3.36.0 dependency-type: indirect dependency-group: npm-security - dependency-name: srvx dependency-version: 0.11.17 dependency-type: indirect dependency-group: npm-security - dependency-name: tar dependency-version: 7.5.19 dependency-type: indirect dependency-group: npm-security - dependency-name: unhead dependency-version: 2.1.15 dependency-type: indirect dependency-group: npm-security - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: npm-security - dependency-name: yaml dependency-version: 2.8.4 dependency-type: indirect dependency-group: npm-security ... Signed-off-by: dependabot[bot] <support@github.com>
5882ce5 to
b73e440
Compare
Bumps the npm-security group with 1 update in the / directory: nuxt.
Updates
nuxtfrom 4.4.2 to 4.4.8Release notes
Sourced from nuxt's releases.
... (truncated)
Commits
2bfc2c8v4.4.8e6d578ffix(nuxt): revert unhead dependency back to v29056215fix(deps): update nuxt/scripts presetsb7d5790v4.4.7dbc5896chore: linte447a79fix(nuxt): reject cross-origin paths inreloadNuxtAppd72a89erefactor(nuxt): replacerunInNewContextwith AST walker2cce6fbfix(nuxt): block path-normalization open redirect innavigateTo0103ce0fix(nuxt): reject script-capable protocols in\<NuxtLink>href07e39cdfix(nuxt): match route rules case-insensitively to mirrorvue-routerUpdates
brace-expansionfrom 2.0.1 to 2.1.2Release notes
Sourced from brace-expansion's releases.
Commits
9e67a3b2.1.2835d6befix: v2 backport for CVE-2026-13149 (#123)64b71d32.1.1c3a817cBackport v5.0.6 change to v2 (#109)1ee4a902.1.0b0302acAdd opt-in { max } mitigation to v2 legacy line (#100)73b54592.0.3311ac0dBackport fix for GHSA-f886-m6hf-6m8v to v2 (#96)a3efcee2.0.214f1d91pkg: publish on tag 2.xUpdates
defufrom 6.1.4 to 6.1.7Release notes
Sourced from defu's releases.
Changelog
Sourced from defu's changelog.
... (truncated)
Commits
80c0146chore(release): v6.1.740d7ef4fix(defu.d.cts): export Defu types (#157)3d3a7c8build: correct thetypesexport entry (#160)001c290chore(release): v6.1.6407b516build: fix mixed types23e59e6chore(release): v6.1.511ba022fix: ignore inherited enumerable properties3942bfbfix: prevent prototype pollution via__proto__in defaults (#156)d3ef16dchore(deps): update actions/checkout action to v6 (#151)869a053chore(deps): update actions/setup-node action to v6 (#149)Updates
devaluefrom 5.6.3 to 5.8.1Release notes
Sourced from devalue's releases.
Changelog
Sourced from devalue's changelog.
Commits
796ea83Version Packages (#152)206ca67Merge commit from fork14933f7Version Packages (#151)c5115b0feat:stringifyAsync(#150)67dad45docs: update README to reflect serialization stability non-goal (#147)6eb920aVersion Packages (#146)8becc7cfix: handle regexes consistently in uneval's value and reference formats (#145)2eee2e4Version Packages (#144)498656eDataView support (#143)5590634Improve platform types support (#142)Updates
h3from 1.15.5 to 1.15.11Release notes
Sourced from h3's releases.
... (truncated)
Changelog
Sourced from h3's changelog.
... (truncated)
Commits
7b9f41fchore(release): v1.15.11d166186chore: update cookie-es4998dd8chore: update deps6125485chore: update defu to 6.1.6b72bb57chore(release): v1.15.10d8ef318remove resolutions for h326fec6fchore: update deps51ca9b3fix: preserve percent-encoded req.url in app event handler (#1355)4e8d43achore(release): v1.15.923045dfchore: update depsUpdates
launch-editorfrom 2.13.1 to 2.14.1Commits
3f97c64v2.14.10cc9550fix: reject UNC paths (#138)afd1ab9ci: run tests on mac and windows (#136)0bfa328test: add some tests for launch-editor package (#135)1b006aechore: add README (#134)383ef26v2.14.06277209ci: harden publish settings520b2f7fix(deps): update all non-major dependencies (#129)475ac66chore(deps): update dependency lint-staged to v17 (#130)247bf1dchore(deps): update dependency yorkie to v2 (#131)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for launch-editor since your current version.
Updates
lodashfrom 4.17.23 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
minimatchfrom 5.1.6 to 5.1.9Commits
4419b6e5.1.9383ce59docs: add warning about ReDoSb02ef18fix partial matching of globstar patternse92ae295.1.879e4447limit recursion for **, improve perf considerably85ec0fflockfile update647146elock node version to 1485646c85.1.7977c2d8update CI matrix and actions421ad12update test expectations for coalesced consecutive starsUpdates
node-forgefrom 1.3.3 to 1.4.0Changelog
Sourced from node-forge's changelog.
... (truncated)
Commits
fa385f9Release 1.4.0.07d4e16Update changelog.cb90fd9Update changelog.963e7c5Add unit test for "pseudonym"f0b6f5bAdd pseudonym OID3df48a3Fix missing CVE ID.2e49283Add x509basicConstraintscheck.bdecf11Add canonical signature scaler check for S < L.af094e6Add RSA padding and DigestInfo length checks.796eeb1Improve jsbn fix.Updates
picomatchfrom 2.3.1 to 2.3.2Release notes
Sourced from picomatch's releases.
Changelog
Sourced from picomatch's changelog.
... (truncated)
Commits
81cba8dPublish 2.3.2fc1f6b6Merge commit from forkeec17aeMerge commit from fork78f8ca4Merge pull request #156 from micromatch/backport-1443f4f10eMerge pull request #144 from Jason3S/jdent-object-propertiesUpdates
serialize-javascriptfrom 6.0.2 to 7.0.7Release notes
Sourced from serialize-javascript's releases.
... (truncated)
Commits
01bec60release: v7.0.75009715fix: reject spoofed RegExp objects with non-string source property153eb43release: v7.0.6a83d2cbfix: reject spoofed URL objects with non-string toString() result451af65build(deps-dev): bump lodash from 4.17.23 to 4.18.1 (#215)df3f1c1release: v7.0.5f147e90Merge commit from forkeec32e0release: v7.0.4d5057157.0.32e609d0fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.
Updates
shell-quotefrom 1.8.3 to 1.10.0Changelog
Sourced from shell-quote's changelog.