Skip to content

Bump the npm_and_yarn group across 1 directory with 13 updates #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 13 updates #8

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 22, 2025

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
cookie 0.4.2 0.7.1
socket.io 4.7.4 4.8.1
express 4.19.2 4.21.2
dompurify 2.4.3 3.2.3
ngx-markdown 16.0.0 19.0.0
http-proxy-middleware 2.0.6 2.0.7
katex 0.16.9 0.16.21
nanoid 3.3.7 3.3.8
rollup 3.29.4 3.29.5
vite 4.5.2 6.0.11
@angular-devkit/build-angular 16.2.12 19.1.3

Updates cookie from 0.4.2 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

  • Add partitioned option

0.5.0

  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates socket.io from 4.7.4 to 4.8.1

Release notes

Sourced from socket.io's releases.

[email protected]

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

[email protected]

Bug Fixes

  • bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

[email protected]

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:

import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});

Here is the list of provided implementations:

Transport Description
Fetch HTTP long-polling based on the built-in fetch() method.
NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.
XHR HTTP long-polling based on the built-in XMLHttpRequest object.
NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.
WebSocket WebSocket transport based on the built-in WebSocket object.
WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates dompurify from 2.4.3 to 3.2.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.3

DOMPurify 3.2.2

  • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @​yaniv-git
  • Fixed several minor issues with the type definitions, thanks again @​reduckted
  • Fixed a minor issue with the types reference for trusted types, thanks @​reduckted
  • Fixed a minor problem with the template detection regex on some systems, thanks @​svdb99

DOMPurify 3.2.1

DOMPurify 3.2.0

DOMPurify 3.1.7

  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
  • Added better support for Angular compiler, thanks @​jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua
  • Removed the foreignObject element from the list of HTML entry-points, thanks @​masatokinugawa
  • Bumped several dependencies to be more up to date

DOMPurify 3.1.6

  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @​kevin-mizu
  • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @​realansgar
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Fixed several minor typos in docs, comments and comment blocks, thanks @​Rotzbua
  • Updated several development dependencies

DOMPurify 3.1.5

  • Fixed a minor issue with the dist paths in bower.js, thanks @​HakumenNC
  • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @​kakao-bishop-cho

DOMPurify 3.1.4

  • Fixed an issue with the recently implemented isNaN checks, thanks @​tulach
  • Added several new popover attributes to allow-list, thanks @​Gigabyte5671
  • Fixed the tests and adjusted the test runner to cover all branches

DOMPurify 3.1.3

  • Fixed several mXSS variations found by and thanks to @​kevin-mizu & @​Ry0taK
  • Added better configurability for comment scrubbing default behavior
  • Added better hardening against Prototype Pollution attacks, thanks @​kevin-mizu
  • Added better handling and readability of the nodeType property, thanks @​ssi02014
  • Fixed some smaller issues in README and other documentation

DOMPurify 3.1.2

... (truncated)

Commits
  • f1106aa chore: Preparing 3.2.3 release
  • 9c71e04 fix: Added clobbering check for sanitizeAttribute to prevent an error
  • c183cd6 fix: Fixed a config-dependent bypass caused by skipped attribute checks, than...
  • 6e76ece fix: Fixed a config-dependent bypass relating to data-attributes, thanks @​Slo...
  • c3879a5 Merge pull request #1041 from CoryHrycko/patch-1
  • 0e1c724 Update tags.ts
  • 8513afd Update README.md
  • b883b9e Update README.md
  • 3b4b5e9 Merge pull request #1037 from svdb99/main
  • b9e9087 Fix #1033
  • Additional commits viewable in compare view

Updates ngx-markdown from 16.0.0 to 19.0.0

Release notes

Sourced from ngx-markdown's releases.

v19.0.0

Update Angular 19

Library has been updated to support Angular 19.

It is recommended to stick with ngx-markdown v18.x.x if you are using Angular 18.

New features and enhancements

  • Update to Angular 19
  • Update marked dependency to 15.0.0
  • Add global configuration for mermaid plugin and update options

⚠ Breaking changes

Marked dependency

Marked has been updated to the latest version, 15.0.0. The renderer token override functions have changed and need to be adjusted. Extension packages will also need to be updated to match the new marked version.

Mermaid plugin

Mermaid options have been updated and bring model changes. Minor adjustments will need to be made, please refer to lib/src/mermaid-options.ts for updated typings.

Special thanks

🥇 Thanks to @​pkurcx for his contribution to update Angular 19.

Commits

v18.1.0

New features and enhancements

Bug Fixes

Special Thanks

🥇 Thanks to @​klofi for his contribution in fixing globally imported CLIPBOARD_OPTIONS 🥇 Thanks to @​hardikpatel043 for his contribution in adding support for mermaid 11.0.0

v18.0.0

Update Angular 18

... (truncated)

Commits

Updates http-proxy-middleware from 2.0.6 to 2.0.7

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.7

  • ci(github actions): add publish.yml
  • fix(filter): handle errors
Commits

Updates katex from 0.16.9 to 0.16.21

Release notes

Sourced from katex's releases.

v0.16.21

0.16.21 (2025-01-17)

Bug Fixes

v0.16.20

0.16.20 (2025-01-12)

Bug Fixes

v0.16.19

0.16.19 (2024-12-29)

Bug Fixes

v0.16.18

0.16.18 (2024-12-18)

Bug Fixes

  • Actually publish TypeScript type definitions (#4008) (629b873)

v0.16.17

0.16.17 (2024-12-17)

Bug Fixes

  • MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM (#3999) (7d79e22), closes #3995

v0.16.16

0.16.16 (2024-12-17)

Features

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.21 (2025-01-17)

Bug Fixes

  • escape \htmlData attribute name (57914ad)

0.16.20 (2025-01-12)

Bug Fixes

0.16.19 (2024-12-29)

Bug Fixes

0.16.18 (2024-12-18)

Bug Fixes

  • Actually publish TypeScript type definitions (#4008) (629b873)

0.16.17 (2024-12-17)

Bug Fixes

  • MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM (#3999) (7d79e22), closes #3995

0.16.16 (2024-12-17)

Features

0.16.15 (2024-12-09)

Features

  • italic sans-serif in math mode via \mathsfit command (#3998) (2218901)

0.16.14 (2024-12-08)

... (truncated)

Commits
  • 923f2aa chore(release): 0.16.21 [ci skip]
  • 57914ad fix: escape \htmlData attribute name
  • ff28995 Merge commit from fork
  • 28a0bf5 chore(release): 0.16.20 [ci skip]
  • 6d30fe4 fix: \providecommand does not overwrite existing macro (#4000)
  • 8f47dba chore(deps): update actions/upload-artifact to v4 (#4012)
  • 88b5056 chore(release): 0.16.19 [ci skip]
  • 4228b4e fix(types): improve strict function type (#4009)
  • f934646 chore(release): 0.16.18 [ci skip]
  • 629b873 fix: Actually publish TypeScript type definitions (#4008)
  • Additional commits viewable in compare view

Updates mermaid from 9.4.3 to 11.4.1

Release notes

Sourced from mermaid's releases.

[email protected]

Patch Changes

  • #6059 01b5079 Thanks @​knsv! - fix: Kanban diagrams will not render when adding a number as ticket id or assigned for a task

  • #6038 1388662 Thanks @​knsv! - fix: Intersection calculations for tilted cylinder/DAS when using handdrawn look. Some random seeds could cause the calculations to break.

  • #6079 fe3cffb Thanks @​aloisklink! - Bump dompurify to ^3.2.1. This removes the need for @types/dompurify.

[email protected]

Minor Changes

  • #5999 742ad7c Thanks @​knsv! - Adding Kanban board, a new diagram type

  • #5880 bdf145f Thanks @​yari-dewalt! - Class diagram changes:

    • Updates the class diagram to the new unified way of rendering.
    • Includes a new "classBox" shape to be used in diagrams
    • Other updates such as:
      • the option to hide the empty members box in class diagrams,
      • support for handDrawn look,
      • the introduction of the classDef statement into class diagrams,
      • support for styling the default class,
      • support lollipop interfaces.
    • Includes fixes / additions for #5562 #3139 and #4037

Patch Changes

[email protected]

Minor Changes

Patch Changes

  • #5849 6c5b7ce Thanks @​ReneLombard! - Fixed an issue when the mermaid classdiagram crashes when adding a . to the namespace. Forexample

    classDiagram
  namespace Company.Project.Module {
    Loading

... (truncated)

Commits
  • 9868f3a Merge pull request #6084 from mermaid-js/changeset-release/master
  • d8bf155 Version Packages
  • 0b4f852 Merge pull request #6083 from mermaid-js/release/11.4.1
  • 0dff4ca chore: broken link clean up. Enable flowchart elk tests
  • cc29437 Merge pull request #6081 from mermaid-js/6080-fix
  • dfaaf36 Merge pull request #6079 from aloisklink/chore/update-to-dompurify-3.2.1
  • 3753831 Added cypress test
  • c7ae08a #6080: Fix for issue with diamond intersections when using elk-layout
  • 69973ea Merge branch 'develop' into 6080-fix
  • d3b2c7e Revert "#6080: Fix for issue with diamond intersections when using elk-layout"
  • Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).
Commits

Updates rollup from 3.29.4 to 3.29.5

Release notes

Sourced from rollup's releases.

v3.29.5

3.29.5

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

Changelog

Sourced from rollup's changelog.

3.29.5

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

4.22.4

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

4.22.3

2024-09-21

Bug Fixes

  • Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

4.22.2

2024-09-20

Bug Fixes

  • Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

4.22.1

... (truncated)

Commits

Updates vite from 4.5.2 to 6.0.11

Release notes

Sourced from vite's releases.

v6.0.11

Please refer to CHANGELOG.md for details.

v6.0.10

Please refer to CHANGELOG.md for details.

v6.0.9

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v6.0.8

Please refer to CHANGELOG.md for details.

v6.0.7

Please refer to CHANGELOG.md for details.

v6.0.6

Please refer to CHANGELOG.md for details.

v6.0.5

Please refer to CHANGELOG.md for details.

v6.0.4

Please refer to CHANGELOG.md for details.

v6.0.3

Please refer to CHANGELOG.md for details.

v6.0.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.0.1

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0-beta.10

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.11 (2025-01-21)

6.0.10 (2025-01-20)

6.0.9 (2025-01-20)

  • fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
  • fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
  • fix: verify token for HMR WebSocket connection (029dcd6)

6.0.8 (2025-01-20)

@dependabot
Bump the npm_and_yarn group across 1 directory with 13 updates
a8fd70c 
Bumps the npm_and_yarn group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.1` |
| [socket.io](https://github.com/socketio/socket.io) | `4.7.4` | `4.8.1` |
| [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.2` |
| [dompurify](https://github.com/cure53/DOMPurify) | `2.4.3` | `3.2.3` |
| [ngx-markdown](https://github.com/jfcere/ngx-markdown) | `16.0.0` | `19.0.0` |
| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.7` |
| [katex](https://github.com/KaTeX/KaTeX) | `0.16.9` | `0.16.21` |
| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` |
| [rollup](https://github.com/rollup/rollup) | `3.29.4` | `3.29.5` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.2` | `6.0.11` |
| [@angular-devkit/build-angular](https://github.com/angular/angular-cli) | `16.2.12` | `19.1.3` |



Updates `cookie` from 0.4.2 to 0.7.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.2...v0.7.1)

Updates `socket.io` from 4.7.4 to 4.8.1
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/[email protected])

Updates `express` from 4.19.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.19.2...4.21.2)

Updates `dompurify` from 2.4.3 to 3.2.3
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@2.4.3...3.2.3)

Updates `ngx-markdown` from 16.0.0 to 19.0.0
- [Release notes](https://github.com/jfcere/ngx-markdown/releases)
- [Commits](jfcere/ngx-markdown@v16.0.0...v19.0.0)

Updates `http-proxy-middleware` from 2.0.6 to 2.0.7
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.7/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.7)

Updates `katex` from 0.16.9 to 0.16.21
- [Release notes](https://github.com/KaTeX/KaTeX/releases)
- [Changelog](https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md)
- [Commits](KaTeX/KaTeX@v0.16.9...v0.16.21)

Updates `mermaid` from 9.4.3 to 11.4.1
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/mermaid-js/mermaid/compare/[email protected])

Updates `nanoid` from 3.3.7 to 3.3.8
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.7...3.3.8)

Updates `rollup` from 3.29.4 to 3.29.5
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v3.29.4...v3.29.5)

Updates `vite` from 4.5.2 to 6.0.11
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.0.11/packages/vite)

Updates `@angular-devkit/build-angular` from 16.2.12 to 19.1.3
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@16.2.12...19.1.3)

Updates `ws` from 7.5.9 to 8.11.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.9...8.11.0)

---
updated-dependencies:
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socket.io
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ngx-markdown
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: http-proxy-middleware
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: katex
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mermaid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@angular-devkit/build-angular"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 22, 2025
@vercel Vercel
Copy link

vercel bot commented Jan 22, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
lamdev ❌ Failed (Inspect) Jan 22, 2025 6:10am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants