Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 14 updates #903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build(deps): bump the npm_and_yarn group across 1 directory with 14 updates #903

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 11, 2025

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package From To
vite 5.2.8 5.4.18
vitest 1.4.0 1.6.1
@babel/helpers 7.24.1 7.27.0
braces 3.0.2 3.0.3
ejs 3.1.9 3.1.10
express 4.19.2 4.21.2
store2 2.14.3 2.14.4
tar-fs 2.1.1 2.1.2
ws 8.14.2 8.18.1

Updates vite from 5.2.8 to 5.4.18

Release notes

Sourced from vite's releases.

v5.4.18

Please refer to CHANGELOG.md for details.

v5.4.17

Please refer to CHANGELOG.md for details.

v5.4.16

Please refer to CHANGELOG.md for details.

v5.4.15

Please refer to CHANGELOG.md for details.

v5.4.14

Please refer to CHANGELOG.md for details.

v5.4.13

Please refer to CHANGELOG.md for details.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

5.4.18 (2025-04-10)

5.4.17 (2025-04-03)

5.4.16 (2025-03-31)

5.4.15 (2025-03-24)

5.4.14 (2025-01-21)

5.4.13 (2025-01-20)

5.4.12 (2025-01-20)

  • fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
  • fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
  • fix: verify token for HMR WebSocket connection (b71a5c8)
  • chore: add deps update changelog (ecd2375)

5.4.11 (2024-11-11)

  • fix(deps): update dependencies of postcss-modules (ceb15db), closes #18617

... (truncated)

Commits

Updates vitest from 1.4.0 to 1.6.1

Release notes

Sourced from vitest's releases.

v1.6.1

This release includes security patches for:

   🐞 Bug Fixes

    View changes on GitHub

v1.6.0

   🚀 Features

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v1.5.3

   🐞 Bug Fixes

... (truncated)

Commits

Updates @babel/helpers from 7.24.1 to 7.27.0

Release notes

Sourced from @​babel/helpers's releases.

v7.27.0 (2025-03-24)

Thanks @​ishchhabra and @​vovkasm for your first PRs!

👓 Spec Compliance

  • babel-generator, babel-parser

🚀 New Feature

  • babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • babel-parser, babel-types
    • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
  • babel-generator
  • babel-parser, babel-template
  • babel-plugin-transform-typescript, babel-traverse
  • babel-parser
  • babel-types
    • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-traverse
  • babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-cli
  • babel-plugin-transform-named-capturing-groups-regex, babel-types

🏃‍♀️ Performance

Committers: 5

v7.26.10 (2025-03-11)

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.27.0 (2025-03-24)

👓 Spec Compliance

  • babel-generator, babel-parser

🚀 New Feature

  • babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • babel-parser, babel-types
    • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
  • babel-generator
  • babel-parser, babel-template
  • babel-plugin-transform-typescript, babel-traverse
  • babel-parser
  • babel-types
    • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-traverse
  • babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-cli
  • babel-plugin-transform-named-capturing-groups-regex, babel-types

🏃‍♀️ Performance

v7.26.10 (2025-03-11)

👓 Spec Compliance

🐛 Bug Fix

... (truncated)

Commits

Updates braces from 3.0.2 to 3.0.3

Commits

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.
Changelog

Sourced from nanoid's changelog.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).
Commits

Updates path-to-regexp from 0.1.7 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

  • Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

  • Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Backtrack protection

Fixed

  • Add backtrack protection to parameters 29b96b4
    • This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

  • Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

  • Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

Updates rollup from 4.14.0 to 4.39.0

Release notes

Sourced from rollup's releases.

v4.39.0

4.39.0

2025-04-02

Features

  • Do not create separate facade chunks if a chunk would contain several entry modules that allow export extension if there are no export name conflicts (#5891)

Bug Fixes

  • Mark the id property as optional in the filter for the resolveId hook (#5896)

Pull Requests

v4.38.0

4.38.0

2025-03-29

Features

  • Support .filter option in resolveId, load and transform hooks (#5882)

Pull Requests

v4.37.0

4.37.0

2025-03-23

Features

  • Support Musl Linux on Riscv64 architectures (#5726)
  • Handles class decorators placed before the export keyword (#5871)

Bug Fixes

  • Log Rust panic messages to the console when using the WASM build (#5875)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.39.0

2025-04-02

Features

  • Do not create separate facade chunks if a chunk would contain several entry modules that allow export extension if there are no export name conflicts (#5891)

Bug Fixes

  • Mark the id property as optional in the filter for the resolveId hook (#5896)

Pull Requests

4.38.0

2025-03-29

Features

  • Support .filter option in resolveId, load and transform hooks (#5882)

Pull Requests

4.37.0

2025-03-23

Features

  • Support Musl Linux on Riscv64 architectures (#5726)
  • Handles class decorators placed before the export keyword (#5871)

Bug Fixes

  • Log Rust panic messages to the console when using the WASM build (#5875)

Pull Requests

... (truncated)

Commits

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 14 u…
470d26a 
…pdates

Bumps the npm_and_yarn group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.2.8` | `5.4.18` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `1.4.0` | `1.6.1` |
| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.24.1` | `7.27.0` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` |
| [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.2` |
| [store2](https://github.com/nbubna/store) | `2.14.3` | `2.14.4` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.2` |
| [ws](https://github.com/websockets/ws) | `8.14.2` | `8.18.1` |



Updates `vite` from 5.2.8 to 5.4.18
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.18/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.18/packages/vite)

Updates `vitest` from 1.4.0 to 1.6.1
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v1.6.1/packages/vitest)

Updates `@babel/helpers` from 7.24.1 to 7.27.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.0/packages/babel-helpers)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `ejs` from 3.1.9 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v3.1.9...v3.1.10)

Updates `express` from 4.19.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.19.2...4.21.2)

Updates `nanoid` from 3.3.7 to 3.3.11
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.7...3.3.11)

Updates `path-to-regexp` from 0.1.7 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12)

Updates `rollup` from 4.14.0 to 4.39.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.14.0...v4.39.0)

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.18.0...0.19.0)

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `store2` from 2.14.3 to 2.14.4
- [Commits](nbubna/store@2.14.3...2.14.4)

Updates `tar-fs` from 2.1.1 to 2.1.2
- [Commits](mafintosh/tar-fs@v2.1.1...v2.1.2)

Updates `ws` from 8.14.2 to 8.18.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.14.2...8.18.1)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 5.4.18
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 1.6.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/helpers"
  dependency-version: 7.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 3.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-version: 3.1.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-version: 3.3.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.39.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: store2
  dependency-version: 2.14.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@vercel Vercel
Copy link

vercel bot commented Apr 11, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
macaw-ui ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 11, 2025 3:17pm

@dependabot dependabot bot requested a review from a team as a code owner April 11, 2025 15:16
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 11, 2025
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Apr 11, 2025

⚠️ No Changeset found

Latest commit: 470d26a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions GitHub Actions
Copy link
Contributor

Differences Found

⚠️ 15 packages or licenses were added.

Expand 
License	Package
MIT	@rollup/rollup-freebsd-arm64
MIT	@rollup/rollup-freebsd-x64
MIT	@rollup/rollup-linux-arm-musleabihf
MIT	@rollup/rollup-linux-loongarch64-gnu
MIT	@rollup/rollup-linux-riscv64-musl
MIT	call-bind-apply-helpers
MIT	call-bound
MIT	confbox
MIT	dunder-proto
MIT	es-object-atoms
MIT	get-proto
MIT	math-intrinsics
MIT	side-channel-list
MIT	side-channel-map
MIT	side-channel-weakmap

Summary

Expand
License Name Package Count Packages
0BSD 1
Packages
  • tslib
<<missing>> 1
Packages
  • macaw-ui
CC-BY-3.0 1
Packages
  • spdx-exceptions
CC-BY-4.0 1
Packages
  • caniuse-lite
Python-2.0 1
Packages
  • argparse
Unlicense 1
Packages
  • big-integer
BlueOak-1.0.0 2
Packages
  • jackspeak
  • path-scurry
CC0-1.0 2
Packages
  • spdx-license-ids
  • type-fest
BSD-3-Clause 8
Packages
  • @humanwhocodes/object-schema
  • esquery
  • ieee754
  • qs
  • source-map
  • source-map-js
  • sprintf-js
  • tough-cookie
Apache-2.0 16
Packages
  • @ampproject/remapping
  • @humanwhocodes/config-array
  • @humanwhocodes/module-importer
  • aria-query
  • doctrine
  • ejs
  • eslint-visitor-keys
  • filelist
  • find-yarn-workspace-root2
  • human-signals
  • jake
  • lazy-universal-dotenv
  • spdx-correct
  • typescript
  • validate-npm-package-license
  • xml-name-validator
BSD-2-Clause 23
Packages
  • @base2/pretty-print-object
  • @typescript-eslint/parser
  • @typescript-eslint/typescript-estree
  • @yarnpkg/esbuild-plugin-pnp
  • @yarnpkg/fslib
  • @yarnpkg/libzip
  • css-what
  • dotenv
  • dotenv-expand
  • entities
  • escodegen
  • eslint-scope
  • espree
  • esprima
  • esrecurse
  • estraverse
  • esutils
  • glob-to-regexp
  • normalize-package-data
  • regjsparser
  • And 3 more...
ISC 44
Packages
  • @isaacs/cliui
  • @ungap/structured-clone
  • anymatch
  • chownr
  • cliui
  • electron-to-chromium
  • eslint-import-resolver-typescript
  • fastq
  • flatted
  • foreground-child
  • fs-minipass
  • fs.realpath
  • get-caller-file
  • github-slugger
  • glob
  • glob-parent
  • graceful-fs
  • hosted-git-info
  • inflight
  • inherits
  • And 24 more...
MIT 1019
Packages
  • @aashutoshrathi/word-wrap
  • @adobe/css-tools
  • @aw-web-design/x-default-browser
  • @babel/code-frame
  • @babel/compat-data
  • @babel/core
  • @babel/generator
  • @babel/helper-annotate-as-pure
  • @babel/helper-builder-binary-assignment-operator-visitor
  • @babel/helper-compilation-targets
  • @babel/helper-create-class-features-plugin
  • @babel/helper-create-regexp-features-plugin
  • @babel/helper-define-polyfill-provider
  • @babel/helper-environment-visitor
  • @babel/helper-function-name
  • @babel/helper-hoist-variables
  • @babel/helper-member-expression-to-functions
  • @babel/helper-module-imports
  • @babel/helper-module-transforms
  • @babel/helper-optimise-call-expression
  • And 999 more...

@github-actions GitHub Actions
Copy link
Contributor

This pull request is stale because it has been open 14 days with no activity.

@github-actions github-actions bot added the stale label Apr 26, 2025
@github-actions GitHub Actions
Copy link
Contributor

This PR request has been closed because it has been stalled for 2 days with no activity. You are still welcome to reopen it and continue from where you finished. Best regards Saleor team

@github-actions github-actions bot closed this Apr 28, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 28, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-b718c305a0 branch April 28, 2025 02:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants