Skip to content

Bump the npm_and_yarn group with 13 updates #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group with 13 updates #27

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 11, 2024

Bumps the npm_and_yarn group with 14 updates:

Package From To
ansi-regex 5.0.0 5.0.1
ansi-regex 4.1.0 5.0.1
braces 3.0.2 3.0.3
webpack 4.44.2 5.94.0
@storybook/addon-essentials 6.5.16 8.2.9
@storybook/preset-create-react-app 3.1.7 8.2.9
@storybook/react 6.5.16 8.2.9
async 2.6.3 3.2.6
dns-packet 1.3.1 5.6.1
decode-uri-component 0.2.0 0.2.2
eventsource 1.1.0 1.1.2
node-forge 0.10.0 1.3.1
terser 4.8.0 5.32.0
webpack-dev-middleware 3.7.3 5.3.4

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

Updates ansi-regex from 4.1.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

Updates braces from 3.0.2 to 3.0.3

Commits

Updates webpack from 4.44.2 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import
  • Fixed consumption of eager shared modules for module federation
  • Strip slash for pretty regexp
  • Calculate correct contenthash for CSS generator options

New Features

  • Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
  • Added the modern-module library value for tree shakable output
  • Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

  • Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

  • Correct tidle range's comutation for module federation
  • Consider runtime for pure expression dependency update hash
  • Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits
  • eabf85d chore(release): 5.94.0
  • 955e057 security: fix DOM clobbering in auto public path
  • 9822387 test: fix
  • cbb86ed test: fix
  • 5ac3d7f fix: unexpected asi generation with sequence expression
  • 2411661 security: fix DOM clobbering in auto public path
  • b8c03d4 fix: unexpected asi generation with sequence expression
  • f46a03c revert: do not use heuristic fallback for "module-import"
  • 60f1898 fix: do not use heuristic fallback for "module-import"
  • 66306aa Revert "fix: module-import get fallback from externalsPresets"
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.


Updates @storybook/addon-essentials from 6.5.16 to 8.2.9

Release notes

Sourced from @​storybook/addon-essentials's releases.

v8.2.9

8.2.9

v8.2.8

8.2.8

  • CLI: Parse more Yarn Berry errors - #28816, thanks @​yannbf!
  • Fix: Invariant failed: Expected package.json#version to be defined in the "undefined" package - #28752, thanks @​abcdmku!

v8.2.7

8.2.7

v8.2.6

8.2.6

v8.2.5

8.2.5

v8.2.4

8.2.4

v8.2.3

8.2.3

... (truncated)

Changelog

Sourced from @​storybook/addon-essentials's changelog.

8.2.9

8.2.8

  • CLI: Parse more Yarn Berry errors - #28816, thanks @​yannbf!
  • Fix: Invariant failed: Expected package.json#version to be defined in the "undefined" package - #28752, thanks @​abcdmku!

8.2.7

8.2.6

8.2.5

8.2.4

8.2.3

8.2.2

... (truncated)

Commits
  • 95d8beb Bump version from "8.2.8" to "8.2.9" [skip ci]
  • 2faeae2 Bump version from "8.2.7" to "8.2.8" [skip ci]
  • 97d8476 Bump version from "8.2.6" to "8.2.7" [skip ci]
  • ea266a0 Bump version from "8.2.5" to "8.2.6" [skip ci]
  • e3c5995 Bump version from "8.2.4" to "8.2.5" [skip ci]
  • 7b84561 Bump version from "8.2.3" to "8.2.4" [skip ci]
  • 7067b33 Bump version from "8.2.2" to "8.2.3" [skip ci]
  • 480359d Bump version from "8.2.1" to "8.2.2" [skip ci]
  • 9c3d891 Bump version from "8.2.0" to "8.2.1" [skip ci]
  • 8b2f2db Bump version from "8.2.0-beta.3" to "8.2.0" [skip ci]
  • Additional commits viewable in compare view

Updates @storybook/preset-create-react-app from 3.1.7 to 8.2.9

Release notes

Sourced from @​storybook/preset-create-react-app's releases.

v8.2.9

8.2.9

v8.2.8

8.2.8

  • CLI: Parse more Yarn Berry errors - #28816, thanks @​yannbf!
  • Fix: Invariant failed: Expected package.json#version to be defined in the "undefined" package - #28752, thanks @​abcdmku!

v8.2.7

8.2.7

v8.2.6

8.2.6

v8.2.5

8.2.5

v8.2.4

8.2.4

v8.2.3

8.2.3

... (truncated)

Changelog

Sourced from @​storybook/preset-create-react-app's changelog.

4.1.2

  • Use overrides from SB rather than defining ourselves #254

4.1.1

  • Update peer dependencies and add a note about versions #252

4.1.0

  • Add support for builder.core options to CRA preset #240

4.0.2

  • Fix bug merging core presets #238 #239

4.0.1

  • Support CJS files using Storybook's config #229

4.0.0

  • CRA: Add compatibility for CRA v5 #214

3.2.0

  • Add disableWebpackDefaults for forward-compatibility with SB core
Commits
  • 95d8beb Bump version from "8.2.8" to "8.2.9" [skip ci]
  • 2faeae2 Bump version from "8.2.7" to "8.2.8" [skip ci]
  • 97d8476 Bump version from "8.2.6" to "8.2.7" [skip ci]
  • ea266a0 Bump version from "8.2.5" to "8.2.6" [skip ci]
  • e3c5995 Bump version from "8.2.4" to "8.2.5" [skip ci]
  • 7b84561 Bump version from "8.2.3" to "8.2.4" [skip ci]
  • 7067b33 Bump version from "8.2.2" to "8.2.3" [skip ci]
  • 480359d Bump version from "8.2.1" to "8.2.2" [skip ci]
  • 9c3d891 Bump version from "8.2.0" to "8.2.1" [skip ci]
  • 8b2f2db Bump version from "8.2.0-beta.3" to "8.2.0" [skip ci]
  • Additional commits viewable in compare view

Updates @storybook/react from 6.5.16 to 8.2.9

Release notes

Sourced from @​storybook/react's releases.

v8.2.9

8.2.9

v8.2.8

8.2.8

  • CLI: Parse more Yarn Berry errors - #28816, thanks @​yannbf!
  • Fix: Invariant failed: Expected package.json#version to be defined in the "undefined" package - #28752, thanks @​abcdmku!

v8.2.7

8.2.7

v8.2.6

8.2.6

v8.2.5

8.2.5

v8.2.4

8.2.4

v8.2.3

8.2.3

... (truncated)

Changelog

Sourced from @​storybook/react's changelog.

8.2.9

8.2.8

  • CLI: Parse more Yarn Berry errors - #28816, thanks @​yannbf!
  • Fix: Invariant failed: Expected package.json#version to be defined in the "undefined" package - #28752, thanks @​abcdmku!

8.2.7

8.2.6

8.2.5

8.2.4

8.2.3

8.2.2

... (truncated)

Commits
  • 95d8beb Bump version from "8.2.8" to "8.2.9" [skip ci]
  • 2faeae2 Bump version from "8.2.7" to "8.2.8" [skip ci]
  • 97d8476 Bump version from "8.2.6" to "8.2.7" [skip ci]
  • 9a36be4 Merge pull request #28764 from storybookjs/kasper/introduce-run
  • 3333ee1 Merge pull request #28745 from storybookjs/norbert/cpc-fix-types-usage
  • ea266a0 Bump version from "8.2.5" to "8.2.6" [skip ci]
  • e3c5995 Bump version from "8.2.4" to "8.2.5" [skip ci]
  • beb96d5 git cherry-pick -m1 -x 4db60d6d8cefabb235c9245375c1699c5b0fcd5e
  • 7b84561 Bump version from "8.2.3" to "8.2.4" [skip ci]
  • de22531 Merge pull request #28599 from storybookjs/norbert/cpc-add-shim-dependencies-...
  • Additional commits viewable in compare view

Updates async from 2.6.3 to 3.2.6

Changelog

Sourced from async's changelog.

v3.2.5

  • Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

  • Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
  • Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

  • Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

  • Fix potential prototype pollution exploit

v3.2.1

v3.2.0

  • Fix a bug in Safari related to overwriting func.name
  • Remove built-in browserify configuration (#1653)
  • Varios doc fixes (#1688, #1703, #1704)

v3.1.1

  • Allow redefining name property on wrapped functions.

v3.1.0

  • Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)
  • Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)
  • Fixed a parsing bug in autoInject with complicated function bodies (#1663)
  • Added ES6+ configuration for Browserify bundlers (#1653)
  • Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

  • Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)
  • Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.

</tr></table>

... (truncated)

Commits
  • 85fb18f Version 3.2.6
  • 8c0c941 Update built files
  • 5f756b4 Fix ReDoS (#1980)
  • 39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
  • 7b8ddeb build(deps-dev): bump @​babel/core from 7.24.7 to 7.25.2 (#1981)
  • 4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
  • afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
  • 3568a74 build(deps-dev): bump @​babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
  • 9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
  • f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
  • Additional commits viewable in compare view

Updates dns-packet from 1.3.1 to 5.6.1

Changelog

Sourced from dns-packet's changelog.

Version 5.6.0 - 2023-04-18

  • Feature: Added support for the TLSA record type.

Version 5.5.0 - 2023-03-27

  • Feature: Added support for the NAPTR record type.

Version 5.4.0 - 2022-06-14

  • Feature: Added support for the SSHFP record type.

Version 5.2.0 - 2019-02-21

  • Feature: Added support for de/encoding certain OPT options.

Version 5.1.0 - 2019-01-22

  • Feature: Added support for the RP record type.

Version 5.0.0 - 2018-06-01

  • Breaking: Node.js 6.0.0 or greater is now required.
  • Feature: Added support for DNSSEC record types.

Version 4.1.0 - 2018-02-11

  • Feature: Added support for the MX record type.

Version 4.0.0 - 2018-02-04

  • Feature: Added streamEncode and streamDecode methods for encoding TCP packets.
  • Breaking: Changed the decoded value of TXT records to an array of Buffers. This is to accomodate DNS-SD records which rely on the individual strings record being separated.
  • Breaking: Renamed the flag_trunc and flag_auth to flag_tc and flag_aa to match the names of these in the dns standards.

Version 3.0.0 - 2018-01-12

  • Breaking: The class option has been changed from integer to string.

Version 2.0.0 - 2018-01-11

  • Breaking: Converted module to ES2015, now requires Node.js 4.0 or greater
Commits

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

@dependabot
Bump the npm_and_yarn group with 13 updates
dd7ac6d 
Bumps the npm_and_yarn group with 14 updates:

| Package | From | To |
| --- | --- | --- |
| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |
| [ansi-regex](https://github.com/chalk/ansi-regex) | `4.1.0` | `5.0.1` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [webpack](https://github.com/webpack/webpack) | `4.44.2` | `5.94.0` |
| [@storybook/addon-essentials](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/essentials) | `6.5.16` | `8.2.9` |
| [@storybook/preset-create-react-app](https://github.com/storybookjs/storybook/tree/HEAD/code/presets/create-react-app) | `3.1.7` | `8.2.9` |
| [@storybook/react](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/react) | `6.5.16` | `8.2.9` |
| [async](https://github.com/caolan/async) | `2.6.3` | `3.2.6` |
| [dns-packet](https://github.com/mafintosh/dns-packet) | `1.3.1` | `5.6.1` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [eventsource](https://github.com/EventSource/eventsource) | `1.1.0` | `1.1.2` |
| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |
| [terser](https://github.com/terser/terser) | `4.8.0` | `5.32.0` |
| [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `3.7.3` | `5.3.4` |


Updates `ansi-regex` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v5.0.0...v5.0.1)

Updates `ansi-regex` from 4.1.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v5.0.0...v5.0.1)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `webpack` from 4.44.2 to 5.94.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v4.44.2...v5.94.0)

Updates `@storybook/addon-essentials` from 6.5.16 to 8.2.9
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v8.2.9/code/addons/essentials)

Updates `@storybook/preset-create-react-app` from 3.1.7 to 8.2.9
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/code/presets/create-react-app/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v8.2.9/code/presets/create-react-app)

Updates `@storybook/react` from 6.5.16 to 8.2.9
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v8.2.9/code/renderers/react)

Updates `async` from 2.6.3 to 3.2.6
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](caolan/async@v2.6.3...v3.2.6)

Updates `dns-packet` from 1.3.1 to 5.6.1
- [Changelog](https://github.com/mafintosh/dns-packet/blob/master/CHANGELOG.md)
- [Commits](mafintosh/dns-packet@v1.3.1...v5.6.1)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `eventsource` from 1.1.0 to 1.1.2
- [Changelog](https://github.com/EventSource/eventsource/blob/master/HISTORY.md)
- [Commits](EventSource/eventsource@v1.1.0...v1.1.2)

Updates `node-forge` from 0.10.0 to 1.3.1
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@0.10.0...v1.3.1)

Updates `terser` from 4.8.0 to 5.32.0
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](terser/terser@v4.8.0...v5.32.0)

Updates `webpack-dev-middleware` from 3.7.3 to 5.3.4
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v3.7.3...v5.3.4)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ansi-regex
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@storybook/addon-essentials"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@storybook/preset-create-react-app"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@storybook/react"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: async
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dns-packet
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eventsource
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: terser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 11, 2024
@dependabot dependabot bot mentioned this pull request Sep 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants