Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1018

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates #1018

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 21, 2024

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package From To
debug 4.3.1 4.3.2
plotly.js 1.48.3 2.25.2
es5-ext 0.10.50 0.10.64
ip 1.1.5 1.1.9
moment 2.26.0 2.30.1
node-fetch 2.6.0 2.7.0
underscore 1.9.1 1.13.6
webpack-dev-middleware 6.1.1 6.1.2
word-wrap 1.2.3 1.2.5
y18n 4.0.0 4.0.3

Updates debug from 4.3.1 to 4.3.2

Release notes

Sourced from debug's releases.

4.3.2

Patch release 4.3.2

  • Caches enabled statuses on a per-logger basis to speed up .enabled checks (#799)

Thank you @​omg!

Commits

Updates plotly.js from 1.48.3 to 2.25.2

Release notes

Sourced from plotly.js's releases.

v2.25.2

Changed

  • Update Croatian translations in hr locale [#6690], with thanks to @​Mkranj for the contribution!

Fixed

  • Fix potential prototype pollution in plot API calls [#6703, 6704]

v2.25.1

Fixed

  • Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

v2.25.0

Added

  • Add "Equal Earth" projection to geo subplots [#6670], with thanks to @​apparebit for the contribution!
  • Add options to include legends for shapes and newshape [#6653]
  • Add Plotly.deleteActiveShape command [#6679]

Fixed

  • Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @​lvlte for the contribution!
  • Fix text markers on non-mapbox styled maps [#6652], with thanks to @​baurt for the contribution!
  • Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

v2.24.3

Fixed

  • Fix double clicking one item in a legend hides traces in other legends [#6655]
  • Fix double click pie slices when having multiple legends [#6657]
  • Fix per legend group and traceorder defaults when having multiple legends [#6664]

v2.24.2

Fixed

  • Fix legend groups toggle (regression introduced in 2.22.0) #6639
  • Fix waterfall hovertemplate not showing delta on totals similar #6635

v2.24.1

Fixed

  • Fix minimal copying of arrays in minExtend function (regression introduced in 2.24.0) #6632

v2.24.0

Added

Fixed

  • Fix to prevent accessing undefined (hoverText.hoverLabels) in case all currently shown markers have hoverinfo: "none" (regression introduced in 2.6.0) #6614,

... (truncated)

Changelog

Sourced from plotly.js's changelog.

[2.25.2] -- 2023-08-11

Changed

  • Update Croatian translations in hr locale [#6690], with thanks to @​Mkranj for the contribution!

Fixed

  • Fix potential prototype pollution in plot API calls [#6703, 6704]

[2.25.1] -- 2023-08-02

Fixed

  • Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

[2.25.0] -- 2023-07-25

Added

  • Add "Equal Earth" projection to geo subplots [#6670], with thanks to @​apparebit for the contribution!
  • Add options to include legends for shapes and newshape [#6653]
  • Add Plotly.deleteActiveShape command [#6679]

Fixed

  • Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @​lvlte for the contribution!
  • Fix text markers on non-mapbox styled maps [#6652], with thanks to @​baurt for the contribution!
  • Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

[2.24.3] -- 2023-07-05

Fixed

  • Fix double clicking one item in a legend hides traces in other legends [#6655]
  • Fix double click pie slices when having multiple legends [#6657]
  • Fix per legend group and traceorder defaults when having multiple legends [#6664]

[2.24.2] -- 2023-06-09

Fixed

  • Fix legend groups toggle (regression introduced in 2.22.0) #6639
  • Fix waterfall hovertemplate not showing delta on totals similar #6635

[2.24.1] -- 2023-06-07

Fixed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by archmoj, a new releaser for plotly.js since your current version.


Updates es5-ext from 0.10.50 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

... (truncated)

Commits
  • f76b03d chore: Release v0.10.64
  • 2881acd chore: Bump dependencies
  • c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
  • 16f2b72 docs: Fix date in the changelog
  • de4e03c chore: Release v0.10.63
  • 3fd53b7 chore: Upgrade lint-staged to v13
  • bf8ed79 chore: Ensure postinstall script does not crash on Windows
  • 2cbbb07 chore: Bump dependencies
  • 22d0416 chore: Bump LICENSE year
  • a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
  • Additional commits viewable in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

Updates moment from 2.26.0 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

2.30.0 Full changelog

  • Release Dec 26, 2023

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

... (truncated)

Commits

Updates node-fetch from 2.6.0 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

v2.6.11

2.6.11 (2023-05-09)

Reverts

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.


Updates static-eval from 0.2.4 to 2.1.1

Release notes

Sourced from static-eval's releases.

v2.1.1

  • Update escodegen. @​FabianWarnecke in #43

    escodegen doesn't officially support all the Node.js versions that static-eval supports, but so far it still works on them. This has been the case for both v1.x and v2.1.0 of escodegen, so the upgrade doesn't change that situation.

v2.1.0

  • Add allowAccessToMethodsOnFunctions option to restore 1.x behaviour so that cwise can upgrade. (@​archmoj in #31)

    Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.

v2.0.5

v2.0.4

  • Short-circuit evaluation in && and || expressions. (@​RoboPhred in #28)
  • Start tracking changes.

v2.0.3

Disallows accessing .constructor and .__proto__ properties, which could be used to access the Function() constructor. (browserify/static-eval#27) Thanks to an anonymous reporter!

Changelog

Sourced from static-eval's changelog.

2.1.1

  • Update escodegen. @​FabianWarnecke in #43

    escodegen doesn't officially support all the Node.js versions that static-eval supports, but so far it still works on them. This has been the case for both v1.x and v2.1.0 of escodegen, so the upgrade doesn't change that situation.

2.1.0

  • Add allowAccessToMethodsOnFunctions option to restore 1.x behaviour so that cwise can upgrade. (@​archmoj in #31)

    Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.

2.0.5

2.0.4

  • Short-circuit evaluation in && and || expressions. (@​RoboPhred in #28)
  • Start tracking changes.
Commits
  • c682147 2.1.1
  • 22fc478 Merge pull request #43 from FabianWarnecke/patch-1
  • cdf877d Update dependency "escodegen".
  • aff732b maybe they will email me about "security" issues if i put this in there
  • 1a4d734 2.1.0
  • 054adac ci: add node 14
  • 09c4b83 Merge pull request #31 from archmoj/allow-cwise-transform
  • e619afc make option to enable allowAccessToMethodsOnFunctions namely to be used by cw...
  • 36587c2 remove trailing spaces
  • 798b0d5 ci: add node 12 and 13
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by goto-bus-stop, a new releaser for static-eval since your current version.


Updates underscore from 1.9.1 to 1.13.6

Commits
  • bd2d35c Merge remote-tracking branch 'upstream/master'
  • 2e7c0f2 Update generated files, tag 1.13.6 release
  • 732cafe Underscore 1.13.6
  • e8f86fb Add changelog entry for versioin 1.13.6
  • 43e827a Bump the version to 1.13.6 (hotfix)
  • 1c1d1a2 Remove patch-package postinstall script
  • 4eb6894 Merge pull request #2974 from paulsmithkc/patch-1
  • 2edcdc1 Hostfix for broken builds
  • 66ee70d Verify that production and doc builds still work in CI
  • 68e5eb6 Update generated sources, tag 1.13.5 release
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.


Updates webpack-dev-middleware from 6.1.1 to 6.1.2

Release notes

Sourced from webpack-dev-middleware's releases.

v6.1.2

6.1.2 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1778) (9670b34)
Changelog

Sourced from webpack-dev-middleware's changelog.

6.1.2 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1778) (9670b34)
Commits

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

New Contributors

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

Updates y18n from 4.0.0 to 4.0.3

Changelog

Sourced from y18n's changelog.

4.0.3 (2021-04-07)

Bug Fixes

  • release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

4.0.1 (2020-11-30)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 11 u…
98b871c 
…pdates

Bumps the npm_and_yarn group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [debug](/~https://github.com/debug-js/debug) | `4.3.1` | `4.3.2` |
| [plotly.js](/~https://github.com/plotly/plotly.js) | `1.48.3` | `2.25.2` |
| [es5-ext](/~https://github.com/medikoo/es5-ext) | `0.10.50` | `0.10.64` |
| [ip](/~https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` |
| [moment](/~https://github.com/moment/moment) | `2.26.0` | `2.30.1` |
| [node-fetch](/~https://github.com/node-fetch/node-fetch) | `2.6.0` | `2.7.0` |
| [underscore](/~https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.6` |
| [webpack-dev-middleware](/~https://github.com/webpack/webpack-dev-middleware) | `6.1.1` | `6.1.2` |
| [word-wrap](/~https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` |
| [y18n](/~https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` |


Updates `debug` from 4.3.1 to 4.3.2
- [Release notes](/~https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@4.3.1...4.3.2)

Updates `plotly.js` from 1.48.3 to 2.25.2
- [Release notes](/~https://github.com/plotly/plotly.js/releases)
- [Changelog](/~https://github.com/plotly/plotly.js/blob/master/CHANGELOG.md)
- [Commits](plotly/plotly.js@v1.48.3...v2.25.2)

Updates `es5-ext` from 0.10.50 to 0.10.64
- [Release notes](/~https://github.com/medikoo/es5-ext/releases)
- [Changelog](/~https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md)
- [Commits](medikoo/es5-ext@v0.10.50...v0.10.64)

Updates `ip` from 1.1.5 to 1.1.9
- [Commits](indutny/node-ip@v1.1.5...v1.1.9)

Updates `moment` from 2.26.0 to 2.30.1
- [Changelog](/~https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.26.0...2.30.1)

Updates `node-fetch` from 2.6.0 to 2.7.0
- [Release notes](/~https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.0...v2.7.0)

Updates `static-eval` from 0.2.4 to 2.1.1
- [Release notes](/~https://github.com/browserify/static-eval/releases)
- [Changelog](/~https://github.com/browserify/static-eval/blob/master/CHANGELOG.md)
- [Commits](browserify/static-eval@0.2.4...v2.1.1)

Updates `underscore` from 1.9.1 to 1.13.6
- [Commits](jashkenas/underscore@1.9.1...1.13.6)

Updates `webpack-dev-middleware` from 6.1.1 to 6.1.2
- [Release notes](/~https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](/~https://github.com/webpack/webpack-dev-middleware/blob/v6.1.2/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v6.1.1...v6.1.2)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](/~https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

Updates `y18n` from 4.0.0 to 4.0.3
- [Release notes](/~https://github.com/yargs/y18n/releases)
- [Changelog](/~https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)
- [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3)

---
updated-dependencies:
- dependency-name: debug
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: plotly.js
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: es5-ext
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: ip
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: moment
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: node-fetch
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: static-eval
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: underscore
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: word-wrap
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: y18n
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 21, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 26, 2024

Superseded by #1019.

@dependabot dependabot bot closed this Mar 26, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-e01f1c7bf6 branch March 26, 2024 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants