Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates #1

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Sep 25, 2024

Bumps the npm_and_yarn group with 5 updates in the /tests directory:

Package From To
@babel/traverse 7.17.9 7.25.6
@grpc/grpc-js 1.9.3 1.11.3
braces 3.0.2 3.0.3
follow-redirects 1.14.9 1.15.9
micromatch 4.0.5 4.0.8

Updates @babel/traverse from 7.17.9 to 7.25.6

Release notes

Sourced from @​babel/traverse's releases.

v7.25.6 (2024-08-29)

Thanks @​j4k0xb for your first PR!

🐛 Bug Fix

💅 Polish

  • babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • babel-generator

🏠 Internal

Committers: 5

v7.25.5 (2024-08-23)

🐛 Bug Fix

  • babel-generator, babel-traverse

💅 Polish

Committers: 2

v7.25.4 (2024-08-22)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.6 (2024-08-29)

🐛 Bug Fix

💅 Polish

  • babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • babel-generator

🏠 Internal

v7.25.5 (2024-08-23)

🐛 Bug Fix

💅 Polish

v7.25.4 (2024-08-22)

🐛 Bug Fix

💅 Polish

  • babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
  • babel-generator, babel-plugin-transform-class-properties

... (truncated)

Commits

Updates @grpc/grpc-js from 1.9.3 to 1.11.3

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.11.3

  • Ensure the client queries the name resolver again after connections drop while using the round_robin load balancing policy (#2825)

@​grpc/grpc-js 1.11.2

  • Fix client crash on receiving a custom error code (#2801 contributed by @​hastom)
  • Report connection errors more consistently (#2808)
  • Avoid computing the channel constructor trace log when that tracer is not enabled (#2817 contributed by @​ygalbel)

@​grpc/grpc-js 1.11.1

  • Revert a change that used APIs that were not available in early minor versions of Node 14 (#2799 contributed by @​xqin)

@​grpc/grpc-js-xds 1.11.0

  • Add xDS Servers (#2783)
    • Note: this is primarily a foundation for future features. It doesn't actually do much right now.
  • Add support for dualstack socket support in xDS clients (#2665)

@​grpc/grpc-js 1.11.0

Changelog

  • Add Server connection injection API as described in gRFC L114 (#2675)
  • Implement support for an alternate DNS resolver that supports custom authorities (#2776 contributed by @​gkampitakis)
  • Add a channel option to configure retry attempt limits (#2795)
  • Add a getHost method to server call objects (#2783, #2793)
  • Fix typos and omissions in service config validation errors (#2782 contributed by @​matthewbinshtok)

Experimental API changes

Added:

  • splitHostPort
  • HostPort
  • createServerCredentialsWithInterceptors

@​grpc/grpc-js 1.10.11

  • Fix a bug that caused clients to reconnect unnecessarily while no requests are pending. (#2784)
  • Fix a bug that caused clients to fail to re-establish existing connections while waiting for DNS results (#2784)
  • Fix a bug that caused servers to sometimes not close idle connections depending on timing (#2790)
  • Fix a bug that caused calls to be pending indefinitely while unable to start after a channel is closed (#2791)

@​grpc/grpc-js 1.10.10

  • Various improvements to handling of keepalive timers (#2760 by @​davidfiala)
  • Fix a bug causing unary response client requests to hang when unexpectedly receiving multiple messages (#2772)
  • Fix a bug causing some requests to fail when making requests through a local proxy (#2746 contributed by @​mjameswh, backported in #2777)
  • Fix handling of URL-encoded user credentials in proxy configuration (#2761 contributed by @​brendan-myers, backported in #2777)
  • Fix missing client-side handling of the grpc.max_send_message_length channel option (#2779)

@​grpc/grpc-js 1.10.9

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

... (truncated)

Commits
  • 8841efe Merge pull request #2825 from murgatroid99/grpc-js_round_robin_reresolve
  • a1b8972 Merge pull request #2806 from murgatroid99/grpc-js_connectivity_management_fixes
  • b3c24d0 grpc-js: round_robin: Request resolution on connection drop
  • 0c5ab98 Merge pull request #2803 from murgatroid99/grpc-js_1.11.2
  • bb4496b Merge pull request #2817 from ygalbel/tracer-slow
  • 90e472e made the call to trace to be called only when tracer is enabled
  • c63bdae Merge pull request #2808 from murgatroid99/grpc-js_transport_error_reporting
  • 3d43b1a Further reduce pick_first state space
  • d409311 grpc-js: Report session error events instead of waiting for close
  • a6575c3 grpc-js: Simplify pick_first behavior
  • Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

Updates follow-redirects from 1.14.9 to 1.15.9

Commits
  • e4e55c7 Release version 1.15.9 of the npm package.
  • 31a1abf Attempt much more gentle detection.
  • d2aaa97 Fix url field.
  • 62558f0 Release version 1.15.8 of the npm package.
  • a8d1cee Return subtlety.
  • 458ca8e Fix native URL test for Node 20.
  • ca49e44 Handle KeepAlive connections in tests.
  • f3711d7 Test on Node 20 and 22.
  • fda0faf Fix typo.
  • 760757f Release version 1.15.7 of the npm package.
  • Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 5 up…
34b517c 
…dates

Bumps the npm_and_yarn group with 5 updates in the /tests directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/traverse](/~https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.17.9` | `7.25.6` |
| [@grpc/grpc-js](/~https://github.com/grpc/grpc-node) | `1.9.3` | `1.11.3` |
| [braces](/~https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [follow-redirects](/~https://github.com/follow-redirects/follow-redirects) | `1.14.9` | `1.15.9` |
| [micromatch](/~https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` |



Updates `@babel/traverse` from 7.17.9 to 7.25.6
- [Release notes](/~https://github.com/babel/babel/releases)
- [Changelog](/~https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](/~https://github.com/babel/babel/commits/v7.25.6/packages/babel-traverse)

Updates `@grpc/grpc-js` from 1.9.3 to 1.11.3
- [Release notes](/~https://github.com/grpc/grpc-node/releases)
- [Commits](/~https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.9.3...@grpc/grpc-js@1.11.3)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](/~https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `follow-redirects` from 1.14.9 to 1.15.9
- [Release notes](/~https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.9)

Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](/~https://github.com/micromatch/micromatch/releases)
- [Changelog](/~https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@grpc/grpc-js"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants