Skip to content
This repository was archived by the owner on May 12, 2026. It is now read-only.

Bump the npm_and_yarn group across 1 directories with 8 updates#1

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-security-group-eeb1e63ef9
Closed

Bump the npm_and_yarn group across 1 directories with 8 updates#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-security-group-eeb1e63ef9

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Feb 7, 2024

Bumps the npm_and_yarn group with 8 updates in the /. directory:

Package From To
browserify-sign 4.0.4 4.2.2
follow-redirects 1.5.0 1.15.5
handlebars 4.0.11 4.7.8
lodash 4.17.10 4.17.21
mixin-deep 1.3.1 1.3.2
qs 6.4.0 6.4.1
semver 5.5.0 5.7.2
y18n 3.2.1 3.2.2

Updates browserify-sign from 4.0.4 to 4.2.2

Changelog

Sourced from browserify-sign's changelog.

v4.2.2 - 2023-10-25

Fixed

Commits

  • Only apps should have lockfiles 09a8995
  • [eslint] switch to eslint 83fe463
  • [meta] add npmignore and auto-changelog 4418183
  • [meta] fix package.json indentation 9ac5a5e
  • [Tests] migrate from travis to github actions d845d85
  • [Fix] sign: throw on unsupported padding scheme 8767739
  • [Fix] properly check the upper bound for DSA signatures 85994cd
  • [Tests] handle openSSL not supporting a scheme f5f17c2
  • [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
  • [Dev Deps] update nyc, standard, tape cc5350b
  • [Tests] always run coverage; downgrade nyc 75ce1d5
  • [meta] add safe-publish-latest dcf49ce
  • [Tests] add npm run posttest 75dd8fd
  • [Dev Deps] update tape 3aec038
  • [Tests] skip unsupported schemes 703c83e
  • [Tests] node < 6 lacks array includes 3aa43cf
  • [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

v4.2.0 - 2020-05-18

Merged

v4.1.0 - 2020-05-05

Merged

Commits
  • 4af5a90 v4.2.2
  • 3aec038 [Dev Deps] update tape
  • 85994cd [Fix] properly check the upper bound for DSA signatures
  • 9ac5a5e [meta] fix package.json indentation
  • dcf49ce [meta] add safe-publish-latest
  • 4418183 [meta] add npmignore and auto-changelog
  • 8767739 [Fix] sign: throw on unsupported padding scheme
  • 5f6fb17 [Tests] log when openssl doesn't support cipher
  • f5f17c2 [Tests] handle openSSL not supporting a scheme
  • d845d85 [Tests] migrate from travis to github actions
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.


Updates follow-redirects from 1.5.0 to 1.15.5

Commits
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • 3d42aec Add bracket tests.
  • bcbb096 Do not directly set Error properties.
  • 192dbe7 Release version 1.15.3 of the npm package.
  • Additional commits viewable in compare view

Updates handlebars from 4.0.11 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#1736) - b6d3de7
  • fix: escape property names in compat mode (#1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

  • Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits
  • 8dc3d25 v4.7.8
  • 668c4fb Fix browser tests in CI pipeline
  • c65c6cc Test on Node 18
  • 3d3796c Make library compatible with workers
  • 075b354 Fix sync issue with npm lock-file
  • 30dbf04 Fix compiling of each block params in strict mode
  • e3a5448 Fix bundler issue with webpack 5
  • 8e23642 Fix integration-tests issue with npm >= 7
  • 88ac068 use https instead of git for mustache submodule
  • c68bc08 Fix typo
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.


Updates lodash from 4.17.10 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates mixin-deep from 1.3.1 to 1.3.2

Commits
Maintainer changes

This version was pushed to npm by doowb, a new releaser for mixin-deep since your current version.


Updates qs from 6.4.0 to 6.4.1

Changelog

Sourced from qs's changelog.

6.4.1

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] use safer-buffer instead of Buffer constructor
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 486aa46 v6.4.1
  • 727ef5d [Fix] parse: ignore __proto__ keys (#428)
  • cd1874e [Robustness] stringify: avoid relying on a global undefined (#427)
  • 45e987c [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 90a3bce [meta] fix README.md (#399)
  • 9566d25 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • 74227ef Clean up license text so it’s properly detected as BSD-3-Clause
  • 35dfb22 [actions] backport actions from main
  • 7d4670f [Dev Deps] backport from main
  • 0485440 [Fix] use safer-buffer instead of Buffer constructor
  • Additional commits viewable in compare view

Updates semver from 5.5.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates y18n from 3.2.1 to 3.2.2

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

  • release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

  • security: ensure entry exists for backport (#120) (b22c0df)
Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directories with 8 updates
d221678 
Bumps the npm_and_yarn group with 8 updates in the /. directory:

| Package | From | To |
| --- | --- | --- |
| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.2` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.5.0` | `1.15.5` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.0.11` | `4.7.8` |
| [lodash](https://github.com/lodash/lodash) | `4.17.10` | `4.17.21` |
| [mixin-deep](https://github.com/jonschlinkert/mixin-deep) | `1.3.1` | `1.3.2` |
| [qs](https://github.com/ljharb/qs) | `6.4.0` | `6.4.1` |
| [semver](https://github.com/npm/node-semver) | `5.5.0` | `5.7.2` |
| [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` |


Updates `browserify-sign` from 4.0.4 to 4.2.2
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.0.4...v4.2.2)

Updates `follow-redirects` from 1.5.0 to 1.15.5
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.5.0...v1.15.5)

Updates `handlebars` from 4.0.11 to 4.7.8
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.0.11...v4.7.8)

Updates `lodash` from 4.17.10 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.10...4.17.21)

Updates `mixin-deep` from 1.3.1 to 1.3.2
- [Commits](jonschlinkert/mixin-deep@1.3.1...1.3.2)

Updates `qs` from 6.4.0 to 6.4.1
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.4.0...v6.4.1)

Updates `semver` from 5.5.0 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.5.0...v5.7.2)

Updates `y18n` from 3.2.1 to 3.2.2
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

---
updated-dependencies:
- dependency-name: browserify-sign
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: handlebars
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: lodash
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: mixin-deep
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: y18n
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Feb 7, 2024
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 10, 2024

Superseded by #8.

@dependabot dependabot Bot closed this Apr 10, 2024
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-eeb1e63ef9 branch April 10, 2024 12:04
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants