Bump the npm_and_yarn group with 6 updates #1340

dependabot · 2024-08-29T16:48:44Z

Bumps the npm_and_yarn group with 6 updates:

Package	From	To
gh-pages	`4.0.0`	`5.0.0`
@sideway/formula	`3.0.0`	`3.0.1`
braces	`3.0.2`	`3.0.3`
fast-xml-parser	`4.3.5`	`4.4.1`
micromatch	`4.0.5`	`4.0.8`
word-wrap	`1.2.3`	`1.2.5`

Updates gh-pages from 4.0.0 to 5.0.0

Release notes

Sourced from gh-pages's releases.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

What's Changed

Assorted updates by @tschaub in tschaub/gh-pages#452

Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. by @Nezteb in tschaub/gh-pages#445

Bump actions/checkout from 2 to 3 by @dependabot in tschaub/gh-pages#453

Bump actions/setup-node from 1 to 3 by @dependabot in tschaub/gh-pages#455

Bump email-addresses from 3.0.1 to 5.0.0 by @dependabot in tschaub/gh-pages#454

Bump async from 2.6.4 to 3.2.4 by @dependabot in tschaub/gh-pages#459

Remove quotation marks by @Vicropht in tschaub/gh-pages#438

New Contributors

@Nezteb made their first contribution in tschaub/gh-pages#445

@Vicropht made their first contribution in tschaub/gh-pages#438

Full Changelog: tschaub/gh-pages@v4.0.0...v5.0.0

Changelog

Sourced from gh-pages's changelog.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

#438 - Remove quotation marks (@Vicropht)

#459 - Bump async from 2.6.4 to 3.2.4 (@tschaub)

#454 - Bump email-addresses from 3.0.1 to 5.0.0 (@tschaub)

#455 - Bump actions/setup-node from 1 to 3 (@tschaub)

#453 - Bump actions/checkout from 2 to 3 (@tschaub)

#445 - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. (@Nezteb)

#452 - Assorted updates (@tschaub)

Commits

f729b97 5.0.0
51534c7 Log changes
ace063b Merge pull request #438 from Vicropht/patch-1
58e54be Merge pull request #459 from tschaub/dependabot/npm_and_yarn/async-3.2.4
2189df3 Bump async from 2.6.4 to 3.2.4
051846e Merge pull request #454 from tschaub/dependabot/npm_and_yarn/email-addresses-...
5c91c67 Merge pull request #455 from tschaub/dependabot/github_actions/actions/setup-...
fe0ad83 Merge pull request #453 from tschaub/dependabot/github_actions/actions/checko...
b89287d Merge pull request #445 from Nezteb/patch-1
e890bd1 Bump email-addresses from 3.0.1 to 5.0.0
Additional commits viewable in compare view

Updates @sideway/formula from 3.0.0 to 3.0.1

Commits

5b44c1b 3.0.1
9fbc20a chore: better number regex
41ae98e Cleanup
c59f35e Move to Sideway
See full diff in compare view

Maintainer changes

This version was pushed to npm by marsup, a new releaser for @sideway/formula since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates fast-xml-parser from 4.3.5 to 4.4.1

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.1 / 2024-07-28

v5 fix: maximum length limit to currency value

fix #634: build attributes with oneListGroup and attributesGroupName (#653)(By Andreas Naziris)

fix: get oneListGroup to work as expected for array of strings (#662)(By Andreas Naziris)

4.4.0 / 2024-05-18

fix #654: parse attribute list correctly for self closing stop node.

fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)

fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

Add support for parsing HTML numeric entities (#645) (By Jonas Schade )

4.3.5 / 2024-02-24

code for v5 is added for experimental use

4.3.4 / 2024-01-10

fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

Remove unnecessary regex

4.3.2 / 2023-10-02

fix jObj.hasOwnProperty when give input is null (By Arda TANRIKULU)

4.3.1 / 2023-09-24

revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

Fix stopNodes to work with removeNSPrefix (#607) (#608) (By [Craig Andrews]https://github.com/candrews))

Fix #610 ignore properties set to Object.prototype

Fix typings for builder and parser to make return type generic (By Sarah Dayan)

4.2.7 / 2023-07-30

Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)

Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

change code implementation

4.2.4 / 2023-06-06

fix security bug

4.2.3 / 2023-06-05

fix security bug

... (truncated)

Commits

d40e29c update package detail and browser bundles
d0bfe8a fix maxlength for currency value
2c14fcf Update bug-report-or-unexpected-output.md
acf610f fix #634: build attributes with oneListGroup and attributesGroupName (#653)
931e910 fix: get oneListGroup to work as expected for array of strings (#662)
b8e40c8 Update ISSUE_TEMPLATE.md
a6265ba chore: add trend image (#658)
db1c548 redesign README.md
338a2c6 Rename 1.Getting Started.md to 1.GettingStarted.md
c762537 Rename v5 docs filenames (#659)
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 6 updates: | Package | From | To | | --- | --- | --- | | [gh-pages](https://github.com/tschaub/gh-pages) | `4.0.0` | `5.0.0` | | [@sideway/formula](https://github.com/sideway/formula) | `3.0.0` | `3.0.1` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.3.5` | `4.4.1` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `gh-pages` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/tschaub/gh-pages/releases) - [Changelog](https://github.com/tschaub/gh-pages/blob/main/changelog.md) - [Commits](tschaub/gh-pages@v4.0.0...v5.0.0) Updates `@sideway/formula` from 3.0.0 to 3.0.1 - [Commits](hapijs/formula@v3.0.0...v3.0.1) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `fast-xml-parser` from 4.3.5 to 4.4.1 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.5...v4.4.1) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: gh-pages dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@sideway/formula" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Aug 29, 2024

abhiin1947 force-pushed the dependabot/npm_and_yarn/npm_and_yarn-99d912cbd5 branch from 39e2b29 to 66b7614 Compare September 24, 2024 15:41

abhiin1947 approved these changes Sep 24, 2024

View reviewed changes

abhiin1947 enabled auto-merge (squash) September 24, 2024 15:42

abhiin1947 merged commit e0c0b33 into main Sep 24, 2024
11 checks passed

abhiin1947 deleted the dependabot/npm_and_yarn/npm_and_yarn-99d912cbd5 branch September 24, 2024 16:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group with 6 updates #1340

Bump the npm_and_yarn group with 6 updates #1340

dependabot bot commented on behalf of github Aug 29, 2024

Bump the npm_and_yarn group with 6 updates #1340

Bump the npm_and_yarn group with 6 updates #1340

Conversation

dependabot bot commented on behalf of github Aug 29, 2024

v5.0.0

What's Changed

New Contributors

v5.0.0

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

[4.0.6] - 2024-05-21

1.2.5

1.2.4

What's Changed

New Contributors