Bump the npm_and_yarn group with 6 updates #57

dependabot · 2024-08-31T03:08:37Z

Bumps the npm_and_yarn group with 6 updates:

Package	From	To
webpack	`5.90.3`	`5.94.0`
@cypress/request	`2.88.12`	`3.0.1`
cypress	`10.11.0`	`13.14.1`
braces	`3.0.2`	`3.0.3`
tough-cookie	`2.5.0`	`4.1.4`
node-sass	`7.0.3`	`9.0.0`

Updates webpack from 5.90.3 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

Added runtime condition for harmony reexport checked

Handle properly data/http/https protocols in source maps

Make bigint optimistic when browserslist not found

Move @types/eslint-scope to dev deps

Related in asset stats is now always an array when no related found

Handle ASI for export declarations

Mangle destruction incorrect with export named default properly

Fixed unexpected asi generation with sequence expression

Fixed a lot of types

New Features

Added new external type "module-import"

Support webpackIgnore for new URL() construction

[CSS] @import pathinfo support

Security

Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

Generate correct relative path to runtime chunks

Makes DefinePlugin quieter under default log level

Fixed mangle destructuring default in namespace import

Fixed consumption of eager shared modules for module federation

Strip slash for pretty regexp

Calculate correct contenthash for CSS generator options

New Features

Added the binary generator option for asset modules to explicitly keep source maps produced by loaders

Added the modern-module library value for tree shakable output

Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

Correct tidle range's comutation for module federation

Consider runtime for pure expression dependency update hash

Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

eabf85d chore(release): 5.94.0
955e057 security: fix DOM clobbering in auto public path
9822387 test: fix
cbb86ed test: fix
5ac3d7f fix: unexpected asi generation with sequence expression
2411661 security: fix DOM clobbering in auto public path
b8c03d4 fix: unexpected asi generation with sequence expression
f46a03c revert: do not use heuristic fallback for "module-import"
60f1898 fix: do not use heuristic fallback for "module-import"
66306aa Revert "fix: module-import get fallback from externalsPresets"
Additional commits viewable in compare view

Updates @cypress/request from 2.88.12 to 3.0.1

Release notes

Sourced from @cypress/request's releases.

v3.0.1

3.0.1 (2023-09-06)

Bug Fixes

deps: peg qs to 6.10.4 (fb9f625)

v3.0.0

3.0.0 (2023-08-08)

Features

Add allowInsecureRedirect option (c5bcf21)

BREAKING CHANGES

The allowInsecureRedirect is false by default, which may cause issues if your usage relies on insecure redirects. For the former behavior, you can opt in to insecure redirects by setting the option to true, but it is not recommended.

Co-authored-by: Szymon Drosdzol [email protected]

Changelog

Sourced from @cypress/request's changelog.

Change Log

v2.88.0 (2018/08/10)

#2996 fix(uuid): import versioned uuid (@kwonoj)

#2994 Update to oauth-sign 0.9.0 (@dlecocq)

#2993 Fix header tests (@simov)

#2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@paambaati)

#2791 Improve AWS SigV4 support. (#2791) (@vikhyat)

#2977 Update test certificates (@simov)

v2.87.0 (2018/05/21)

#2943 Replace hawk dependency with a local implemenation (#2943) (@hueniverse)

v2.86.0 (2018/05/15)

#2885 Remove redundant code (for Node.js 0.9.4 and below) and dependency (@ChALkeR)

#2942 Make Test GREEN Again! (@simov)

#2923 Alterations for failing CI tests (@gareth-robinson)

v2.85.0 (2018/03/12)

#2880 Revert "Update hawk to 7.0.7 (#2880)" (@simov)

v2.84.0 (2018/03/12)

#2793 Fixed calculation of oauth_body_hash, issue #2792 (@dvishniakov)

#2880 Update hawk to 7.0.7 (#2880) (@kornel-kedzierski)

v2.83.0 (2017/09/27)

#2776 Updating tough-cookie due to security fix. (#2776) (@karlnorling)

v2.82.0 (2017/09/19)

#2703 Add Node.js v8 to Travis CI (@ryysud)

#2751 Update of hawk and qs to latest version (#2751) (@Olivier-Moreau)

#2658 Fixed some text in README.md (#2658) (@Marketionist)

#2635 chore(package): update aws-sign2 to version 0.7.0 (#2635) (@greenkeeperio-bot)

#2641 Update README to simplify & update convenience methods (#2641) (@FredKSchott)

#2541 Add convenience method for HTTP OPTIONS (#2541) (@jamesseanwright)

#2605 Add promise support section to README (#2605) (@FredKSchott)

#2579 refactor(lint): replace eslint with standard (#2579) (@ahmadnassri)

#2598 Update codecov to version 2.0.2 🚀 (@greenkeeperio-bot)

#2590 Adds test-timing keepAlive test (@nicjansma)

#2589 fix tabulation on request example README.MD (@odykyi)

#2594 chore(dependencies): har-validator to 5.x [removes babel dep] (@ahmadnassri)

v2.81.0 (2017/03/09)

#2584 Security issue: Upgrade qs to version 6.4.0 (@sergejmueller)

#2578 safe-buffer doesn't zero-fill by default, its just a polyfill. (#2578) (@mikeal)

#2566 Timings: Tracks 'lookup', adds 'wait' time, fixes connection re-use (#2566) (@nicjansma)

#2574 Migrating to safe-buffer for improved security. (@mikeal)

#2573 fixes #2572 (@ahmadnassri)

v2.80.0 (2017/03/04)

... (truncated)

Commits

ca62f3a Merge pull request #44 from MikeMcC399/peg/qs
fb9f625 fix(deps): peg qs to 6.10.4
99338c8 chore: updates related to release process (#41)
c5bcf21 feat: Add allowInsecureRedirect option
See full diff in compare view

Updates cypress from 10.11.0 to 13.14.1

Release notes

Sourced from cypress's releases.

v13.14.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-14-1

v13.14.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-14-0

v13.13.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-13-3

v13.13.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-13-2

v13.13.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-13-1

v13.13.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-13-0

v13.12.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-12-0

v13.11.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-11-0

v13.10.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-10-0

v13.9.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-9-0

v13.8.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-8-1

v13.8.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-8-0

v13.7.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-3

v13.7.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-2

v13.7.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-1

v13.7.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-0

v13.6.6

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-6

... (truncated)

Commits

e909c4a chore: release 13.14.1 (#30138)
58abe80 chore: Update Chrome (stable) to 128.0.6613.113 (#30133)
f6e7af9 fix: adds a description for the JIT experiment which was overlooked on initia...
0f77220 chore: fix kitchen sink running against staging to properly upload protocol d...
d83b9a0 chore: release @cypress/webpack-dev-server-v3.11.0
bebb403 chore: release @cypress/vite-dev-server-v5.2.0
34764c3 chore: release 13.14.0 (#30115)
efe577a feat: Passing --browser flag alone will launch after test selection (#28538)
5a6b8c4 fix: Typescript config invalid with node v22.7.0 with ESM (#30099)
0480480 chore(deps): migrate to community @faker-js/faker (#30098)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by atofstryker, a new releaser for cypress since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates tough-cookie from 2.5.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

Add local alias for toString by @corvidism in salesforce/tough-cookie#409

Fix incorrect string validation for URL by @coditva in salesforce/tough-cookie#261

New Contributors

@corvidism made their first contribution in salesforce/tough-cookie#409

@coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

fix: allow set cookies with localhost by @colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

fix: allow special use domains by default by @colincasey in salesforce/tough-cookie#249

4.1.1 Patch -- allow special use domains by default by @awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

Create CHANGELOG.md by @ShivanKaul in salesforce/tough-cookie#189

Missing param validation issue145 by @medelibero-sfdc in salesforce/tough-cookie#193

Create SECURITY.md by @ShivanKaul in salesforce/tough-cookie#201

Create CODE_OF_CONDUCT.md by @ShivanKaul in salesforce/tough-cookie#200

Fix for issue #195 by @medelibero-sfdc in salesforce/tough-cookie#202

Add explanation and more special-use domains by @ShivanKaul in salesforce/tough-cookie#203

Sync of constructor options for serialization by @medelibero-sfdc in salesforce/tough-cookie#204

Returned null in case of empty cookie value by @vsin12 in salesforce/tough-cookie#196

132 str trim not a function by @awaterma in salesforce/tough-cookie#209

Fix for issue #153 by @medelibero-sfdc in salesforce/tough-cookie#210

Fix permuteDomain with trailing dot by @ruoho-sfdc in salesforce/tough-cookie#216

Issue #213 -- added gh-actions flow for building and testing tough-co… by @awaterma in salesforce/tough-cookie#218

... (truncated)

Commits

cacbc37 Bump version to 4.1.4
a48fb3a Add tests for url validation
50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
1253d58 Merge pull request #409 from corvidism/validators-to-string
238367e Add local alias for toString
4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
12d4747 Prevent prototype pollution in cookie memstore (#283)
f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
cf6debd Fix incorrect string validation for URL
b1a8898 fix: allow set cookies with localhost (#253)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates node-sass from 7.0.3 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

Node 20 support by @nschonni in sass/node-sass#3355

Breaking changes

Drop support for Node 14 (@nschonni)

Supported Environments

OS Architecture Node

Windows x86 & x64 16, 18, 19, 20

OSX x64 16, 18, 19, 20

Linux* x64 16, 18, 19, 20

Alpine Linux x64 16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

Fix binaries being partially downloaded by @xzyfer in sass/node-sass#3313

Bump node-gyp and nan for node 19 support by @xzyfer in sass/node-sass#3314

feat: Node 18 and 19 support and drop Node 17 by @nschonni in sass/node-sass#3257

Breaking changes

Drop support for Node 12 (@nschonni)

Drop support for Node 17 (@nschonni)

Set rejectUnauthorized to true by default (@scott-ut, #3149)

Features

Add support for Node 18 (@nschonni)

Add support for Node 19 (@nschonni)

Replace request with make-fetch-happen (@CamilleDrapier @xzyfer, #3193, #3313)

Dependencies

Bump [email protected]

Bump node-gyp @9.0.0

Bump nan@^2.17.0

Bump sass-graph@^4.0.1

Misc

Bump various GitHub Actions dependencies (@nschonni)

... (truncated)

Commits

87f3899 feat: Node 20 support (#3355)
06ae4c7 build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)
e069f73 build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0
c34837d build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0
ee13eb9 8.0.0
98e75b3 feat: Node 18 and 19 support and drop Node 17 (#3257)
e9bb866 Bump node-gyp and nan for node 19 support (#3314)
ab7840b Fix binaries being partially downloaded (#3313)
d595abf 7.0.3
3b556c1 7.0.2
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 6 updates: | Package | From | To | | --- | --- | --- | | [webpack](https://github.com/webpack/webpack) | `5.90.3` | `5.94.0` | | [@cypress/request](https://github.com/cypress-io/request) | `2.88.12` | `3.0.1` | | [cypress](https://github.com/cypress-io/cypress) | `10.11.0` | `13.14.1` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `2.5.0` | `4.1.4` | | [node-sass](https://github.com/sass/node-sass) | `7.0.3` | `9.0.0` | Updates `webpack` from 5.90.3 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.90.3...v5.94.0) Updates `@cypress/request` from 2.88.12 to 3.0.1 - [Release notes](https://github.com/cypress-io/request/releases) - [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md) - [Commits](cypress-io/request@v2.88.12...v3.0.1) Updates `cypress` from 10.11.0 to 13.14.1 - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](cypress-io/cypress@v10.11.0...v13.14.1) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `tough-cookie` from 2.5.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.5.0...v4.1.4) Updates `node-sass` from 7.0.3 to 9.0.0 - [Release notes](https://github.com/sass/node-sass/releases) - [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md) - [Commits](sass/node-sass@v7.0.3...v9.0.0) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@cypress/request" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cypress dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-sass dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group with 6 updates #57

Bump the npm_and_yarn group with 6 updates #57

dependabot bot commented on behalf of github Aug 31, 2024

OS	Architecture	Node
Windows	x86 & x64	16, 18, 19, 20
OSX	x64	16, 18, 19, 20
Linux*	x64	16, 18, 19, 20
Alpine Linux	x64	16, 18, 19, 20

Bump the npm_and_yarn group with 6 updates #57

Are you sure you want to change the base?

Bump the npm_and_yarn group with 6 updates #57

Conversation

dependabot bot commented on behalf of github Aug 31, 2024

v5.94.0

Bug Fixes

New Features

Security

v5.93.0

Bug Fixes

New Features

v5.92.1

Bug Fixes

v5.92.0

Bug Fixes

v3.0.1

3.0.1 (2023-09-06)

Bug Fixes

v3.0.0

3.0.0 (2023-08-08)

Features

BREAKING CHANGES

Change Log

v2.88.0 (2018/08/10)

v2.87.0 (2018/05/21)

v2.86.0 (2018/05/15)

v2.85.0 (2018/03/12)

v2.84.0 (2018/03/12)

v2.83.0 (2017/09/27)

v2.82.0 (2017/09/19)

v2.81.0 (2017/03/09)

v2.80.0 (2017/03/04)

v13.14.1

v13.14.0

v13.13.3

v13.13.2

v13.13.1

v13.13.0

v13.12.0

v13.11.0

v13.10.0

v13.9.0

v13.8.1

v13.8.0

v13.7.3

v13.7.2

v13.7.1

v13.7.0

v13.6.6

v4.1.4

What's Changed

New Contributors

4.1.3

4.1.2 -- Patch and Bugfix Release

What's Changed

4.1.1

Patch Release

What's Changed

4.1.0

What's Changed

v9.0.0

What's Changed

Breaking changes

Supported Environments

v8.0.0

What's Changed

Breaking changes

Features

Dependencies

Misc