Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group across 1 directories with 5 updates #1306

Merged
merged 1 commit into from
Feb 17, 2024
Merged

chore(deps): bump the npm_and_yarn group across 1 directories with 5 updates #1306

merged 1 commit into from
Feb 17, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 16, 2024

Bumps the npm_and_yarn group with 5 updates in the /. directory:

Package From To
axios 1.6.3 1.6.4
jsdom 23.1.0 23.2.0
undici 5.27.2 5.28.3
vite 4.5.1 4.5.2
@angular-devkit/build-angular 16.2.11 16.2.12

Updates axios from 1.6.3 to 1.6.4

Release notes

Sourced from axios's releases.

Release v1.6.4

Release notes:

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

Changelog

Sourced from axios's changelog.

1.6.4 (2024-01-03)

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

Commits

Updates jsdom from 23.1.0 to 23.2.0

Release notes

Sourced from jsdom's releases.

Version 23.2.0

This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.

There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.

Changelog

Sourced from jsdom's changelog.

23.2.0

This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.

There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.

Commits
  • cf8b707 Version 23.2.0
  • 908f27d Update dom-selector and roll web platform tests
  • c039e52 Switch from nwsapi to dom-selector
  • b677627 Add new CSS selectors benchmark
  • 4b33d36 Enable WPT directories css/selectors and css/css-scoping
  • 3a3a4cb Roll web platform tests
  • See full diff in compare view

Updates undici from 5.27.2 to 5.28.3

Release notes

Sourced from undici's releases.

v5.28.3

⚠️ Security Release ⚠️

Fixes:

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

New Contributors

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

Full Changelog: nodejs/undici@v5.28.0...v5.28.1

v5.28.0

What's Changed

... (truncated)

Commits

Updates vite from 4.5.1 to 4.5.2

Changelog

Sourced from vite's changelog.

4.5.2 (2024-01-19)

Commits

Updates @angular-devkit/build-angular from 16.2.11 to 16.2.12

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v16.2.12

16.2.12 (2024-01-24)

@​angular-devkit/build-angular

Commit Description
fix - 5fad40162 update dependency vite to v4.5.2
Changelog

Sourced from @​angular-devkit/build-angular's changelog.

16.2.12 (2024-01-24)

@​angular-devkit/build-angular

Commit Type Description
5fad40162 fix update dependency vite to v4.5.2

17.1.0 (2024-01-17)

@​schematics/angular

Commit Type Description
b513d89b7 feat add optional migration to use application builder
a708dccff feat update SSR and application builder migration schematics to work with new outputPath
4469e481f fix do not trigger NPM install when using ---skip-install and --ssr

@​angular-devkit/build-angular

Commit Type Description
e0b274b8f feat add option to retain CSS special comments in global styles
204794c4f feat add support for --no-browsers in karma builder
4784155bd feat add wildcard option for allowedCommonJsDependencies
3b93df42d feat allow configuring loaders for custom file extensions in application builder
cc246d50e feat allow customization of output locations
15a669c1e feat allowing control of index HTML initial preload generation
47a064b14 feat emit external sourcemaps for component styles
68dae539a feat initial experimental implementation of @web/test-runner builder
f6e67df1c feat inline Google and Adobe fonts located in stylesheets
364a16b7a feat move browser-sync as optional dependency
ccba849e4 feat support keyboard command shortcuts in application dev server
329d80075 fix alllow OPTIONS requests to be proxied when using vite
49ed9a26c fix emit error when using prerender and app-shell builders with application builder
6473b0160 fix ensure all configured assets can be served by dev server
874e576b5 fix filter explicit external dependencies for Vite prebundling
2a02b1320 fix fix normalization of the application builder extensions
9906ab7b4 fix normalize asset source locations in Vite-based development server
ceffafe1a fix provide better error messages for failed file reads
6d7fdb952 fix show diagnostic messages after build stats
4e1f0e44d fix the request url "..." is outside of Vite serving allow list for all assets
bd26a18e7 fix typo in preloadInitial option description
125fb779f perf reduce TypeScript JSDoc parsing in application builder

... (truncated)

Commits
  • c306f73 release: cut the v16.2.12 release
  • 5fad401 fix(@​angular-devkit/build-angular): update dependency vite to v4.5.2
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directories with 5 …
ee8ac19 
…updates

Bumps the npm_and_yarn group with 5 updates in the /. directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.6.3` | `1.6.4` |
| [jsdom](https://github.com/jsdom/jsdom) | `23.1.0` | `23.2.0` |
| [undici](https://github.com/nodejs/undici) | `5.27.2` | `5.28.3` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.1` | `4.5.2` |
| [@angular-devkit/build-angular](https://github.com/angular/angular-cli) | `16.2.11` | `16.2.12` |


Updates `axios` from 1.6.3 to 1.6.4
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.6.3...v1.6.4)

Updates `jsdom` from 23.1.0 to 23.2.0
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](jsdom/jsdom@23.1.0...23.2.0)

Updates `undici` from 5.27.2 to 5.28.3
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.27.2...v5.28.3)

Updates `vite` from 4.5.1 to 4.5.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v4.5.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v4.5.2/packages/vite)

Updates `@angular-devkit/build-angular` from 16.2.11 to 16.2.12
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@16.2.11...16.2.12)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: jsdom
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: undici
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: vite
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@angular-devkit/build-angular"
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 16, 2024
@julianpoy julianpoy merged commit 688aee6 into master Feb 17, 2024
4 checks passed
@julianpoy julianpoy deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-70b8048f8e branch February 17, 2024 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@julianpoy