Bump the npm_and_yarn group across 3 directories with 30 updates#1
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 3 directories with 30 updates#1dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@redwoodjs/api](https://github.com/redwoodjs/redwood/tree/HEAD/packages/api) | `2.0.0` | `2.2.5` | | [firebase](https://github.com/firebase/firebase-js-sdk) | `9.6.7` | `10.9.0` | | [postcss](https://github.com/postcss/postcss) | `8.4.14` | `8.4.31` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [dset](https://github.com/lukeed/dset) | `3.1.1` | `3.1.4` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.4` | `6.6.1` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.18.1` | `4.21.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.9` | `1.15.9` | | [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.7` | | [jose](https://github.com/panva/jose) | `2.0.5` | `2.0.7` | | [store2](https://github.com/nbubna/store) | `2.13.1` | `2.14.4` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.4` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `0.7.31` | `0.7.40` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 7 updates in the /api directory: | Package | From | To | | --- | --- | --- | | [@redwoodjs/api](https://github.com/redwoodjs/redwood/tree/HEAD/packages/api) | `0.41.0` | `2.2.5` | | [axios](https://github.com/axios/axios) | `0.21.4` | `1.7.9` | | [supertokens-node](https://github.com/supertokens/supertokens-node) | `9.0.0` | `21.1.0` | | [crypto-js](https://github.com/brix/crypto-js) | `4.1.1` | `4.2.0` | | [@redwoodjs/api](https://github.com/redwoodjs/redwood/tree/HEAD/packages/api) | `2.2.5` | `8.5.0` | | [jose](https://github.com/panva/jose) | `2.0.5` | `2.0.7` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `removed` | | [@clerk/clerk-sdk-node](https://github.com/clerk/javascript/tree/HEAD/packages/sdk-node) | `2.10.0` | `5.1.6` | Bumps the npm_and_yarn group with 1 update in the /web directory: [firebase](https://github.com/firebase/firebase-js-sdk). Updates `@redwoodjs/api` from 2.0.0 to 2.2.5 - [Release notes](https://github.com/redwoodjs/redwood/releases) - [Changelog](https://github.com/redwoodjs/redwood/blob/main/CHANGELOG.md) - [Commits](https://github.com/redwoodjs/redwood/commits/v2.2.5/packages/api) Updates `firebase` from 9.6.7 to 10.9.0 - [Release notes](https://github.com/firebase/firebase-js-sdk/releases) - [Changelog](https://github.com/firebase/firebase-js-sdk/blob/main/CHANGELOG.md) - [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@9.6.7...firebase@10.9.0) Updates `postcss` from 8.4.14 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.14...8.4.31) Updates `@grpc/grpc-js` from 1.5.7 to 1.9.15 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.5.7...@grpc/grpc-js@1.9.15) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `dset` from 3.1.1 to 3.1.4 - [Release notes](https://github.com/lukeed/dset/releases) - [Commits](lukeed/dset@v3.1.1...v3.1.4) Updates `elliptic` from 6.5.4 to 6.6.1 - [Commits](indutny/elliptic@v6.5.4...v6.6.1) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `express` from 4.18.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.1...4.21.2) Updates `follow-redirects` from 1.14.9 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.9) Updates `http-cache-semantics` from 4.1.0 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) Updates `http-proxy-middleware` from 2.0.6 to 2.0.7 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.7/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.7) Updates `jose` from 2.0.5 to 2.0.7 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v2.0.7/CHANGELOG.md) - [Commits](panva/jose@v2.0.5...v2.0.7) Updates `nanoid` from 3.3.4 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.4...3.3.8) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `protobufjs` from 6.11.2 to 7.4.0 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@v6.11.2...protobufjs-v7.4.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `store2` from 2.13.1 to 2.14.4 - [Commits](nbubna/store@2.13.1...2.14.4) Updates `tough-cookie` from 4.0.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4) Updates `ua-parser-js` from 0.7.31 to 0.7.40 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/0.7.40/changelog.md) - [Commits](faisalman/ua-parser-js@0.7.31...0.7.40) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `@redwoodjs/api` from 0.41.0 to 2.2.5 - [Release notes](https://github.com/redwoodjs/redwood/releases) - [Changelog](https://github.com/redwoodjs/redwood/blob/main/CHANGELOG.md) - [Commits](https://github.com/redwoodjs/redwood/commits/v2.2.5/packages/api) Updates `axios` from 0.21.4 to 1.7.9 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.21.4...v1.7.9) Updates `supertokens-node` from 9.0.0 to 21.1.0 - [Release notes](https://github.com/supertokens/supertokens-node/releases) - [Changelog](https://github.com/supertokens/supertokens-node/blob/master/CHANGELOG.md) - [Commits](supertokens/supertokens-node@v9.0.0...v21.1.0) Updates `cookie` from 0.4.0 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.0...v0.7.2) Updates `crypto-js` from 4.1.1 to 4.2.0 - [Commits](brix/crypto-js@4.1.1...4.2.0) Updates `@redwoodjs/api` from 2.2.5 to 8.5.0 - [Release notes](https://github.com/redwoodjs/redwood/releases) - [Changelog](https://github.com/redwoodjs/redwood/blob/main/CHANGELOG.md) - [Commits](https://github.com/redwoodjs/redwood/commits/v2.2.5/packages/api) Updates `follow-redirects` from 1.14.9 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.9) Updates `jose` from 2.0.5 to 2.0.7 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v2.0.7/CHANGELOG.md) - [Commits](panva/jose@v2.0.5...v2.0.7) Removes `jsonwebtoken` Updates `@clerk/clerk-sdk-node` from 2.10.0 to 5.1.6 - [Release notes](https://github.com/clerk/javascript/releases) - [Changelog](https://github.com/clerk/javascript/blob/@clerk/clerk-sdk-node@5.1.6/packages/sdk-node/CHANGELOG.md) - [Commits](https://github.com/clerk/javascript/commits/@clerk/clerk-sdk-node@5.1.6/packages/sdk-node) Updates `qs` from 6.7.0 to 6.14.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.7.0...v6.14.0) Updates `semver` from 5.7.1 to 7.7.0 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v7.7.0) Updates `firebase` from 9.23.0 to 11.2.0 - [Release notes](https://github.com/firebase/firebase-js-sdk/releases) - [Changelog](https://github.com/firebase/firebase-js-sdk/blob/main/CHANGELOG.md) - [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@9.6.7...firebase@10.9.0) --- updated-dependencies: - dependency-name: "@redwoodjs/api" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: firebase dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dset dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jose dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: store2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ua-parser-js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@redwoodjs/api" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: supertokens-node dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: crypto-js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@redwoodjs/api" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jose dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@clerk/clerk-sdk-node" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: firebase dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 17 updates in the / directory:
2.0.02.2.59.6.710.9.08.4.148.4.314.2.14.2.30.2.00.2.23.1.13.1.46.5.46.6.10.10.530.10.644.18.14.21.21.14.91.15.94.1.04.1.12.0.62.0.72.0.52.0.72.13.12.14.44.0.04.1.40.7.310.7.401.2.31.2.5Bumps the npm_and_yarn group with 7 updates in the /api directory:
0.41.02.2.50.21.41.7.99.0.021.1.04.1.14.2.02.2.58.5.02.0.52.0.78.5.1removed2.10.05.1.6Bumps the npm_and_yarn group with 1 update in the /web directory: firebase.
Updates
@redwoodjs/apifrom 2.0.0 to 2.2.5Changelog
Sourced from
@redwoodjs/api's changelog.Commits
6febc64v2.2.5230e602Strip resetToken and resetTokenExpiresAt from dbAuth forgotPassword handler (...62827bdv2.2.4f4ca692v2.2.30dd41c9v2.2.2eef20f9v2.2.16ad940dv2.2.0adb51b2fix(graphql): Fixes multiValueHeader handling (and CORS) in graphql handler ...224156efix(deps): update dependency cross-undici-fetch to v0.4.14 (#6000)912198afix(deps): update dependency core-js to v3.23.5 (#5987)Updates
firebasefrom 9.6.7 to 10.9.0Commits
1eb302fVersion Packages (#8063)b498867Merge master into releasece88e71snapshot listeners source from cache (#7982)6d487d7Prevent using authTokenSyncURL if the string begins with a double slash (#8060)b4d59d6Merge master into release2b22838Fix glob pattern to work with Node 20 and its NPM version (#8059)feb5038Update CI node.js versions to 20.x (#8055)245dd26Enforce authTokenSyncURL being a path and not a url. (#8056)e60188dVersion Packages (#8046)7e2efbfMerge master into releaseUpdates
postcssfrom 8.4.14 to 8.4.31Release notes
Sourced from postcss's releases.
... (truncated)
Changelog
Sourced from postcss's changelog.
... (truncated)
Commits
90208deRelease 8.4.31 version58cc860Fix carrier return parsing4fff8e4Improve pnpm test outputcd43ed1Update dependenciescaa916bUpdate dependencies8972f76Typo11a5286Typo45c5501Release 8.4.30 versionbc3c341Update linterb2be58aMerge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...Updates
@grpc/grpc-jsfrom 1.5.7 to 1.9.15Release notes
Sourced from
@grpc/grpc-js's releases.... (truncated)
Commits
08b0422Merge pull request from GHSA-7v5v-9h63-cj86c75e048grpc-js: Bump to 1.9.15d5d62b4grpc-js: Avoid buffering significantly more than max_receive_message_size per...02d0344Merge pull request #2741 from sergiitk/backport-1.9-psm-interop-common-prod-t...cf14020Merge pull request #2729 from sergiitk/psm-interop-common-prod-testsda44229Merge pull request #2738 from murgatroid99/backport-1.9-grpc-js_linkify-it_fix5ae7c8cMerge pull request #2735 from murgatroid99/grpc-js_linkify-it_fixeed21baMerge pull request #2714 from sergiitk/backport-1.9-psm-interop-pkg-dev63763a4Merge pull request #2712 from sergiitk/psm-interop-pkg-dev5be83ddMerge pull request #2643 from murgatroid99/grpc-js_idle_timer_fixUpdates
browserify-signfrom 4.2.1 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
Commits
bf2c3ecv4.2.39247adf[patch] widen support to 0.12f427270[Deps] update `parse-asn187f3a35[Dev Deps] updateaud,npmignore,tapefb261ce[Deps] updateelliptic4d0ee49[patch] drop minimum node support to v19e2bf12[Deps] pinhash-baseto ~3.0, due to a breaking change168e16f[Deps] pinellipticdue to a breaking change37a4758[actions] remove redundant finisher4af5a90v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
decode-uri-componentfrom 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea460.2.2980e0bfPrevent overwriting previously decoded tokens3c8a3730.2.176abc93Switch to GitHub workflows746ca5dFix issue where decode throws - fixes #6486d7e2Update license (#1)a650457Tidelift tasks66e1c28Meta tweaksUpdates
dsetfrom 3.1.1 to 3.1.4Release notes
Sourced from dset's releases.
Commits
05b1ec03.1.416d6154fix: prevent proto assignment via implicit string48f14a13.1.3aca90fbchore: add "types" conditions for TS "nodenext" resolution (#40)740b3ae3.1.2845879bchore(merge): add tests for "proto" key (#38)2d156c7fix(merge): prevent possible prototype pollution (#34)56923fechore: readme example errors (#30)Updates
ellipticfrom 6.5.4 to 6.6.1Commits
9b774366.6.104cb6f5Merge commit from forkb8a7edd6.6.034c8534fix: signature verification due to leading zeros3e46a486.5.7accb61elib: DER signature decoding correction03e06e16.5.67ac5360Merge commit from fork75700786.5.5206da2elib: lintUpdates
es5-extfrom 0.10.53 to 0.10.64Release notes
Sourced from es5-ext's releases.
... (truncated)
Changelog
Sourced from es5-ext's changelog.
... (truncated)
Commits
f76b03dchore: Release v0.10.642881acdchore: Bump dependenciesc2e2bb9fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72docs: Fix date in the changelogde4e03cchore: Release v0.10.633fd53b7chore: Upgradelint-stagedto v13bf8ed79chore: Ensure postinstall script does not crash on Windows2cbbb07chore: Bump dependencies22d0416chore: Bump LICENSE yeara52e957fix: Support ES2015+ function definitions infunction#toStringTokens()Updates
expressfrom 4.18.1 to 4.21.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
1faf2284.21.22e0fb64deps: bump path-to-regexp@0.1.12 (#6209)59fc270deps: path-to-regexp@0.1.11 (#5956)51fc39cdocs: add funding (#6065)8e229f94.21.1a024c8afix(deps): cookie@0.7.17e562c64.21.01bcde96fix(deps): qs@6.13.0 (#5946)7d36477fix(deps): serve-static@1.16.2 (#5951)40d2d8ffix(deps): finalhandler@1.3.1Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for express since your current version.
Updates
follow-redirectsfrom 1.14.9 to 1.15.9Commits
e4e55c7Release version 1.15.9 of the npm package.31a1abfAttempt much more gentle detection.d2aaa97Fix url field.62558f0Release version 1.15.8 of the npm package.a8d1ceeReturn subtlety.458ca8eFix native URL test for Node 20.ca49e44Handle KeepAlive connections in tests.f3711d7Test on Node 20 and 22.fda0fafFix typo.760757fRelease version 1.15.7 of the npm package.Updates
http-cache-semanticsfrom 4.1.0 to 4.1.1Commits
2449650Update mocha560b2d8Don't use regex to trim whitespaceb1bdb92Remove linting package zooc20dc7eCache 308Updates
http-proxy-middlewarefrom 2.0.6 to 2.0.7Release notes
Sourced from http-proxy-middleware's releases.
Changelog
Sourced from http-proxy-middleware's changelog.
Commits
1e92339ci(github-actions): fix npm tag90afb7cchore(package): v2.0.70b4274efix(filter): handle errors1bd6dd5ci(github actions): add publish.ymlUpdates
josefrom 2.0.5 to 2.0.7Release notes
Sourced from jose's releases.
Changelog
Sourced from jose's changelog.
Commits
0fbe2e6chore(release): 2.0.702a6579fix: add a maxOutputLength option to zlib inflated1be83fchore(release): 2.0.6c1512befix: limit default PBES2 alg's computational expenseUpdates
nanoidfrom 3.3.4 to 3.3.8Changelog
Sourced from nanoid's changelog.