Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump dset and quaff #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump dset and quaff #9

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Apr 30, 2023

Bumps dset to 3.1.2 and updates ancestor dependency quaff. These dependencies need to be updated together.

Updates dset from 2.1.0 to 3.1.2

Release notes

Sourced from dset's releases.

v3.1.2

Patches

  • (dset/merge): Prevent possible prototype pollution (#34): 2d156c7 Thank you @​n1ru4l~!

Chores

Full Changelog: lukeed/dset@v3.1.1...v3.1.2

v3.1.1

Patches

Chores

  • Update module sizes: c29c251 Changes from #29 saved 2B from dset and 1B from dset/merge 😆

Full Changelog: lukeed/dset@v3.1.0...v3.1.1

v3.1.0

Features

  • Added dset/merge submodule: 5aed5d1, 8d0224d, 8ee6d12 This is an opt-in module, inspired by GraphQL's upcoming @stream and @defer directives. The purpose of this submodule is to merge mutations from multiple sources into a single payload. It will merge new values into existing/previous values, whereas dset (main mode) will replace values at the specified key-path outright. In code, this difference roughly translates to this distinction:

    // dset (main)
target.key = { value: 'new value' };
// dset/merge
Object.assign(target.key, { value: 'new value' })

    See Merging and test/suites/objects.js for more information.

Chores

... (truncated)

Commits

Updates quaff from 4.2.0 to 5.0.0

Release notes

Sourced from quaff's releases.

5.0.0

  • Prep for release 5925048
  • Fine let's do it de68f0b
  • Accidential commit d1ce38f
  • Formatted 9ce2d2f
  • Migrate to TypeScript 6186189
  • jsconfig.json formatting b5351ca
  • Fix type stuff 222c361
  • Tweak README and CHANGELOG to note new pure ESM interface b1cabd9
  • Some cleanup 846d97b
  • Add support for .cjs and .mjs extensions c789115
  • @​ts-ignore the dynamic import so TS quiets down 53287d5
  • TypeScript is wrong, this can be a URL 2e8392e
  • Use pathToFileURL to correct Windows error e2102fe
  • Oops b5b7086
  • Update CI GitHub Action, move back to c8 0e9ea14
  • Prep for move to ESM only c84a3f1
  • Bump np 4a6ea99
  • npm audit fix da5614e
  • Bump prettier from 2.3.0 to 2.3.1 08e1b82
  • Bump prettier from 2.2.1 to 2.3.0 6924281
  • Upgrade to GitHub-native Dependabot 3523bb4
  • Bump @​types/node from 14.14.37 to 14.14.39 7b30f2b
  • Bump js-yaml from 4.0.0 to 4.1.0 19acc58
  • Bump @​types/node from 14.14.36 to 14.14.37 9640af0
  • Bump @​types/node from 14.14.35 to 14.14.36 5a0030f
  • Break out quaffFile from the main quaff function 02cfe89
  • Move to lockfileVersion: 2 0fba0fb
  • Bump @​types/node from 14.14.34 to 14.14.35 320c908
  • Bump @​types/node from 14.14.33 to 14.14.34 c3b59dc
  • Bump @​types/node from 14.14.32 to 14.14.33 06b72ba
  • Bump @​types/node from 14.14.31 to 14.14.32 67bb137
  • Bump dset from 3.0.0 to 3.1.0 41a7876
  • Bump @​types/node from 14.14.30 to 14.14.31 48f36a8
  • Bump @​types/node from 14.14.28 to 14.14.30 ea61b14
  • Bump @​types/node from 14.14.27 to 14.14.28 0003f45
  • Bump @​types/node from 14.14.25 to 14.14.27 d437cd1
  • Bump np from 7.3.0 to 7.4.0 b03f6fa
  • Bump np from 7.2.0 to 7.3.0 7e4007f
  • Bump @​types/node from 14.14.22 to 14.14.25 70fb6d9
  • yaml.safeLoad -> yaml.load (now always safe) ea93d70
  • Bump js-yaml from 3.14.1 to 4.0.0 498e032
  • Bump parse-json from 5.1.0 to 5.2.0 061fda7
  • dset 3.0.0 is now a named export 346ae12
  • Bump dset from 2.1.0 to 3.0.0 15ebd21
  • Bump dset from 2.0.1 to 2.1.0 65d9f49
  • Bump @​types/node from 14.14.21 to 14.14.22 e4835a2
  • Bump @​types/node from 14.14.20 to 14.14.21 29400fe
  • Bump @​types/node from 14.14.19 to 14.14.20 1aaaf28
  • Bump @​types/node from 14.14.17 to 14.14.19 c6439c7

... (truncated)

Changelog

Sourced from quaff's changelog.

[5.0.0] - 2021-06-12

Added

  • The quaff individual file processor is now available at loadFile. This makes it possible to tap into all of quaff's processors to load a single file. The newly named load export works the same as before and uses loadFile behind the scenes.
  • It is now possible to include JavaScript files using the .cjs and .mjs extensions.

Changed

  • quaff is now a pure ESM package. It can no longer be require()'d from CommonJS. If this functionality is still needed please continue to use quaff@^4. It is also possible to dynamically import ESM in CommonJS (await import('quaff')) if that is compatible with your use case.
  • quaff no longer has a default export and now uses two named exports - load and loadFile.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump dset and quaff
315505b 
Bumps [dset](https://github.com/lukeed/dset) to 3.1.2 and updates ancestor dependency [quaff](https://github.com/rdmurphy/quaff). These dependencies need to be updated together.


Updates `dset` from 2.1.0 to 3.1.2
- [Release notes](https://github.com/lukeed/dset/releases)
- [Commits](lukeed/dset@v2.1.0...v3.1.2)

Updates `quaff` from 4.2.0 to 5.0.0
- [Release notes](https://github.com/rdmurphy/quaff/releases)
- [Changelog](https://github.com/rdmurphy/quaff/blob/main/CHANGELOG.md)
- [Commits](rdmurphy/quaff@4.2.0...5.0.0)

---
updated-dependencies:
- dependency-name: dset
  dependency-type: indirect
- dependency-name: quaff
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants