Bump semver, jsonwebtoken, webpack and webpack-cli #31

dependabot · 2023-06-24T19:25:46Z

Bumps semver to 7.5.3 and updates ancestor dependencies semver, jsonwebtoken, webpack and webpack-cli. These dependencies need to be updated together.

Updates semver from 7.3.8 to 7.5.3

Release notes

Sourced from semver's releases.

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@lukekarrys)

Documentation

bf53dd8 #569 add example for > comparator (#569) (@mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

58c791f #566 diff when detecting major change from prerelease (#566) (@lukekarrys)

5c8efbc #565 preserve build in raw after inc (#565) (@lukekarrys)

717534e #564 better handling of whitespace (#564) (@lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

d30d25a #559 show type on invalid semver error (#559) (@tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

503a4e5 #548 allow identifierBase to be false (#548) (@lsvalina)

Bug Fixes

e219bb4 #552 throw on bad version with correct error message (#552) (@wraithgar)

fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson)

2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@macno)

v7.4.0

7.4.0 (2023-04-10)

Features

113f513 #532 identifierBase parameter for .inc (#532) (@wraithgar, @b-bly)

48d8f8f #530 export new RELEASE_TYPES constant (@hcharley)

Bug Fixes

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.3 (2023-06-22)

Bug Fixes

abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@lukekarrys)

Documentation

bf53dd8 #569 add example for > comparator (#569) (@mbtools)

7.5.2 (2023-06-15)

Bug Fixes

58c791f #566 diff when detecting major change from prerelease (#566) (@lukekarrys)

5c8efbc #565 preserve build in raw after inc (#565) (@lukekarrys)

717534e #564 better handling of whitespace (#564) (@lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

d30d25a #559 show type on invalid semver error (#559) (@tjenkinson)

7.5.0 (2023-04-17)

Features

503a4e5 #548 allow identifierBase to be false (#548) (@lsvalina)

Bug Fixes

e219bb4 #552 throw on bad version with correct error message (#552) (@wraithgar)

fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson)

2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@macno)

7.4.0 (2023-04-10)

Features

113f513 #532 identifierBase parameter for .inc (#532) (@wraithgar, @b-bly)

48d8f8f #530 export new RELEASE_TYPES constant (@hcharley)

Bug Fixes

940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@wraithgar)

aa516b5 #535 faster parse options (#535) (@H4ad)

61e6ea1 #536 faster cache key factory for range (#536) (@H4ad)

f8b8b61 #541 optimistic parse (#541) (@H4ad)

796cbe2 #533 semver.diff prerelease to release recognition (#533) (@wraithgar, @dominique-blockchain)

... (truncated)

Commits

7fdf1ef chore: release 7.5.3
bf53dd8 docs: add example for > comparator (#569)
abdd93d fix: set max lengths in regex for numeric and build identifiers (#571)
e7b78de chore: release 7.5.2
58c791f fix: diff when detecting major change from prerelease (#566)
5c8efbc fix: preserve build in raw after inc (#565)
717534e fix: better handling of whitespace (#564)
2f738e9 chore: bump @npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
aa016a6 chore: release 7.5.1
d30d25a fix: show type on invalid semver error (#559)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
7e6a86b Upload OpsLevel YAML (#849)
74d5719 docs: update references vercel/ms references (#770)
d71e383 docs: document "invalid token" error
3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
a46097e docs: make decode impossible to discover before verify
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates webpack from 4.46.0 to 5.88.0

Release notes

Sourced from webpack's releases.

v5.88.0

New Features

[CSS] - Use css/auto as the default css mode by @burhanuday in webpack/webpack#17399

Bug Fixes

Fix bugs related to require.context and layer by @alexander-akait in webpack/webpack#17388

Fix bug in runtime for CSS loading by @alexander-akait in webpack/webpack#17400

Correct indirect call for tagged template expressions using correct this context by @alexander-akait in webpack/webpack#17397

Update environment support for KaiOS browser by @steverep in webpack/webpack#17395

Fix async module runtime code for running top-level-await by @ahabhgk in webpack/webpack#17393

Developer Experience

Add example for stats minimal output by @ersachin3112 in webpack/webpack#17406

Significantly improve type coverage for Dependency, Runtime, Template classes by @alexander-akait in webpack/webpack#17394

Dependencies & Maintenance

Bump browserslist from 4.21.8 to 4.21.9 by @dependabot in webpack/webpack#17389

Bump acorn from 8.8.2 to 8.9.0 by @dependabot in webpack/webpack#17402

Bump eslint from 8.42.0 to 8.43.0 by @dependabot in webpack/webpack#17401

Bump eslint-plugin-jest from 27.2.1 to 27.2.2 by @dependabot in webpack/webpack#17407

New Contributors

@steverep made their first contribution in webpack/webpack#17395

Full Changelog: webpack/webpack@v5.87.0...v5.88.0

v5.87.0

New Features

Implement fetchPriority feature as parser option and magic comment by @alexander-akait in webpack/webpack#17249

[CSS] - Introduce 'css/auto' as a css module type by @ahabhgk in webpack/webpack#16577

[CSS] - Style-specific fields now automatically resolve in package.json by @burhanuday in webpack/webpack#17346

webpack configuration API now accepts "falsy values" loaders and plugins by @alexander-akait in webpack/webpack#17339

Bug Fixes

Fix codecov badge in readme by @burhanuday in webpack/webpack#17353

Developer Experience

Add link to svelte loader for webpack by @burhanuday in webpack/webpack#17369

Increase parser API types in internal plugins across dependency plugins @alexander-akait in webpack/webpack#17365

Dependencies & Maintenance

Bump memfs from 3.5.2 to 3.5.3 by @dependabot in webpack/webpack#17347

Bump webpack-cli from 5.1.3 to 5.1.4 by @dependabot in webpack/webpack#17349

Bump es-module-lexer from 1.2.1 to 1.3.0 by @dependabot in webpack/webpack#17362

Bump @types/node from 20.2.5 to 20.3.0 by @dependabot in webpack/webpack#17361

Bump core-js from 3.30.2 to 3.31.0 by @dependabot in webpack/webpack#17360

Bump browserslist from 4.21.6 to 4.21.8 by @dependabot in webpack/webpack#17367

Bump @types/node from 20.3.0 to 20.3.1 by @dependabot in webpack/webpack#17366

New Contributors

... (truncated)

Commits

1e18b1d 5.88.0
d15c734 Merge pull request #17394 from webpack/refactor-more-types
cff406c refactor(types): more
3f71468 refactor(types): more
d9d64b5 refactor(types): more
d1f1433 Merge pull request #17406 from ersachin3112/stats-minimal
e226101 refactor(types): more
a911bd9 refactor(types): more
e381884 refactor(types): more
4809421 refactor(types): more
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by thelarkinn, a new releaser for webpack since your current version.

Updates webpack-cli from 3.3.12 to 5.1.4

Release notes

Sourced from webpack-cli's releases.

v5.1.4

5.1.4 (2023-06-07)

Bug Fixes

multi compiler progress output (f659624)

v5.1.3

5.1.3 (2023-06-04)

Bug Fixes

regression for custom configurations (#3834) (bb4f8eb)

v5.1.2

5.1.2 (2023-06-04)

Bug Fixes

improve check for custom webpack and webpack-dev-server package existance (0931ab6)

improve help for some flags (f468614)

improved support for .cts and .mts extensions (a77daf2)

v5.1.1

5.1.1 (2023-05-09)

Bug Fixes

false positive warning when --watch used (#3783) (c0436ba)

v5.1.0

5.1.0 (2023-05-07)

Features

shareable webpack configs using extends (#3738) (d04d0b9)

Performance Improvements

simplify logic, reduce extra loops and perf (#3767) (6afe1d3)

v5.0.2

5.0.2 (2023-04-21)

Bug Fixes

error message for missing default export in configuration (#3685) (e0a4a09)

perf: reduced startup time (3b79059)

v5.0.1

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

5.1.4 (2023-06-07)

Bug Fixes

multi compiler progress output (f659624)

5.1.3 (2023-06-04)

Bug Fixes

regression for custom configurations (#3834) (bb4f8eb)

5.1.2 (2023-06-04)

Bug Fixes

improve check for custom webpack and webpack-dev-server package existance (0931ab6)

improve help for some flags (f468614)

improved support for .cts and .mts extensions (a77daf2)

5.1.1 (2023-05-09)

Bug Fixes

false positive warning when --watch used (#3783) (c0436ba)

5.1.0 (2023-05-07)

Features

shareable webpack configs using extends (#3738) (d04d0b9)

Performance Improvements

simplify logic, reduce extra loops and perf (#3767) (6afe1d3)

5.0.2 (2023-04-21)

Bug Fixes

error message for missing default export in configuration (#3685) (e0a4a09)

perf: reduced startup time (3b79059)

5.0.1 (2022-12-05)

Bug Fixes

make define-process-env-node-env alias node-env (#3514) (346a518)

5.0.0 (2022-11-17)

... (truncated)

Commits

e07f0e5 chore(release): publish new version
0345c6f chore(deps-dev): bump @typescript-eslint/parser from 5.59.8 to 5.59.9 (#3839)
f659624 fix: multi compiler progress output
0d1ff01 chore(deps-dev): bump webpack from 5.85.0 to 5.85.1 (#3837)
a7ec146 chore(deps-dev): bump @typescript-eslint/eslint-plugin (#3838)
9464635 chore(deps-dev): bump eslint from 8.41.0 to 8.42.0 (#3835)
cf1796f docs: update changelog
7899c39 chore(release): publish new version
bb4f8eb fix: regression for custom configurations (#3834)
14b9c18 docs: update changelog
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [semver](https://github.com/npm/node-semver) to 7.5.3 and updates ancestor dependencies [semver](https://github.com/npm/node-semver), [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken), [webpack](https://github.com/webpack/webpack) and [webpack-cli](https://github.com/webpack/webpack-cli). These dependencies need to be updated together. Updates `semver` from 7.3.8 to 7.5.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.3.8...v7.5.3) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `webpack` from 4.46.0 to 5.88.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v4.46.0...v5.88.0) Updates `webpack-cli` from 3.3.12 to 5.1.4 - [Release notes](https://github.com/webpack/webpack-cli/releases) - [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md) - [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.12...webpack-cli@5.1.4) --- updated-dependencies: - dependency-name: semver dependency-type: indirect - dependency-name: jsonwebtoken dependency-type: direct:production - dependency-name: webpack dependency-type: direct:development - dependency-name: webpack-cli dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 24, 2023

harmony7 force-pushed the master branch 4 times, most recently from 5daaab7 to 607ed80 Compare March 25, 2024 09:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump semver, jsonwebtoken, webpack and webpack-cli #31

Bump semver, jsonwebtoken, webpack and webpack-cli #31

dependabot bot commented on behalf of github Jun 24, 2023 •

edited

Loading

Bump semver, jsonwebtoken, webpack and webpack-cli #31

Are you sure you want to change the base?

Bump semver, jsonwebtoken, webpack and webpack-cli #31

Conversation

dependabot bot commented on behalf of github Jun 24, 2023 • edited Loading

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

Documentation

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

v7.5.0

7.5.0 (2023-04-17)

Features

Bug Fixes

v7.4.0

7.4.0 (2023-04-10)

Features

Bug Fixes

7.5.3 (2023-06-22)

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

7.5.0 (2023-04-17)

Features

Bug Fixes

7.4.0 (2023-04-10)

Features

Bug Fixes

9.0.0 - 2022-12-21

Breaking changes

Security fixes

v5.88.0

New Features

Bug Fixes

Developer Experience

Dependencies & Maintenance

New Contributors

v5.87.0

New Features

Bug Fixes

Developer Experience

Dependencies & Maintenance

New Contributors

v5.1.4

5.1.4 (2023-06-07)

Bug Fixes

v5.1.3

5.1.3 (2023-06-04)

Bug Fixes

v5.1.2

5.1.2 (2023-06-04)

Bug Fixes

v5.1.1

5.1.1 (2023-05-09)

Bug Fixes

v5.1.0

5.1.0 (2023-05-07)

Features

Performance Improvements

v5.0.2

5.0.2 (2023-04-21)

Bug Fixes

v5.0.1

5.1.4 (2023-06-07)

Bug Fixes

5.1.3 (2023-06-04)

Bug Fixes

5.1.2 (2023-06-04)

Bug Fixes

5.1.1 (2023-05-09)

Bug Fixes

5.1.0 (2023-05-07)

dependabot bot commented on behalf of github Jun 24, 2023 •

edited

Loading