-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump the npm_and_yarn group across 5 directories with 8 updates #2721
Open
dependabot
wants to merge
1
commit into
main
Choose a base branch
from
dependabot/npm_and_yarn/docs/website/npm_and_yarn-c5847b67b7
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
chore(deps): bump the npm_and_yarn group across 5 directories with 8 updates #2721
dependabot
wants to merge
1
commit into
main
from
dependabot/npm_and_yarn/docs/website/npm_and_yarn-c5847b67b7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…updates Bumps the npm_and_yarn group with 2 updates in the /docs/website directory: [axios](https://github.com/axios/axios) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 2 updates in the /generator/rust directory: [braces](https://github.com/micromatch/braces) and [micromatch](https://github.com/micromatch/micromatch). Bumps the npm_and_yarn group with 3 updates in the /infra/dashboard directory: [axios](https://github.com/axios/axios), [next](https://github.com/vercel/next.js) and [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Bumps the npm_and_yarn group with 2 updates in the /sdk/circomlib directory: [snarkjs](https://github.com/iden3/snarkjs) and [circom_tester](https://github.com/iden3/circom_tester). Bumps the npm_and_yarn group with 1 update in the /sdk/typescript/bitseed-sdk directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `axios` from 1.5.0 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.5.0...v1.7.4) Updates `next` from 13.4.19 to 14.2.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.19...v14.2.10) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `axios` from 1.3.4 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.5.0...v1.7.4) Updates `next` from 13.2.4 to 14.2.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.19...v14.2.10) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `snarkjs` from 0.5.0 to 0.7.4 - [Commits](iden3/snarkjs@v0.5.0...v0.7.4) Updates `circom_tester` from 0.0.19 to 0.0.20 - [Commits](iden3/circom_tester@v0.0.19...v0.0.20) Updates `vite` from 5.4.4 to 5.4.6 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.6/packages/vite) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: snarkjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: circom_tester dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
requested review from
wow-sven,
geometryolife and
Mine77
as code owners
October 1, 2024 07:54
dependabot
bot
added
dependencies
Pull requests that update a dependency file
javascript
Pull requests that update Javascript code
labels
Oct 1, 2024
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF ScorecardScorecard details
Scanned Manifest Filesdocs/website/package.json
generator/rust/yarn.lock
infra/dashboard/package.json
sdk/circomlib/package-lock.json
sdk/circomlib/package.json
sdk/circomlib/yarn.lock
sdk/typescript/bitseed-sdk/package.json
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
javascript
Pull requests that update Javascript code
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 2 updates in the /docs/website directory: axios and next.
Bumps the npm_and_yarn group with 2 updates in the /generator/rust directory: braces and micromatch.
Bumps the npm_and_yarn group with 3 updates in the /infra/dashboard directory: axios, next and jsonwebtoken.
Bumps the npm_and_yarn group with 2 updates in the /sdk/circomlib directory: snarkjs and circom_tester.
Bumps the npm_and_yarn group with 1 update in the /sdk/typescript/bitseed-sdk directory: vite.
Updates
axios
from 1.5.0 to 1.7.4Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7
chore(release): v1.7.4 (#6544)6b6b605
fix(sec): CVE-2024-39338 (#6539) (#6543)07a661a
fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43
chore(release): v1.7.3 (#6521)e3c76fc
fix(adapter): fix progress event emitting; (#6518)85d4d0e
fix(fetch): fix withCredentials request config (#6505)92cd8ed
chore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7
fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fa
chore(release): v1.7.2 (#6414)4f79aef
fix(fetch): enhance fetch API detection; (#6413)Updates
next
from 13.4.19 to 14.2.10Release notes
Sourced from next's releases.
... (truncated)
Commits
937651f
v14.2.107ed7f12
Remove invalid fallback revalidate value (#69990)99de057
Revert server action optimization (#69925)24647b9
Add ability to customize Cache-Control (#69802)6fa8982
v14.2.97998745
test: lock ts type check (#69889)4bd3849
create-next-app: fix font file corruption when using import alias (#69806)3756801
test: check most possible combination of CNA flags9a72ad6
unpin CNA tests from 14.2.3747d365
Fix metadata prop merging (#69807)Updates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
micromatch
from 4.0.5 to 4.0.8Release notes
Sourced from micromatch's releases.
Changelog
Sourced from micromatch's changelog.
Commits
8bd704e
4.0.8a0e6841
run verb to generate README documentation4ec2884
Merge branch 'v4' into hauserkristof-feature/v4.0.803aa805
Merge pull request #266 from hauserkristof/feature/v4.0.8814f5f7
lint67fcce6
fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3
fix: CVE numbers in CHANGELOGd9dbd9a
feat: updated CHANGELOG2ab1315
fix: use actions/setup-node@v41406ea3
feat: rework test to work on macos with node 10,12 and 14Updates
axios
from 1.3.4 to 1.7.4Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7
chore(release): v1.7.4 (#6544)6b6b605
fix(sec): CVE-2024-39338 (#6539) (#6543)07a661a
fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43
chore(release): v1.7.3 (#6521)e3c76fc
fix(adapter): fix progress event emitting; (#6518)85d4d0e
fix(fetch): fix withCredentials request config (#6505)92cd8ed
chore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7
fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fa
chore(release): v1.7.2 (#6414)4f79aef
fix(fetch): enhance fetch API detection; (#6413)Updates
next
from 13.2.4 to 14.2.10Release notes
Sourced from next's releases.
... (truncated)
Commits
937651f
v14.2.107ed7f12
Remove invalid fallback revalidate value (#69990)99de057
Revert server action optimization (#69925)24647b9
Add ability to customize Cache-Control (#69802)6fa8982
v14.2.97998745
test: lock ts type check (#69889)4bd3849
create-next-app: fix font file corruption when using import alias (#69806)3756801
test: check most possible combination of CNA flags9a72ad6
unpin CNA tests from 14.2.3747d365
Fix metadata prop merging (#69807)Updates
jsonwebtoken
from 8.5.1 to 9.0.0Changelog
Sourced from jsonwebtoken's changelog.
Commits
e1fa9dc
Merge pull request from GHSA-8cf7-32gw-wr335eaedbf
chore(ci): remove github test actions job (#861)cd4163e
chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)ecdf6cc
fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...8345030
fix(sign&verify)!: Remove defaultnone
support fromsign
andverify
met...7e6a86b
Upload OpsLevel YAML (#849)74d5719
docs: update references vercel/ms references (#770)d71e383
docs: document "invalid token" error3765003
docs: fix spelling in README.md: Peak -> Peek (#754)a46097e
docs: make decode impossible to discover before verifyMaintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.
Updates
snarkjs
from 0.5.0 to 0.7.4Commits
bda5de3
0.7.441498fc
build77747d2
Bump dependency version (#484)e7f5a6f
Merge pull request #482 from iden3/chore/fix-ci8b53dce
Drop node v16 support since it has reached EOL alreadye9597c6
Drop node v16 support since it has reached EOL alreadye882491
Update Node.js version note in README6dd3f62
Trying to get version of hardat that supports node v16, v18, v2068a9ad2
Trying to get version of hardat that supports node v16f8091ec
Trying to get version of hardat that supports node v16Updates
circom_tester
from 0.0.19 to 0.0.20Commits
21819aa
0.0.2065ecff0
depsf110b67
Merge pull request #19 from iden3/fix/make-warningsc6a5e2e
Added inspect flag. Add missing prime flag for c_testere2d060f
Code formatting. Changevar
tolet
andconst
1405005
Merge branch 'main' into fix/make-warnings7f13f84
Merge pull request #17 from nvnx7/main276e29b
Merge branch 'main' into maina870064
Merge pull request #13 from BlakeMScurr/patch-1d34af46
Merge branch 'main' into patch-1Updates
vite
from 5.4.4 to 5.4.6Changelog
Sourced from vite's changelog.
Commits
f969176
release: v5.4.6179b177
fix: avoid DOM Clobbering gadget ingetRelativeUrlFromDocument
(#18115)6820bb3
fix: fs raw query (#18112)37881e7
release: v5.4.5faa2405
fix(preload): backport #18098, throw error preloading module as well (#18099)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.