Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 4 directories with 5 updates #81

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 4 directories with 5 updates #81

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 15, 2024

Bumps the npm_and_yarn group with 1 update in the /javascript/ql/experimental/adaptivethreatmodeling/test/modeled_apis directory: mongodb.
Bumps the npm_and_yarn group with 1 update in the /javascript/ql/test/library-tests/Extend directory: merge.
Bumps the npm_and_yarn group with 2 updates in the /javascript/ql/test/library-tests/HtmlSanitizers directory: sanitize-html and validator.
Bumps the npm_and_yarn group with 1 update in the /javascript/ql/test/library-tests/frameworks/Next directory: next.

Updates mongodb from 2.2.33 to 3.1.13

Changelog

Sourced from mongodb's changelog.

3.1.13 (2019-01-23)

Bug Fixes

  • restore ability to webpack by removing makeLazyLoader (050267d)
  • bulk: honor ignoreUndefined in initializeUnorderedBulkOp (e806be4)
  • changeStream: properly handle changeStream event mid-close (#1902) (5ad9fa9)
  • db_ops: ensure we async resolve errors in createCollection (210c71d)

3.1.12 (2019-01-16)

Features

  • core: update to mongodb-core v3.1.11 (9bef6e7)

3.1.11 (2019-01-15)

Bug Fixes

  • bulk: fix error propagation in empty bulk.execute (a3adb3f)
  • bulk: make sure that any error in bulk write is propagated (bedc2d2)
  • bulk: properly calculate batch size for bulk writes (aafe71b)
  • operations: do not call require in a hot path (ff82ff4)

3.1.10 (2018-11-16)

Bug Fixes

  • auth: remember to default to admin database (c7dec28)

Features

  • core: update to mongodb-core v3.1.9 (bd3355b)

... (truncated)

Commits
  • c6f417e chore(release): 3.1.13
  • 210c71d fix(db_ops): ensure we async resolve errors in createCollection
  • 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
  • e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
  • 050267d fix(*): restore ability to webpack by removing makeLazyLoader
  • 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
  • cb3cd12 chore(release): 3.1.12
  • 508d685 Revert "chore(release): 3.2.0"
  • e7619aa chore(release): 3.2.0
  • d0dc228 chore(travis): include forgotten stage info for sharded builds
  • Additional commits viewable in compare view

Updates merge from 1.2.1 to 2.1.1

Commits

Updates sanitize-html from 1.27.5 to 2.13.1

Changelog

Sourced from sanitize-html's changelog.

2.13.1 (2024-10-03)

  • Fix to allow regex in allowedClasses wildcard whitelist. Thanks to anak-dev.

2.13.0 (2024-03-20)

  • Documentation update regarding minimum supported TypeScript version.

  • Added disallowedTagsMode: completelyDiscard option to remove the content also in HTML. Thanks to Gauav Kumar for this addition.

2.12.1 (2024-02-22)

  • Do not parse sourcemaps in post-css. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the style attribute is allowed by the configuration. Thanks to the Snyk Security team for the disclosure and to Dylan Armstrong for the fix.

2.12.0 (2024-02-21)

  • Introduced the allowedEmptyAttributes option, enabling explicit specification of empty string values for select attributes, with the default attribute set to alt. Thanks to Na for the contribution.

  • Clarified the use of SVGs with a new test and changes to documentation. Thanks to Gauav Kumar for the contribution.

  • Do not process source maps when processing style tags with PostCSS.

2.11.0 (2023-06-21)

  • Fix to allow false in allowedClasses attributes. Thanks to Kevin Jiang for this fix!
  • Upgrade mocha version
  • Apply small linter fixes in tests
  • Add .idea temp files to .gitignore
  • Thanks to Vitalii Shpital for the updates!
  • Show parseStyleAttributes warning in browser only. Thanks to mog422 for this update!
  • Remove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. Thanks to Dylan Armstrong for this update!

2.10.0 (2023-02-17)

  • Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when disallowedTagMode is set to any variant of escape -- just escape the disallowed tags that are present. This fixes [issue #464](apostrophecms/sanitize-html#464). Thanks to Daniel Liebner
  • Add tagAllowed() helper function which takes a tag name and checks it against options.allowedTags and returns true if the tag is allowed and false if it is not.

2.9.0 (2023-01-27)

2.8.1 (2022-12-21)

  • If the argument is a number, convert it to a string, for backwards compatibility. Thanks to Alexander Schranz.

2.8.0 (2022-12-12)

  • Upgrades htmlparser2 to new major version ^8.0.0. Thanks to Kedar Chandrayan for this contribution.

2.7.3 (2022-10-24)

... (truncated)

Commits

Updates validator from 10.11.0 to 13.12.0

Release notes

Sourced from validator's releases.

13.12.0

What's Changed

New Features / Validators

Fixes, New Locales and Enhancements

New Contributors

... (truncated)

Changelog

Sourced from validator's changelog.

13.12.0

New Features / Validators

Fixes, New Locales and Enhancements

13.11.0

New Features / Validators

Fixes, New Locales and Enhancements

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by profnandaa, a new releaser for validator since your current version.


Updates next from 10.2.3 to 14.2.15

Release notes

Sourced from next's releases.

v14.2.15

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • support breadcrumb style catch-all parallel routes #65063
  • Provide non-dynamic segments to catch-all parallel routes #65233
  • Fix client reference access causing metadata missing #70732
  • feat(next/image): add support for decoding prop #70298
  • feat(next/image): add images.localPatterns config #70529
  • fix(next/image): handle undefined images.localPatterns config in images-manifest.json
  • fix: Do not omit alt on getImgProps return type, ImgProps #70608
  • [i18n] Routing fix #70761

Credits

Huge thanks to @​ztanner, @​agadzik, @​huozhi, @​styfle, @​icyJoseph and @​wyattjoh for helping!

v14.2.14

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Fix: clone response in first handler to prevent race (#70082) (#70649)
  • Respect reexports from metadata API routes (#70508) (#70647)
  • Externalize node binary modules for app router (#70646)
  • Fix revalidateTag() behaviour when invoked in server components (#70446) (#70642)
  • Fix prefetch bailout detection for nested loading segments (#70618)
  • Add missing node modules to externals (#70382)
  • Feature: next/image: add support for images.remotePatterns.search (#70302)

Credits

Huge thanks to @​styfle, @​ztanner, @​ijjk, @​huozhi and @​wyattjoh for helping!

v14.2.13

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Fix missing cache-control on SSR app route (#70265)
  • feat: add polyfill of URL.canParse for browser compatibility (#70228)
  • Fix vercel og package memory leak (#70214)
  • Fix startTime error on Android 9 with Chrome 74 (#67391)

Credits

Huge thanks to @​raeyoung-kim, @​huozhi, @​devjiwonchoi, and @​ijjk for helping!

v14.2.12

[!NOTE]

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 4 directories with 5 updates
c566b62 
Bumps the npm_and_yarn group with 1 update in the /javascript/ql/experimental/adaptivethreatmodeling/test/modeled_apis directory: [mongodb](https://github.com/mongodb/node-mongodb-native).
Bumps the npm_and_yarn group with 1 update in the /javascript/ql/test/library-tests/Extend directory: [merge](https://github.com/yeikos/js.merge).
Bumps the npm_and_yarn group with 2 updates in the /javascript/ql/test/library-tests/HtmlSanitizers directory: [sanitize-html](https://github.com/apostrophecms/sanitize-html) and [validator](https://github.com/validatorjs/validator.js).
Bumps the npm_and_yarn group with 1 update in the /javascript/ql/test/library-tests/frameworks/Next directory: [next](https://github.com/vercel/next.js).


Updates `mongodb` from 2.2.33 to 3.1.13
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/main/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v2.2.33...v3.1.13)

Updates `merge` from 1.2.1 to 2.1.1
- [Release notes](https://github.com/yeikos/js.merge/releases)
- [Changelog](https://github.com/swordev/merge/blob/main/CHANGELOG.md)
- [Commits](swordev/merge@v1.2.1...v2.1.1)

Updates `sanitize-html` from 1.27.5 to 2.13.1
- [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/sanitize-html/commits/2.13.1)

Updates `validator` from 10.11.0 to 13.12.0
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@10.11.0...13.12.0)

Updates `next` from 10.2.3 to 14.2.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v10.2.3...v14.2.15)

---
updated-dependencies:
- dependency-name: mongodb
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: merge
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: sanitize-html
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: validator
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 15, 2024
@cr-gpt CR.GPT
Copy link

cr-gpt bot commented Oct 15, 2024

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ATM dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants