Bump the npm_and_yarn group with 6 updates #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

dependabot wants to merge 1 commit into main from dependabot/npm_and_yarn/npm_and_yarn-6e769ad5fb

dependabot bot commented on behalf of github Feb 14, 2025

Bumps the npm_and_yarn group with 6 updates:

Package	From	To
@babel/traverse	`7.16.7`	`7.26.9`
decode-uri-component	`0.2.0`	`0.2.2`
minimatch	`3.0.4`	`3.1.2`
tough-cookie	`4.0.0`	`4.1.4`
word-wrap	`1.2.3`	`1.2.5`
ws	`7.5.6`	`7.5.10`

Updates @babel/traverse from 7.16.7 to 7.26.9

Release notes

Sourced from @babel/traverse's releases.

v7.26.9 (2025-02-14)

🐛 Bug Fix

babel-types

#17103 fix: Definition for TSPropertySignature.kind (@liuxingbaoyu)

babel-generator, babel-types

#17062 Print TypeScript optional/definite in ClassPrivateProperty (@jamiebuilds-signal)

🏠 Internal

babel-types

#17130 Use .ts files with explicit reexports to solve name conflicts (@nicolo-ribaudo)

babel-core

#17127 Do not depend on @types/gensync in Babel 7 (@nicolo-ribaudo)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jamie Kyle (@jamiebuilds-signal)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.26.8 (2025-02-08)

🏠 Internal

babel-preset-env

#17097 Update dependency babel-plugin-polyfill-corejs3 to ^0.11.0

v7.26.7 (2025-01-24)

Thanks @branchseer and @tquetano-netflix for your first PRs!

🐛 Bug Fix

babel-helpers, babel-preset-env, babel-runtime-corejs3

#17086 Make "object without properties" helpers ES6-compatible (@tquetano-netflix)

babel-plugin-transform-typeof-symbol

#17085 fix: Correctly handle typeof in arrow functions (@liuxingbaoyu)

babel-parser

#17079 Respect ranges option in estree method value (@JLHwung)

babel-core

#17052 Do not try to parse .ts configs as JSON if natively supported (@nicolo-ribaudo)

babel-plugin-transform-typescript

#17050 fix: correctly resolve references to non-constant enum members (@branchseer)

babel-plugin-transform-typescript, babel-traverse, babel-types

#17025 fix: Remove type-only import x = y.z (@liuxingbaoyu)

Committers: 6

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Tony Quetano (@tquetano-netflix)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.26.9 (2025-02-14)

🐛 Bug Fix

babel-types

#17103 fix: Definition for TSPropertySignature.kind (@liuxingbaoyu)

babel-generator, babel-types

#17062 Print TypeScript optional/definite in ClassPrivateProperty (@jamiebuilds-signal)

🏠 Internal

babel-types

#17130 Use .ts files with explicit reexports to solve name conflicts (@nicolo-ribaudo)

babel-core

#17127 Do not depend on @types/gensync in Babel 7 (@nicolo-ribaudo)

v7.26.7 (2025-01-24)

🐛 Bug Fix

babel-helpers, babel-preset-env, babel-runtime-corejs3

#17086 Make "object without properties" helpers ES6-compatible (@tquetano-netflix)

babel-plugin-transform-typeof-symbol

#17085 fix: Correctly handle typeof in arrow functions (@liuxingbaoyu)

babel-parser

#17079 Respect ranges option in estree method value (@JLHwung)

babel-core

#17052 Do not try to parse .ts configs as JSON if natively supported (@nicolo-ribaudo)

babel-plugin-transform-typescript

#17050 fix: correctly resolve references to non-constant enum members (@branchseer)

babel-plugin-transform-typescript, babel-traverse, babel-types

#17025 fix: Remove type-only import x = y.z (@liuxingbaoyu)

v7.26.6 (2025-01-13)

🐛 Bug Fix

babel-plugin-transform-nullish-coalescing-operator

#17061 fix: Chaining nullish coalescing operators output size regression (@liuxingbaoyu)

v7.26.5 (2025-01-10)

👓 Spec Compliance

babel-parser

#17011 Allow the dynamic import.defer() form of import defer (@babel-bot)

🐛 Bug Fix

babel-plugin-transform-block-scoped-functions

#17024 chore: Avoid calling isInStrictMode in Babel 7 (@liuxingbaoyu)

babel-plugin-transform-typescript

#17026 fix: Correctly generate exported const enums in namespace (@liuxingbaoyu)

babel-parser

#17045 [estree] Unify method type parameters handling (@JLHwung)

#17013 fix: Correctly set position for @(a.b)() (@liuxingbaoyu)

#16996 [estree] Adjust the start loc of class methods with type params (@nicolo-ribaudo)

babel-generator, babel-parser, babel-plugin-transform-flow-strip-types, babel-types

... (truncated)

Commits

64bca7b v7.26.9
4cf5c9e [babel 8] Use @babel/types for parser's return type (#17117)
5315446 [babel 8] Remove babel 7-specific imports (#17111)
0593941 v7.26.8
e02b0ff [Babel 8] Create TSTemplateLiteralType (#17066)
2d95140 v7.26.7
ad572fd fix: Remove type-only import x = y.z (#17025)
74181cf v7.26.5
d35794e [Babel 8] Create TSEnumBody for TSEnumDeclaration (#16979)
cd24cc0 chore: Update TS 5.7 (#17053)
Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates minimatch from 3.0.4 to 3.1.2

Commits

699c459 3.1.2
2f2b5ff fix: trim pattern
25d7c0d 3.1.1
55dda29 fix: treat nocase:true as always having magic
5e1fb8d 3.1.0
f8145c5 Add 'allowWindowsEscape' option
570e8b1 add publishConfig for v3 publishes
5b7cd33 3.0.6
20b4b56 [fix] revert all breaking syntax changes
2ff0388 document, expose, and test 'partial:true' option
Additional commits viewable in compare view

Updates tough-cookie from 4.0.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

Add local alias for toString by @corvidism in salesforce/tough-cookie#409

Fix incorrect string validation for URL by @coditva in salesforce/tough-cookie#261

New Contributors

@corvidism made their first contribution in salesforce/tough-cookie#409

@coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

fix: allow set cookies with localhost by @colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

fix: allow special use domains by default by @colincasey in salesforce/tough-cookie#249

4.1.1 Patch -- allow special use domains by default by @awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

Create CHANGELOG.md by @ShivanKaul in salesforce/tough-cookie#189

Missing param validation issue145 by @medelibero-sfdc in salesforce/tough-cookie#193

Create SECURITY.md by @ShivanKaul in salesforce/tough-cookie#201

Create CODE_OF_CONDUCT.md by @ShivanKaul in salesforce/tough-cookie#200

Fix for issue #195 by @medelibero-sfdc in salesforce/tough-cookie#202

Add explanation and more special-use domains by @ShivanKaul in salesforce/tough-cookie#203

Sync of constructor options for serialization by @medelibero-sfdc in salesforce/tough-cookie#204

Returned null in case of empty cookie value by @vsin12 in salesforce/tough-cookie#196

132 str trim not a function by @awaterma in salesforce/tough-cookie#209

Fix for issue #153 by @medelibero-sfdc in salesforce/tough-cookie#210

Fix permuteDomain with trailing dot by @ruoho-sfdc in salesforce/tough-cookie#216

Issue #213 -- added gh-actions flow for building and testing tough-co… by @awaterma in salesforce/tough-cookie#218

... (truncated)

Commits

cacbc37 Bump version to 4.1.4
a48fb3a Add tests for url validation
50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
1253d58 Merge pull request #409 from corvidism/validators-to-string
238367e Add local alias for toString
4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
12d4747 Prevent prototype pollution in cookie memstore (#283)
f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
cf6debd Fix incorrect string validation for URL
b1a8898 fix: allow set cookies with localhost (#253)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Updates ws from 7.5.6 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

Backported 0fdcc0af to the 7.x release line (2758ed35).

Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

Backported 6946f5fe to the 7.x release line (1f72e2e1).

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
8a78f87 [dist] 7.5.9
0435e6e [security] Fix same host check for ws+unix: redirects
4271f07 [dist] 7.5.8
dc1781b [security] Drop sensitive headers when following insecure redirects
2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
a370613 [dist] 7.5.7
1f72e2e [security] Drop sensitive headers when following redirects (#2013)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.


          Bump the npm_and_yarn group with 6 updates

945bf50

Bumps the npm_and_yarn group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.16.7` | `7.26.9` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |
| [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.4` |
| [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` |
| [ws](https://github.com/websockets/ws) | `7.5.6` | `7.5.10` |


Updates `@babel/traverse` from 7.16.7 to 7.26.9
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.9/packages/babel-traverse)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `tough-cookie` from 4.0.0 to 4.1.4
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

Updates `ws` from 7.5.6 to 7.5.10
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.6...7.5.10)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: word-wrap
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels