Skip to content

Bump qs, http-server, node-sass and svg-sprite in /demo/tatami #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump qs, http-server, node-sass and svg-sprite in /demo/tatami #64

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 1, 2026

Bumps qs to 6.14.1 and updates ancestor dependencies qs, http-server, node-sass and svg-sprite. These dependencies need to be updated together.

Updates qs from 6.5.2 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

  • [Fix] ensure arrayLength applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup
  • [Tests] utils.merge: add some coverage
  • [Tests] fix a test case
  • [actions] split out node 10-20, and 20+
  • [Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

6.13.0

  • [New] parse: add strictDepth option (#511)
  • [Tests] use npm audit instead of aud

6.12.3

  • [Fix] parse: properly account for strictNullHandling when allowEmptyArrays
  • [meta] fix changelog indentation

6.12.2

  • [Fix] parse: parse encoded square brackets (#506)
  • [readme] add CII best practices badge

6.12.1

  • [Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)
  • [Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)
  • [Refactor] utils: use +=
  • [Tests] increase coverage

6.12.0

... (truncated)

Commits
  • 3fa11a5 v6.14.1
  • a626704 [Dev Deps] update npmignore
  • 3086902 [Fix] ensure arrayLength applies to [] notation as well
  • fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
  • 0b06aac [Dev Deps] update @ljharb/eslint-config
  • 64951f6 [Refactor] parse: extract key segment splitting helper
  • e1bd259 [Dev Deps] update @ljharb/eslint-config
  • f4b3d39 [eslint] add eslint 9 optional peer dep
  • 6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
  • 973dc3c [actions] add workflow permissions
  • Additional commits viewable in compare view

Updates http-server from 0.11.1 to 0.11.2

Release notes

Sourced from http-server's releases.

v0.11.2: Security update

Upgrades several dependencies to avoid security vulnerabilities, especially as mentioned in #707.

Commits
Maintainer changes

This version was pushed to npm by thornjad, a new releaser for http-server since your current version.


Updates node-sass from 4.9.4 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

Breaking changes

Supported Environments

OS Architecture Node
Windows x86 & x64 16, 18, 19, 20
OSX x64 16, 18, 19, 20
Linux* x64 16, 18, 19, 20
Alpine Linux x64 16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

Breaking changes

Features

Dependencies

  • Bump true-case-path@2.2.1
  • Bump node-gyp @​9.0.0
  • Bump nan@^2.17.0
  • Bump sass-graph@^4.0.1

Misc

... (truncated)

Changelog

Sourced from node-sass's changelog.

v4.14.0

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

https://github.com/sass/node-sass/releases/tag/v4.13.0

v4.12.0

https://github.com/sass/node-sass/releases/tag/v4.12.0

v4.11.0

https://github.com/sass/node-sass/releases/tag/v4.11.0

v4.10.0

https://github.com/sass/node-sass/releases/tag/v4.10.0

Commits

Updates svg-sprite from 1.5.0 to 2.0.4

Release notes

Sourced from svg-sprite's releases.

v2.0.4

  • Fixed _transformShape not calling all transformations 0302084 (backported from main)
  • Adding failing tests for issue #762 85d9a3a (backported from main)

v2.0.3

Hopefully this will be the last 2.x version and the next version will be v3.0.0. There might be regressions compared to 1.x in main (3.x), so if you have time please make a PR with an accompanied test case and CC me.

This is the only way to move forward given the limited resources we have.

What's Changed

New Contributors

Full Changelog: svg-sprite/svg-sprite@v2.0.2...v2.0.3

v2.0.2

v2.0.1

v2.0.0

Breaking changes

  • Drop Node.js < 12 support
  • Update svgo to v2.x

Changes

  • Add namespaceIDPrefix option
  • Add rel="noopener noreferrer" to all links in generated HTML pages.
  • Add compileAsync method
  • Add support for disabling root viewBox attribute in stack mode
  • Add ID references substitution in href attributes (earlier worked with xlink:href only)
  • Drop Node.js < 12 support
  • Remove the deprecated config.transform option
  • Add milliseconds in logger's output
  • Change SVG dimensions calculation from PhantomJS to resvg-js, drop PhantomJ direct dependency (replaced with resvg-js)
  • Fix a rare issue with valid SVG files marked as invalid
  • Fix a rare bug with checking if passed config.log option is an instance of winston.Logger
  • Fix missing shape names when adding input files with a relative path
  • Replace cssmin with csso
  • Reduce lodash and other direct dependencies; switch to native JS alternatives

... (truncated)

Changelog

Sourced from svg-sprite's changelog.

Newer release notes are published on the GitHub release page: https://github.com/svg-sprite/svg-sprite/releases

1.6.0-alpha Maintenance pre-release (2020-01-18)

  • Remove support for Node < 8.0
  • Update dependencies (#306, #310)
  • Update documentation to use updated SVGO plugin name (#275)
  • Move mocha and should dependencies back to devDependencies again (#297, #285)
  • Add built-in templating function to encode hash signs (#294)
  • Fix verbose logging output (#279, #291)
  • Add option to prefix auto-generated namespace IDs (#292, #293)
  • Update preview templates to use SVG checker image (#287)
Commits
Maintainer changes

This version was pushed to npm by xhmikosr, a new releaser for svg-sprite since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump qs, http-server, node-sass and svg-sprite in /demo/tatami
9b00d63 
Bumps [qs](https://github.com/ljharb/qs) to 6.14.1 and updates ancestor dependencies [qs](https://github.com/ljharb/qs), [http-server](https://github.com/http-party/http-server), [node-sass](https://github.com/sass/node-sass) and [svg-sprite](https://github.com/svg-sprite/svg-sprite). These dependencies need to be updated together.


Updates `qs` from 6.5.2 to 6.14.1
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.14.1)

Updates `http-server` from 0.11.1 to 0.11.2
- [Release notes](https://github.com/http-party/http-server/releases)
- [Commits](http-party/http-server@0.11.1...v0.11.2)

Updates `node-sass` from 4.9.4 to 9.0.0
- [Release notes](https://github.com/sass/node-sass/releases)
- [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md)
- [Commits](sass/node-sass@v4.9.4...v9.0.0)

Updates `svg-sprite` from 1.5.0 to 2.0.4
- [Release notes](https://github.com/svg-sprite/svg-sprite/releases)
- [Changelog](https://github.com/svg-sprite/svg-sprite/blob/main/CHANGELOG.md)
- [Commits](svg-sprite/svg-sprite@v1.5.0...v2.0.4)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.1
  dependency-type: indirect
- dependency-name: http-server
  dependency-version: 0.11.2
  dependency-type: direct:development
- dependency-name: node-sass
  dependency-version: 9.0.0
  dependency-type: direct:development
- dependency-name: svg-sprite
  dependency-version: 2.0.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants