Bump the npm_and_yarn group across 1 directory with 17 updates by dependabot[bot] · Pull Request #1 · pitolick/whitebase

dependabot · 2024-09-12T06:18:40Z

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
postcss	`8.4.21`	`8.4.45`
webpack	`5.75.0`	`5.94.0`
@babel/traverse	`7.20.13`	`7.25.6`
@blakeembrey/template	`1.1.0`	`1.2.0`
ws	`8.12.0`	`8.18.0`
@wordpress/scripts	`25.3.0`	`29.0.0`
socket.io-client	`4.5.4`	`4.7.5`
socket.io	`4.5.4`	`4.7.5`
axios	`0.21.4`	`1.7.7`
browser-sync	`2.27.11`	`3.0.2`
braces	`3.0.2`	`3.0.3`
tough-cookie	`4.1.2`	`4.1.4`

Updates postcss from 8.4.21 to 8.4.45

Release notes

Sourced from postcss's releases.

8.4.45

Removed unnecessary fix which could lead to infinite loop.

8.4.44

Another way to fix markClean is not a function error.

8.4.43

Fixed markClean is not a function error.

8.4.42

Fixed CSS syntax error on long minified files (by @varpstar).

8.4.41

Fixed types (by @nex3 and @querkmachine).

Cleaned up RegExps (by @bluwy).

8.4.40

Moved to getter/setter in nodes types to help Sass team (by @nex3).

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by @tim-we).

Cleaned up code (by @DrKiraDmitry).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by @romainmenke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.45

Removed unnecessary fix which could lead to infinite loop.

8.4.44

Another way to fix markClean is not a function error.

8.4.43

Fixed markClean is not a function error.

8.4.42

Fixed CSS syntax error on long minified files (by @varpstar).

8.4.41

Fixed types (by @nex3 and @querkmachine).

Cleaned up RegExps (by @bluwy).

8.4.40

Moved to getter/setter in nodes types to help Sass team (by @nex3).

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by Tim Weißenfels).

Cleaned up code (by Dmitry Kirillov).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

... (truncated)

Commits

448c4f3 Release 8.4.45 version
1c77d2e Update unnecessary check
f38b329 Try to fix CI
d442dc7 Release 8.4.44 version
3c7cda0 Another way to fix markClean() is undefined issue
b985ed1 Release 8.4.43 version
3025b74 Update dependencies
79ff980 Update AST if it is not made by PostCSS >= 8.4.41
0fda48a Release 8.4.42 version
cd5b08c Add ESLint to CI
Additional commits viewable in compare view

Updates webpack from 5.75.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

Added runtime condition for harmony reexport checked

Handle properly data/http/https protocols in source maps

Make bigint optimistic when browserslist not found

Move @types/eslint-scope to dev deps

Related in asset stats is now always an array when no related found

Handle ASI for export declarations

Mangle destruction incorrect with export named default properly

Fixed unexpected asi generation with sequence expression

Fixed a lot of types

New Features

Added new external type "module-import"

Support webpackIgnore for new URL() construction

[CSS] @import pathinfo support

Security

Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

Generate correct relative path to runtime chunks

Makes DefinePlugin quieter under default log level

Fixed mangle destructuring default in namespace import

Fixed consumption of eager shared modules for module federation

Strip slash for pretty regexp

Calculate correct contenthash for CSS generator options

New Features

Added the binary generator option for asset modules to explicitly keep source maps produced by loaders

Added the modern-module library value for tree shakable output

Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

Correct tidle range's comutation for module federation

Consider runtime for pure expression dependency update hash

Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

eabf85d chore(release): 5.94.0
955e057 security: fix DOM clobbering in auto public path
9822387 test: fix
cbb86ed test: fix
5ac3d7f fix: unexpected asi generation with sequence expression
2411661 security: fix DOM clobbering in auto public path
b8c03d4 fix: unexpected asi generation with sequence expression
f46a03c revert: do not use heuristic fallback for "module-import"
60f1898 fix: do not use heuristic fallback for "module-import"
66306aa Revert "fix: module-import get fallback from externalsPresets"
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates @babel/traverse from 7.20.13 to 7.25.6

Release notes

Sourced from @babel/traverse's releases.

v7.25.6 (2024-08-29)

Thanks @j4k0xb for your first PR!

🐛 Bug Fix

babel-generator

#16783 Properly print inner comments in TS array types (@nicolo-ribaudo)

#16775 fix: jsx whitespace is not properly preserved when retainLines (@liuxingbaoyu)

babel-traverse

#16727 fix: path.getAssignmentIdentifiers may be undefined (@liuxingbaoyu)

babel-parser

#16761 fix: improve static canFollowModifier checks (@JLHwung)

babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3

#16769 Only wrap functions in superPropertyGet helper (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16780 Do not enforce printing space between ( and comments (@nicolo-ribaudo)

babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes

#16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@nicolo-ribaudo)

babel-generator

#16782 TS union/intersection nested in union does not need parens (@nicolo-ribaudo)

🏠 Internal

babel-generator

#16777 Remove unused parent params in the generator (@nicolo-ribaudo)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@j4k0xb

@liuxingbaoyu

v7.25.5 (2024-08-23)

🐛 Bug Fix

babel-generator, babel-traverse

#16764 fix: Generate sequence expression parentheses correctly (@liuxingbaoyu)

💅 Polish

babel-generator

#16738 Only force-parenthesize satisfies's LHS if it has newlines (@nicolo-ribaudo)

Committers: 2

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.25.4 (2024-08-22)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.25.6 (2024-08-29)

🐛 Bug Fix

babel-generator

#16783 Properly print inner comments in TS array types (@nicolo-ribaudo)

#16775 fix: jsx whitespace is not properly preserved when retainLines (@liuxingbaoyu)

babel-traverse

#16727 fix: path.getAssignmentIdentifiers may be undefined (@liuxingbaoyu)

babel-parser

#16761 fix: improve static canFollowModifier checks (@JLHwung)

babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3

#16769 Only wrap functions in superPropertyGet helper (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16780 Do not enforce printing space between ( and comments (@nicolo-ribaudo)

babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes

#16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@nicolo-ribaudo)

babel-generator

#16782 TS union/intersection nested in union does not need parens (@nicolo-ribaudo)

🏠 Internal

babel-generator

#16777 Remove unused parent params in the generator (@nicolo-ribaudo)

v7.25.5 (2024-08-23)

🐛 Bug Fix

babel-generator, babel-traverse

#16764 fix: Generate parentheses correctly (@liuxingbaoyu)

💅 Polish

babel-generator

#16738 Only force-parenthesize satisfies's LHS if it has newlines (@nicolo-ribaudo)

v7.25.4 (2024-08-22)

🐛 Bug Fix

babel-traverse

#16756 fix: Skip computed key when renaming (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16755 fix: Decorator 2018-09 may throw an exception (@liuxingbaoyu)

babel-types

#16710 Visit AST fields nodes according to their syntactical order (@nicolo-ribaudo)

babel-generator

#16709 Print semicolon after TS export namespace as A (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse

#16722 Avoid unnecessary parens around sequence expressions (@nicolo-ribaudo)

babel-generator, babel-plugin-transform-class-properties

#16714 Avoid unnecessary parens around exported arrow functions (@nicolo-ribaudo)

... (truncated)

Commits

2f72b97 v7.25.6
faceae9 fix: path.getAssignmentIdentifiers may be undefined (#16727)
46ee612 Remove some NodePath methods (#16655)
2fdc8b5 fix: Generate sequence expression parentheses correctly (#16764)
cbf124c v7.25.4
2b289fb fix: skip computed key when renaming (#16756)
575863c Avoid unnecessary parens around sequence expressions (#16722)
5174ad1 Clean all always enabled parser plugins (#16572)
52718ab Discontinue babel-eslint-config-internal (#16718)
dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
Additional commits viewable in compare view

Updates @blakeembrey/template from 1.1.0 to 1.2.0

Release notes

Sourced from @blakeembrey/template's releases.

Support nested keys

Changed

Replace new Function to minimize code sanitization required and mitigate CVEs filed against untrusted templates

Use foo.bar syntax for nested keys

blakeembrey/js-template@v1.1.0...v1.2.0

Commits

22f70c7 1.2.0
6bacc20 Update min node version
98a3e1d Update build image
9b7922c Rewrite to parser
460d3ec Upgrade dev deps
b8d9aa9 Remove template display name
530ccd8 Create SECURITY.md
See full diff in compare view

Updates ws from 8.12.0 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

Added support for Blob (#2229).

8.17.1

Bug fixes

Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

976c53c [dist] 8.18.0
59b9629 [feature] Add support for Blob (#2229)
0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
15f11a0 [security] Add new DoS vulnerability to SECURITY.md
3c56601 [dist] 8.17.1
e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
6a00029 [test] Increase code coverage
ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
b73b118 [dist] 8.17.0
29694a5 [test] Use the highWaterMark variable
Additional commits viewable in compare view

Updates @wordpress/scripts from 25.3.0 to 29.0.0

Changelog

Sourced from @wordpress/scripts's changelog.

29.0.0 (2024-09-05)

Breaking Changes

Fixed the issue with having 5 high severity vulnerabilities by upgrading the puppeteer-core package to the latest major version ^23.1.0 (#64597).

Enhancements

Inlines CSS files imported from other CSS files before optimization in the build command (#61121).

Bug Fixes

Added chunk filename in webpack config to avoid reading stale files (#58176).

28.6.0 (2024-08-21)

28.5.0 (2024-08-07)

28.4.0 (2024-07-24)

New Features

Update webpack configuration for the build and start commands to automatically copy PHP files listed in the variations field of block.json files from the source to the build folder (#63098).

28.3.0 (2024-07-10)

28.2.0 (2024-06-26)

28.1.0 (2024-06-15)

28.0.0 (2024-05-31)

Breaking Changes

Note If you're using @wordpress/scripts for building JS scripts to target WordPress 6.5 or earlier, you should not upgrade to this version and continue using @wordpress/scripts@27.

Use React's automatic runtime to transform JSX (#61692).

Variables like process.env.IS_GUTENBERG_PLUGIN have been replaced by globalThis.IS_GUTENBERG_PLUGIN. Build systems using process.env should be updated (#61486).

Increase the minimum required Node.js version to v18.12.0 matching long-term support releases (#31270). Learn more about Node.js releases.

27.9.0 (2024-05-16)

New Features

Add RTL support when building CSS styles with build and start scripts (#61540).

27.8.0 (2024-05-02)

27.7.0 (2024-04-19)

... (truncated)

Commits

c90d920 chore(release): publish
2d989d3 Update changelog files
2dbed20 Merge changes published in the Gutenberg plugin "release/19.2" branch
ab95649 chore(release): publish
c63e6e9 Update changelog files
4510582 Merge changes published in the Gutenberg plugin "release/19.1" branch
c3101ab chore(release): publish
4bb3aa7 Update changelog files
363edb3 chore(release): publish
4985329 Update changelog files
Additional commits viewable in compare view

Updates socket.io-client from 4.5.4 to 4.7.5

Release notes

Sourced from socket.io-client's releases.

4.7.5

Bug Fixes

discard acknowledgements upon disconnection (34cbfbb)

Links

Diff: socketio/socket.io-client@4.7.4...4.7.5

Server release: 4.7.5

engine.io-client@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.4

There were some minor bug fixes on the server side, which mandate a client bump.

Links

Diff: socketio/socket.io-client@4.7.3...4.7.4

Server release: 4.7.4

engine.io-client@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.3

Bug Fixes

improve compatibility with node16 module resolution (#1595) (605de78)

typings: accept string | undefined as init argument (5a3eafe)

typings: fix the type of the socket#id attribute (f9c16f2)

Links

Diff: socketio/socket.io-client@4.7.2...4.7.3

Server release: 4.7.3

engine.io-client@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.2

Some bug fixes are included from the engine.io-client package:

webtransport: add proper framing (d55c39e)

webtransport: honor the binaryType attribute (8270e00)

Links

Diff: socketio/socket.io-client@4.7.1...4.7.2

Server release: 4.7.2

engine.io-client@~6.5.2 (diff)

ws@~8.11.0 (no change)

4.7.1

... (truncated)

Changelog

Sourced from socket.io-client's changelog.

4.7.5 (2024-03-14)

Bug Fixes

discard acknowledgements upon disconnection (34cbfbb)

Dependencies

engine.io-client@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.4 (2024-01-12)

There were some minor bug fixes on the server side, which mandate a client bump.

Dependencies

engine.io-client@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.3 (2024-01-03)

Bug Fixes

improve compatibility with node16 module resolution (#1595) (605de78)

typings: accept string | undefined as init argument (5a3eafe)

typings: fix the type of the socket#id attribute (f9c16f2)

Dependencies

engine.io-client@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.2 (2023-08-02)

Some bug fixes are included from the engine.io-client package:

webtransport: add proper framing (d55c39e)

webtransport: honor the binaryType attribute (8270e00)

... (truncated)

Commits

4f6030f chore(release): 4.7.5
34cbfbb fix: discard acknowledgements upon disconnection
8cfea8c chore(release): 4.7.4
ca5d50e chore(release): 4.7.3
f9c16f2 fix(typings): fix the type of the socket#id attribute
b3f0cab ci: add Node.js 20 in the test matrix
5a3eafe fix(typings): accept string | undefined as init argument
605de78 fix: improve compatibility with node16 module resolution (#1595)
d00ccd2 ci: bump appiumVersion for Android tests in SauceLabs
928d76d chore(release): 4.7.2
Additional commits viewable in compare view

Updates socket.io from 4.5.4 to 4.7.5

Release notes

Sourced from socket.io's releases.

4.7.5

Bug Fixes

close the adapters when the server is closed (bf64870)

remove duplicate pipeline when serving bundle (e426f3e)

Links

Diff: socketio/socket.io@4.7.4...4.7.5

Client release: 4.7.5

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.4

Bug Fixes

typings: calling io.emit with no arguments incorrectly errored (cb6d2e0), closes #4914

Links

Diff: socketio/socket.io@4.7.3...4.7.4

Client release: 4.7.4

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.3

Bug Fixes

return the first response when broadcasting to a single socket (#4878) (df8e70f)

typings: allow to bind to a non-secure Http2Server (#4853) (8c9ebc3)

Links

Diff: socketio/socket.io@4.7.2...4.7.3

Client release: 4.7.3

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.2

Bug Fixes

clean up child namespace when client is rejected in middleware (#4773) (0731c0d)

webtransport: properly handle WebTransport-only connections (3468a19)

webtransport: add proper framing (a306db0)

Links

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.7.5 (2024-03-14)

Bug Fixes

close the adapters when the server is closed (bf64870)

remove duplicate pipeline when serving bundle (e426f3e)

Dependencies

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.4 (2024-01-12)

Bug Fixes

typings: calling io.emit with no arguments incorrectly errored (cb6d2e0), closes #4914

Dependencies

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.3 (2024-01-03)

Bug Fixes

return the first response when broadcasting to a single socket (#4878) (df8e70f)

typings: allow to bind to a non-secure Http2Server (#4853) (8c9ebc3)

Dependencies

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.2 (2023-08-02)

... (truncated)

Commits

5017681 chore(release): 4.7.5
bf64870 fix: close the adapters when the server is closed
748e18c ci: test with older TypeScript version
b9ce6a2 refactor: create specific adapter for parent namespaces (#4950)
54dabe5 ci: upgrade to actions/checkout@4 and actions/setup-node@4
e426f3e fix: remove duplicate pipeline when serving bundle
e36062c docs: update the webtransport example
0bbe8ae docs: only execute the passport middleware once
914a8bd docs: add example with JWT
d943c3e docs: update the Passport.js example
Additional commits viewable in compare view

Updates axios from 0.21.4 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)

http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Rishi556

Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)

fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

Dmitriy Mozgovoy

Jacques Germishuys

kuroino721

Release v1.7.5

Release notes:

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)

core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)

core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)

fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

Dmitriy Mozgovoy

Antonin Bas

Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)

sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)

http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Rishi556

Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)

fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

Dmitriy Mozgovoy

Jacques Germishuys

kuroino721

1.7.5 (2024-08-23)

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)

core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)

core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)

fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

Dmitriy Mozgovoy

Antonin Bas

Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

sec: CVE-2024-39338 (#6539) (

Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [postcss](https://github.com/postcss/postcss) | `8.4.21` | `8.4.45` | | [webpack](https://github.com/webpack/webpack) | `5.75.0` | `5.94.0` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.20.13` | `7.25.6` | | [@blakeembrey/template](https://github.com/blakeembrey/js-template) | `1.1.0` | `1.2.0` | | [ws](https://github.com/websockets/ws) | `8.12.0` | `8.18.0` | | [@wordpress/scripts](https://github.com/WordPress/gutenberg/tree/HEAD/packages/scripts) | `25.3.0` | `29.0.0` | | [socket.io-client](https://github.com/socketio/socket.io-client) | `4.5.4` | `4.7.5` | | [socket.io](https://github.com/socketio/socket.io) | `4.5.4` | `4.7.5` | | [axios](https://github.com/axios/axios) | `0.21.4` | `1.7.7` | | [browser-sync](https://github.com/BrowserSync/browser-sync) | `2.27.11` | `3.0.2` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.1.2` | `4.1.4` | Updates `postcss` from 8.4.21 to 8.4.45 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.21...8.4.45) Updates `webpack` from 5.75.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.75.0...v5.94.0) Updates `@babel/traverse` from 7.20.13 to 7.25.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.6/packages/babel-traverse) Updates `@blakeembrey/template` from 1.1.0 to 1.2.0 - [Release notes](https://github.com/blakeembrey/js-template/releases) - [Commits](blakeembrey/js-template@v1.1.0...v1.2.0) Updates `ws` from 8.12.0 to 8.18.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.12.0...8.18.0) Updates `@wordpress/scripts` from 25.3.0 to 29.0.0 - [Release notes](https://github.com/WordPress/gutenberg/releases) - [Changelog](https://github.com/WordPress/gutenberg/blob/trunk/packages/scripts/CHANGELOG.md) - [Commits](https://github.com/WordPress/gutenberg/commits/@wordpress/scripts@29.0.0/packages/scripts) Updates `socket.io-client` from 4.5.4 to 4.7.5 - [Release notes](https://github.com/socketio/socket.io-client/releases) - [Changelog](https://github.com/socketio/socket.io-client/blob/4.7.5/CHANGELOG.md) - [Commits](socketio/socket.io-client@4.5.4...4.7.5) Updates `socket.io` from 4.5.4 to 4.7.5 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/4.7.5/CHANGELOG.md) - [Commits](socketio/socket.io@4.5.4...4.7.5) Updates `axios` from 0.21.4 to 1.7.7 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.21.4...v1.7.7) Updates `browser-sync` from 2.27.11 to 3.0.2 - [Release notes](https://github.com/BrowserSync/browser-sync/releases) - [Changelog](https://github.com/BrowserSync/browser-sync/blob/master/CHANGELOG.md) - [Commits](BrowserSync/browser-sync@v2.27.11...v3.0.2) Updates `body-parser` from 1.20.1 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.3) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `express` from 4.18.2 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md) - [Commits](expressjs/express@4.18.2...4.21.0) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `socket.io` from 4.5.4 to 4.7.5 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/4.7.5/CHANGELOG.md) - [Commits](socketio/socket.io@4.5.4...4.7.5) Updates `socket.io-parser` from 4.2.2 to 4.2.4 - [Release notes](https://github.com/Automattic/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md) - [Commits](socketio/socket.io-parser@4.2.2...4.2.4) Updates `tough-cookie` from 4.1.2 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.1.2...v4.1.4) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@blakeembrey/template" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@wordpress/scripts" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: socket.io-client dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browser-sync dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 17 updates#1

Bump the npm_and_yarn group across 1 directory with 17 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-e2e2d26e28

dependabot bot commented on behalf of github Sep 12, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Sep 12, 2024

8.4.45

8.4.44

8.4.43

8.4.42

8.4.41

8.4.40

8.4.39

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.45

8.4.44

8.4.43

8.4.42

8.4.41

8.4.40

8.4.39

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

v5.94.0

Bug Fixes

New Features

Security

v5.93.0

Bug Fixes

New Features

v5.92.1

Bug Fixes

v5.92.0

Bug Fixes

v7.25.6 (2024-08-29)

🐛 Bug Fix

💅 Polish

🏠 Internal

Committers: 5

v7.25.5 (2024-08-23)

🐛 Bug Fix

💅 Polish

Committers: 2

v7.25.4 (2024-08-22)

v7.25.6 (2024-08-29)

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.25.5 (2024-08-23)

🐛 Bug Fix

💅 Polish

v7.25.4 (2024-08-22)

🐛 Bug Fix

💅 Polish

Support nested keys

8.18.0

Features

8.17.1

Bug fixes

29.0.0 (2024-09-05)

Breaking Changes

Enhancements

Bug Fixes

28.6.0 (2024-08-21)

28.5.0 (2024-08-07)

28.4.0 (2024-07-24)

New Features

28.3.0 (2024-07-10)

28.2.0 (2024-06-26)