-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): bump the npm_and_yarn group across 2 directories with 6 updates #3589
Open
dependabot
wants to merge
1
commit into
main
Choose a base branch
from
dependabot/npm_and_yarn/npm_and_yarn-597cbd4e19
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependabot
bot
added
the
dependencies
Pull requests that update a dependency file
label
Oct 15, 2024
dependabot
bot
requested review from
RafaelAPB,
petermetz,
izuru0,
jagpreetsinghsasan,
VRamakrishna and
outSH
as code owners
October 15, 2024 00:21
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-597cbd4e19
branch
2 times, most recently
from
October 17, 2024 03:35
f2d72d7
to
63bb560
Compare
…updates Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.11.3` | `1.12.0` | | [axios](https://github.com/axios/axios) | `1.7.2` | `1.7.4` | | [express](https://github.com/expressjs/express) | `4.21.0` | `4.21.1` | | [undici](https://github.com/nodejs/undici) | `6.19.8` | `6.20.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.3.3` | `5.3.6` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.79.2` | Bumps the npm_and_yarn group with 2 updates in the /weaver/samples/fabric/fabric-cli directory: [@grpc/grpc-js](https://github.com/grpc/grpc-node) and [express](https://github.com/expressjs/express). Updates `@grpc/grpc-js` from 1.11.3 to 1.12.0 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected]) Updates `axios` from 1.7.2 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.2...v1.7.4) Updates `express` from 4.21.0 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.21.0...4.21.1) Updates `undici` from 6.19.8 to 6.20.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.19.8...v6.20.0) Updates `vite` from 5.3.3 to 5.3.6 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.3.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.3.6/packages/vite) Updates `rollup` from 2.79.1 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.1...v2.79.2) Updates `@grpc/grpc-js` from 1.11.3 to 1.12.2 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected]) Updates `express` from 4.21.0 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.21.0...4.21.1) --- updated-dependencies: - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn ... Co-authored-by: Peter Somogyvari <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Peter Somogyvari <[email protected]>
petermetz
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-597cbd4e19
branch
from
October 18, 2024 18:55
63bb560
to
85e4649
Compare
@hyperledger-cacti/cacti-maintainers I fixed the usual sneaky axios downgrade that the robot keeps trying to slip through. This is now ready for review. |
petermetz
approved these changes
Oct 18, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 6 updates in the / directory:
1.11.3
1.12.0
1.7.2
1.7.4
4.21.0
4.21.1
6.19.8
6.20.0
5.3.3
5.3.6
2.79.1
2.79.2
Bumps the npm_and_yarn group with 2 updates in the /weaver/samples/fabric/fabric-cli directory: @grpc/grpc-js and express.
Updates
@grpc/grpc-js
from 1.11.3 to 1.12.0Release notes
Sourced from
@grpc/grpc-js
's releases.Commits
8aacdfd
Merge pull request #2833 from murgatroid99/grpc-js_1.12.0_bump051c048
grpc-js: Bump to 1.12.0707f6cb
Merge pull request #2832 from murgatroid99/grpc-js-xds_enable_dualstack50668f7
grpc-js-xds: Enable dualstack support by default3c9436b
Merge pull request #2812 from vinothsa4891/bugfix/support-reject-unauthorized0430dc5
Merge pull request #2828 from murgatroid99/grpc-js_parse_duration_fix6d09389
grpc-js: Fix duration parsing bug7121f27
Changed condition9e68873
Moved rejectUnauthorized from channel option to connectionOptionsd95ea30
Merge pull request #2823 from murgatroid99/grpc-js-xds_file_watcher_pluginUpdates
axios
from 1.7.2 to 1.7.4Release notes
Sourced from axios's releases.
Changelog
Sourced from axios's changelog.
Commits
abd24a7
chore(release): v1.7.4 (#6544)6b6b605
fix(sec): CVE-2024-39338 (#6539) (#6543)07a661a
fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43
chore(release): v1.7.3 (#6521)e3c76fc
fix(adapter): fix progress event emitting; (#6518)85d4d0e
fix(fetch): fix withCredentials request config (#6505)92cd8ed
chore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7
fix(xhr): return original config on errors from XHR adapter (#6515)Updates
express
from 4.21.0 to 4.21.1Release notes
Sourced from express's releases.
Changelog
Sourced from express's changelog.
Commits
8e229f9
4.21.1a024c8a
fix(deps): [email protected]Updates
undici
from 6.19.8 to 6.20.0Release notes
Sourced from undici's releases.
Commits
24b9403
Bumped v6.20.0e4439e9
handle body errors (#3632) (#3700)1df3923
mock: fix mocking of Uint8Array and ArrayBuffers as provided mock-reponses (#...de943c4
ignore leading and trailing crlfs in formdata body (#3677) (#3681)5c0846d
test: less flaky timers acceptance test, rework fast timer tests to pass them...5b1e534
ci: less flaky test/request-timeout.js test (#3580) (#3678)d047e99
fix: use fasttimers for all connection timeouts (#3552) (#3675)a7bffd4
fix: run asserts first if possible (#3541) (#3674)6764626
fix: refactor fast timers, fix UND_ERR_CONNECT_TIMEOUT on event loop blocking...7466672
fix: avoid memoryleak in client-h1 (#3510) (#3672)Updates
vite
from 5.3.3 to 5.3.6Changelog
Sourced from vite's changelog.
Commits
f469ceb
release: v5.3.62691bb3
fix: avoid DOM Clobbering gadget ingetRelativeUrlFromDocument
(#18115)4573a6f
fix: fs raw query (#18112)4407839
release: v5.3.566bdb1d
refactor(asset): remove rollup 3 public file watch workaround (#16331)b240a83
fix(build): env output is not stable (#17748)b58b423
fix(importMetaGlob): handle alias that starts with hash (#17743)d906d3f
fix(css): resolve url aliases with fragments (fix: #17690) (#17691)3c1bde3
fix(client): fix vite error path (#17744)9983731
chore(deps): update all non-major dependencies (#17734)Updates
rollup
from 2.79.1 to 2.79.2Changelog
Sourced from rollup's changelog.
... (truncated)
Commits
c9bd03d
2.79.248aef33
fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)Updates
@grpc/grpc-js
from 1.11.3 to 1.12.2Release notes
Sourced from
@grpc/grpc-js
's releases.Commits
8aacdfd
Merge pull request #2833 from murgatroid99/grpc-js_1.12.0_bump051c048
grpc-js: Bump to 1.12.0707f6cb
Merge pull request #2832 from murgatroid99/grpc-js-xds_enable_dualstack50668f7
grpc-js-xds: Enable dualstack support by default3c9436b
Merge pull request #2812 from vinothsa4891/bugfix/support-reject-unauthorized0430dc5
Merge pull request #2828 from murgatroid99/grpc-js_parse_duration_fix6d09389
grpc-js: Fix duration parsing bug7121f27
Changed condition9e68873
Moved rejectUnauthorized from channel option to connectionOptionsd95ea30
Merge pull request #2823 from murgatroid99/grpc-js-xds_file_watcher_pluginUpdates
express
from 4.21.0 to 4.21.1Release notes
Sourced from express's releases.
Changelog
Sourced from express's changelog.
Commits
8e229f9
4.21.1a024c8a
fix(deps): [email protected]You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.