Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group across 7 directories with 6 updates #800

Merged
merged 1 commit into from
Aug 22, 2024
Merged

chore(deps): bump the npm_and_yarn group across 7 directories with 6 updates #800

merged 1 commit into from
Aug 22, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 22, 2024

Bumps the npm_and_yarn group with 4 updates in the / directory: hono, @hono/node-server, axios and webpack.
Bumps the npm_and_yarn group with 1 update in the /examples/with-express directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-express-auth directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-express-csrf directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-hono directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-multiple-instances directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-nestjs-module directory: tough-cookie.

Updates hono from 4.4.7 to 4.5.8

Release notes

Sourced from hono's releases.

v4.5.8

Security Fix for CSRF Protection Middleware

Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

For more details, see the report here: GHSA-rpfr-3m35-5vx5

v4.5.7

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.5.6...v4.5.7

v4.5.6

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.5.5...v4.5.6

v4.5.5

What's Changed

Full Changelog: honojs/hono@v4.5.4...v4.5.5

v4.5.4

... (truncated)

Commits
  • d1c7f6f v4.5.8
  • 41ce840 Merge commit from fork
  • b0af71f v4.5.7
  • 2646696 feat(jsx): improve input attribute types based on react (#3302)
  • 331b3d8 fix(client): replace optional params to url correctly (#3304)
  • 95a6b39 docs(README): change Twitter to X (#3301)
  • 54dab7e feat(jsx): improve target and formtarget attribute types (#3299)
  • c378dd9 fix(validator): Fixed a bug in hono/validator where URL Encoded Data could no...
  • 17c3b9e feat(jsx): improve a-tag types with well known values (#3287)
  • 1854e24 perf(jsx/dom): improve performance (#3288)
  • Additional commits viewable in compare view

Updates @hono/node-server from 1.10.1 to 1.12.1

Release notes

Sourced from @​hono/node-server's releases.

v1.12.1

What's Changed

Full Changelog: honojs/node-server@v1.12.0...v1.12.1

v1.12.0

What's Changed

New Contributors

Full Changelog: honojs/node-server@v1.11.5...v1.12.0

v1.11.5

What's Changed

Full Changelog: honojs/node-server@v1.11.4...v1.11.5

v1.11.4

What's Changed

New Contributors

Full Changelog: honojs/node-server@v1.11.3...v1.11.4

v1.11.3

What's Changed

New Contributors

Full Changelog: honojs/node-server@v1.11.2...v1.11.3

v1.11.2

What's Changed

New Contributors

... (truncated)

Commits

Updates axios from 1.6.0 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.3

Release notes:

Bug Fixes

  • adapter: fix progress event emitting; (#6518) (e3c76fc)
  • fetch: fix withCredentials request config (#6505) (85d4d0e)
  • xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

Release v1.7.2

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.1

Release notes:

Bug Fixes

  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

Release v1.7.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes

  • adapter: fix progress event emitting; (#6518) (e3c76fc)
  • fetch: fix withCredentials request config (#6505) (85d4d0e)
  • xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes

Contributors to this release

1.7.1 (2024-05-20)

Bug Fixes

  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

... (truncated)

Commits

Updates webpack from 5.88.2 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import
  • Fixed consumption of eager shared modules for module federation
  • Strip slash for pretty regexp
  • Calculate correct contenthash for CSS generator options

New Features

  • Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
  • Added the modern-module library value for tree shakable output
  • Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

  • Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

  • Correct tidle range's comutation for module federation
  • Consider runtime for pure expression dependency update hash
  • Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits
  • eabf85d chore(release): 5.94.0
  • 955e057 security: fix DOM clobbering in auto public path
  • 9822387 test: fix
  • cbb86ed test: fix
  • 5ac3d7f fix: unexpected asi generation with sequence expression
  • 2411661 security: fix DOM clobbering in auto public path
  • b8c03d4 fix: unexpected asi generation with sequence expression
  • f46a03c revert: do not use heuristic fallback for "module-import"
  • 60f1898 fix: do not use heuristic fallback for "module-import"
  • 66306aa Revert "fix: module-import get fallback from externalsPresets"
  • Additional commits viewable in compare view

Updates semver from 7.5.4 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

Documentation

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Commits

Updates semver from 7.5.4 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

Documentation

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Commits

Updates semver from 7.5.4 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

@dependabot
chore(deps): bump the npm_and_yarn group across 7 directories with 6 …
6a040f4 
…updates

Bumps the npm_and_yarn group with 4 updates in the / directory: [hono](https://github.com/honojs/hono), [@hono/node-server](https://github.com/honojs/node-server), [axios](https://github.com/axios/axios) and [webpack](https://github.com/webpack/webpack).
Bumps the npm_and_yarn group with 1 update in the /examples/with-express directory: [semver](https://github.com/npm/node-semver).
Bumps the npm_and_yarn group with 1 update in the /examples/with-express-auth directory: [semver](https://github.com/npm/node-semver).
Bumps the npm_and_yarn group with 1 update in the /examples/with-express-csrf directory: [semver](https://github.com/npm/node-semver).
Bumps the npm_and_yarn group with 1 update in the /examples/with-hono directory: [semver](https://github.com/npm/node-semver).
Bumps the npm_and_yarn group with 1 update in the /examples/with-multiple-instances directory: [semver](https://github.com/npm/node-semver).
Bumps the npm_and_yarn group with 1 update in the /examples/with-nestjs-module directory: [tough-cookie](https://github.com/salesforce/tough-cookie).


Updates `hono` from 4.4.7 to 4.5.8
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.4.7...v4.5.8)

Updates `@hono/node-server` from 1.10.1 to 1.12.1
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v1.10.1...v1.12.1)

Updates `axios` from 1.6.0 to 1.7.4
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.6.0...v1.7.4)

Updates `webpack` from 5.88.2 to 5.94.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.88.2...v5.94.0)

Updates `semver` from 7.5.4 to 7.6.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.5.4...v7.6.3)

Updates `semver` from 7.5.4 to 7.6.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.5.4...v7.6.3)

Updates `semver` from 7.5.4 to 7.6.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.5.4...v7.6.3)

Updates `semver` from 7.5.4 to 7.6.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.5.4...v7.6.3)

Updates `semver` from 7.5.4 to 7.6.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.5.4...v7.6.3)

Updates `tough-cookie` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.1.3...v4.1.4)

---
updated-dependencies:
- dependency-name: hono
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@hono/node-server"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 22, 2024
@felixmosh felixmosh merged commit 0f698a9 into master Aug 22, 2024
4 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-6102967eb9 branch August 22, 2024 19:17
This was referenced Oct 2, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@felixmosh