Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates #1106

Merged
merged 1 commit into from
Feb 14, 2025
Merged

chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates #1106

merged 1 commit into from
Feb 14, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 5, 2025
edited
Loading

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package From To
semver 7.6.3 7.7.0
postcss 8.4.49 8.5.0
vue-i18n 9.14.0 9.14.2
vite 5.4.11 5.4.12
@intlify/core 9.14.0 9.14.2
cross-spawn 6.0.5 6.0.6
nanoid 3.3.7 3.3.8
store2 2.14.3 2.14.4
undici 5.28.4 5.28.5

Updates semver from 7.6.3 to 7.7.0

Release notes

Sourced from semver's releases.

v7.7.0

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

Changelog

Sourced from semver's changelog.

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

Commits
  • 2cfcbb5 chore: release 7.7.0 (#750)
  • d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
  • 753e02b chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747)
  • 8a34bde fix: add identifier validation to inc() (#754)
  • 0864b3c feat: add "release" inc type (#753)
  • 67e5478 docs(readme): added missing period for consistency (#756)
  • 868d4bb docs: clarify comment about obsolete prefixes (#749)
  • 145c554 chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0
  • 0b812d5 chore: postinstall for dependabot template-oss PR
  • 6502a15 chore: bump @​npmcli/template-oss from 4.23.1 to 4.23.3
  • Additional commits viewable in compare view

Updates postcss from 8.4.49 to 8.5.0

Release notes

Sourced from postcss's releases.

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

Changelog

Sourced from postcss's changelog.

Change Log

This project adheres to Semantic Versioning.

8.5.1

8.5 “Duke Alloces”

  • Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).
Commits

Updates vue-i18n from 9.14.0 to 9.14.2

Release notes

Sourced from vue-i18n's releases.

v9.14.2

What's Changed

🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v9.14.1...v9.14.2

v9.14.1

What's Changed

🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v9.14.0...v9.14.1

Commits

Updates vite from 5.4.11 to 5.4.12

Release notes

Sourced from vite's releases.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.12 (2025-01-20)

  • fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
  • fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
  • fix: verify token for HMR WebSocket connection (b71a5c8)
  • chore: add deps update changelog (ecd2375)
Commits
  • f428aa9 release: v5.4.12
  • 9da4abc fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
  • b71a5c8 fix: verify token for HMR WebSocket connection
  • dfea38f fix!: default server.cors: false to disallow fetching from untrusted origins
  • ecd2375 chore: add deps update changelog
  • See full diff in compare view

Updates @intlify/core from 9.14.0 to 9.14.2

Release notes

Sourced from @​intlify/core's releases.

v9.14.2

What's Changed

🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v9.14.1...v9.14.2

v9.14.1

What's Changed

🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v9.14.0...v9.14.1

Commits

Updates cross-spawn from 6.0.5 to 6.0.6

Changelog

Sourced from cross-spawn's changelog.

6.0.6 (2024-11-18)

Bug Fixes

Commits

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).
Commits

Updates store2 from 2.14.3 to 2.14.4

Commits

Updates undici from 5.28.4 to 5.28.5

Release notes

Sourced from undici's releases.

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 5, 2025
@dependabot dependabot bot mentioned this pull request Feb 5, 2025
Closed
@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 9 up…
724b5e7 
…dates

Bumps the npm_and_yarn group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [semver](https://github.com/npm/node-semver) | `7.6.3` | `7.7.0` |
| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.0` |
| [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) | `9.14.0` | `9.14.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.11` | `5.4.12` |
| [@intlify/core](https://github.com/intlify/vue-i18n/tree/HEAD/packages/core) | `9.14.0` | `9.14.2` |
| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `6.0.5` | `6.0.6` |
| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` |
| [store2](https://github.com/nbubna/store) | `2.14.3` | `2.14.4` |
| [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.28.5` |



Updates `semver` from 7.6.3 to 7.7.0
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.6.3...v7.7.0)

Updates `postcss` from 8.4.49 to 8.5.0
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.49...8.5.0)

Updates `vue-i18n` from 9.14.0 to 9.14.2
- [Release notes](https://github.com/intlify/vue-i18n/releases)
- [Changelog](https://github.com/intlify/vue-i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/intlify/vue-i18n/commits/v9.14.2/packages/vue-i18n)

Updates `vite` from 5.4.11 to 5.4.12
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.12/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.12/packages/vite)

Updates `@intlify/core` from 9.14.0 to 9.14.2
- [Release notes](https://github.com/intlify/vue-i18n/releases)
- [Changelog](https://github.com/intlify/vue-i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/intlify/vue-i18n/commits/v9.14.2/packages/core)

Updates `cross-spawn` from 6.0.5 to 6.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6)

Updates `nanoid` from 3.3.7 to 3.3.8
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.7...3.3.8)

Updates `store2` from 2.14.3 to 2.14.4
- [Commits](nbubna/store@2.14.3...2.14.4)

Updates `undici` from 5.28.4 to 5.28.5
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vue-i18n
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@intlify/core"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: store2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-9e65d91c72 branch from 3a7791e to 724b5e7 Compare February 5, 2025 10:18
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 5, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@superfeedboy superfeedboy merged commit b485339 into develop Feb 14, 2025
6 of 7 checks passed
@superfeedboy superfeedboy deleted the dependabot/npm_and_yarn/npm_and_yarn-9e65d91c72 branch February 14, 2025 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@superfeedboy