Skip to content

Bump the npm_and_yarn group across 1 directory with 9 updates #432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 9 updates #432

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jun 24, 2025

Bumps the npm_and_yarn group with 8 updates in the /testui directory:

Package From To
bootstrap 4.1.3 5.0.0
dompurify 1.0.8 3.2.4
jquery 3.3.1 3.5.0
ajv 6.5.4 6.12.6
ansi-regex 3.0.0 3.0.1
braces 2.3.2 removed
webpack 4.20.2 5.99.9
webpack-cli 3.1.2 6.0.1

Updates bootstrap from 4.1.3 to 5.0.0

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

  • #32763: Add color-scheme mixin
  • #33389: Dropdown — Add option to make the dropdown menu clickable
  • #33549: Add offcanvas-top modifier

🎨 CSS

  • #32155: Add equal column mixin
  • #32763: Add color-scheme mixin
  • #33292: Make accordion icon rotation more natural
  • #33411: Fix validation feedback icon in select multiple
  • #33478: Make .nav-link color consistent when using buttons
  • #33482: Dropdown — Apply positioning only when Popper is not used
  • #33548: Vertically align offcanvas header components
  • #33549: Add offcanvas-top modifier
  • #33550: Spinner alignment changes
  • #33598: Hide validation icons from multiple selects
  • #33600: Have $form-check-input-border's default derive from $black
  • #33607: Reduce color-scheme complexity
  • #33642: use :read-only css selector instead [readonly] for consistency
  • #33658: fix: use list-group variable instead of alert
  • #33736: accordion: fix border-top on Firefox

☕️ JavaScript

  • #32439: Decouple BackDrop from modal
  • #33245: Decouple Modal's scrollbar functionality
  • #33249: Simplify Modal Config
  • #33250: Simplify ScrollSpy config
  • #33310: fix: make EventHandler better handle mouseenter/mouseleave events
  • #33389: Dropdown — Add option to make the dropdown menu clickable
  • #33429: Remove element event listeners through base component
  • #33451: Add missing things in hide method of dropdown
  • #33456: Use our isDisabled util on dropdown
  • #33466: Refactor dropdown's hide functionality
  • #33479: Fix dropdown escape propagation
  • #33496: Use cached noop function

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by mdo, a new releaser for bootstrap since your current version.


Updates dompurify from 1.0.8 to 3.2.4

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.4

  • Fixed a conditional and config dependent mXSS-style bypass reported by @​nsysean
  • Added a new feature to allow specific hook removal, thanks @​davecardwell
  • Added purify.js and purify.min.js to exports, thanks @​Aetherinox
  • Added better logic in case no window object is president, thanks @​yehuya
  • Updated some dependencies called out by dependabot
  • Updated license files etc to show the correct year

DOMPurify 3.2.3

DOMPurify 3.2.2

  • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @​yaniv-git
  • Fixed several minor issues with the type definitions, thanks again @​reduckted
  • Fixed a minor issue with the types reference for trusted types, thanks @​reduckted
  • Fixed a minor problem with the template detection regex on some systems, thanks @​svdb99

DOMPurify 3.2.1

DOMPurify 3.2.0

DOMPurify 3.1.7

  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
  • Added better support for Angular compiler, thanks @​jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua
  • Removed the foreignObject element from the list of HTML entry-points, thanks @​masatokinugawa
  • Bumped several dependencies to be more up to date

DOMPurify 3.1.6

  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @​kevin-mizu
  • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @​realansgar
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Fixed several minor typos in docs, comments and comment blocks, thanks @​Rotzbua
  • Updated several development dependencies

DOMPurify 3.1.5

  • Fixed a minor issue with the dist paths in bower.js, thanks @​HakumenNC
  • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @​kakao-bishop-cho

DOMPurify 3.1.4

  • Fixed an issue with the recently implemented isNaN checks, thanks @​tulach
  • Added several new popover attributes to allow-list, thanks @​Gigabyte5671
  • Fixed the tests and adjusted the test runner to cover all branches

... (truncated)

Commits
  • ec29e65 Merge pull request #1062 from cure53/main
  • 1c1b183 chore: Preparing 3.2.4 release
  • d18ffcb fix: Changed the template literal regex to avoid a config-dependent bypass
  • 0d64d2b Merge pull request #1060 from yehuya/initializeTestImprovements
  • 9ad7933 tests: DOMPurify custom window tests improvements
  • 72760ca Merge pull request #1059 from yehuya/fixMissingWindowElement
  • bc72d44 Fix tests
  • 363a89d fix: handle undefined Element in DOMPurify initialization
  • f41b45d Update LICENSE
  • b25bf26 Update README.md
  • Additional commits viewable in compare view

Updates jquery from 3.3.1 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits
  • 7a0a850 3.5.0
  • 8570a08 Release: Update AUTHORS.txt
  • da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
  • 065143c Ajax: Overwrite s.contentType with content-type header value, if any
  • 1a4f10d Tests: Blacklist one focusin test in IE
  • 9e15d6b Event: Use only one focusin/out handler per matching window & document
  • 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
  • 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
  • 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
  • 7506c9c Build: Resolve Travis config warnings
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.


Updates ajv from 6.5.4 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

  • dependencies option in to require the presence of keywords in the same schema.

... (truncated)

Commits
  • fe59143 6.12.6
  • d580d3e Merge pull request #1298 from ajv-validator/fix-url
  • fd36389 fix: regular expression for "url" format
  • 490e34c docs: link to v7-beta branch
  • 9cd93a1 docs: note about v7 in readme
  • 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
  • f1c8e45 6.12.5
  • 764035e Merge branch 'ChALkeR-chalker/fix-comma'
  • 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
  • a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
  • Additional commits viewable in compare view

Updates ansi-regex from 3.0.0 to 3.0.1

Commits

Removes braces

Updates webpack from 4.20.2 to 5.99.9

Release notes

Sourced from webpack's releases.

v5.99.9

Fixes

  • HMR might fail if there are new initial chunks
  • Destructuring namespace import with default
  • Destructuring namespace import with computed-property
  • Generate valid code for es export generation for multiple module entries
  • Fixed public path issue for ES modules
  • Asset modules work when lazy compilation used
  • Eliminate unused statements in certain scenarios
  • Fixed regression with location and order of dependencies
  • Fixed typescript types

v5.99.8

Fixes

  • Fixed type error with latest @types/node
  • Fixed typescript types

v5.99.7

Fixes

  • Don't skip export generation for default reexport (#19463)
  • Fixed module library export generation for reexport (#19459)
  • Avoid module concatenation in child compilation for module library (#19457)
  • Ensure HMR recover gracefully when CSS module with error
  • Respect cause of any errors and errors of AggregateError in stats output
  • Added missing @types/json-schema in types

v5.99.6

Fixes

  • Respect public path for ES modules
  • Fixed generation of module for module library when mixing commonjs and esm modules
  • Always apply FlagDependencyExportsPlugin for libraries where it required
  • Faster logic for dead control flow
  • Typescript types

v5.99.5

Fixes

  • Control dead flow for labeled and blockless statements

v5.99.4

Fixes

  • Fixed terminated state for if/else

v5.99.3

Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.


Updates webpack-cli from 3.1.2 to 6.0.1

Release notes

Sourced from webpack-cli's releases.

v6.0.1

6.0.1 (2024-12-20)

Bug Fixes

v6.0.0

6.0.0 (2024-12-19)

BREAKING CHANGES

  • the minimum required Node.js version is 18.12.0
  • removed init, loader and plugin commands in favor create-webpack-app
  • dropped support for webpack-dev-server@v4
  • minimum supported webpack version is 5.82.0
  • The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

Features

  • output pnpm version with info/version command (#3906) (38f3c6f)

v5.1.4

5.1.4 (2023-06-07)

Bug Fixes

  • multi compiler progress output (f659624)

v5.1.3

5.1.3 (2023-06-04)

Bug Fixes

v5.1.2

5.1.2 (2023-06-04)

Bug Fixes

  • improve check for custom webpack and webpack-dev-server package existance (0931ab6)

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

6.0.1 (2024-12-20)

Bug Fixes

6.0.0 (2024-12-19)

BREAKING CHANGES

  • the minimum required Node.js version is 18.12.0
  • removed init, loader and plugin commands in favor create-webpack-app
  • dropped support for webpack-dev-server@v4
  • minimum supported webpack version is 5.82.0
  • The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

Features

  • output pnpm version with info/version command (#3906) (38f3c6f)

5.1.4 (2023-06-07)

Bug Fixes

  • multi compiler progress output (f659624)

5.1.3 (2023-06-04)

Bug Fixes

5.1.2 (2023-06-04)

Bug Fixes

  • improve check for custom webpack and webpack-dev-server package existance (0931ab6)
  • improve help for some flags (f468614)
  • improved support for .cts and .mts extensions (a77daf2)

5.1.1 (2023-05-09)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-cli since your current version.


Updates serialize-javascript from 1.5.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

  • fix: serialize URL string contents to prevent XSS (#173) f27d65d
  • Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0
  • docs: update readme with URL support (#146) 0d88527
  • chore: update node version and lock file e2a3a91
  • fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

v6.0.0

Changelog

  • Add support for URL's (#123)
  • Bump mocha from 9.0.0 to 9.0.1 (#124)
  • Bump mocha from 8.4.0 to 9.0.0 (#121)
  • Update Node.js CI matrix (#122)
  • Bump mocha from 8.3.2 to 8.4.0 (#120)
  • Bump lodash from 4.17.19 to 4.17.21 (#119)
  • Bump y18n from 4.0.0 to 4.0.1 (#116)
  • Bump chai from 4.3.3 to 4.3.4 (#115)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 9 updates
715b1a4 
Bumps the npm_and_yarn group with 8 updates in the /testui directory:

| Package | From | To |
| --- | --- | --- |
| [bootstrap](https://github.com/twbs/bootstrap) | `4.1.3` | `5.0.0` |
| [dompurify](https://github.com/cure53/DOMPurify) | `1.0.8` | `3.2.4` |
| [jquery](https://github.com/jquery/jquery) | `3.3.1` | `3.5.0` |
| [ajv](https://github.com/ajv-validator/ajv) | `6.5.4` | `6.12.6` |
| [ansi-regex](https://github.com/chalk/ansi-regex) | `3.0.0` | `3.0.1` |
| [braces](https://github.com/micromatch/braces) | `2.3.2` | `removed` |
| [webpack](https://github.com/webpack/webpack) | `4.20.2` | `5.99.9` |
| [webpack-cli](https://github.com/webpack/webpack-cli) | `3.1.2` | `6.0.1` |



Updates `bootstrap` from 4.1.3 to 5.0.0
- [Release notes](https://github.com/twbs/bootstrap/releases)
- [Commits](twbs/bootstrap@v4.1.3...v5.0.0)

Updates `dompurify` from 1.0.8 to 3.2.4
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@1.0.8...3.2.4)

Updates `jquery` from 3.3.1 to 3.5.0
- [Release notes](https://github.com/jquery/jquery/releases)
- [Changelog](https://github.com/jquery/jquery/blob/main/changelog.md)
- [Commits](jquery/jquery@3.3.1...3.5.0)

Updates `ajv` from 6.5.4 to 6.12.6
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v6.5.4...v6.12.6)

Updates `ansi-regex` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v3.0.0...v3.0.1)

Removes `braces`

Updates `webpack` from 4.20.2 to 5.99.9
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v4.20.2...v5.99.9)

Updates `webpack-cli` from 3.1.2 to 6.0.1
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.1.2...webpack-cli@6.0.1)

Updates `serialize-javascript` from 1.5.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v1.5.0...v6.0.2)

---
updated-dependencies:
- dependency-name: bootstrap
  dependency-version: 5.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.2.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jquery
  dependency-version: 3.5.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-version: 6.12.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ansi-regex
  dependency-version: 3.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.99.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: webpack-cli
  dependency-version: 6.0.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 6.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant