chore(deps): bump the npm_and_yarn group across 5 directories with 9 updates #3343
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…updates Bumps the npm_and_yarn group with 3 updates in the /docs/website directory: [postcss](https://github.com/postcss/postcss), [axios](https://github.com/axios/axios) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 2 updates in the /generator/rust directory: [braces](https://github.com/micromatch/braces) and [micromatch](https://github.com/micromatch/micromatch). Bumps the npm_and_yarn group with 3 updates in the /infra/dashboard directory: [axios](https://github.com/axios/axios), [next](https://github.com/vercel/next.js) and [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Bumps the npm_and_yarn group with 1 update in the /sdk/circomlib directory: [circom_tester](https://github.com/iden3/circom_tester). Bumps the npm_and_yarn group with 1 update in the /sdk/typescript/bitseed-sdk directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `postcss` from 8.4.45 to 8.4.46 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.45...8.4.46) Updates `axios` from 1.5.0 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.5.0...v1.7.4) Updates `next` from 13.4.19 to 14.2.21 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.19...v14.2.21) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `axios` from 1.3.4 to 1.7.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.5.0...v1.7.4) Updates `next` from 13.2.4 to 14.2.21 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.4.19...v14.2.21) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `circom_tester` from 0.0.19 to 0.0.20 - [Commits](iden3/circom_tester@v0.0.19...v0.0.20) Updates `snarkjs` from 0.5.0 to 0.7.5 - [Release notes](https://github.com/iden3/snarkjs/releases) - [Commits](iden3/snarkjs@v0.5.0...v0.7.5) Updates `vite` from 5.4.4 to 5.4.12 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.12/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.12/packages/vite) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: circom_tester dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: snarkjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
requested review from
Mine77,
geometryolife,
wow-sven and
yubing744
as code owners
dependabot
bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF ScorecardScorecard details
Scanned Files
|
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
bot
deleted the
dependabot/npm_and_yarn/docs/website/npm_and_yarn-981f2587ac
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 3 updates in the /docs/website directory: postcss, axios and next.
Bumps the npm_and_yarn group with 2 updates in the /generator/rust directory: braces and micromatch.
Bumps the npm_and_yarn group with 3 updates in the /infra/dashboard directory: axios, next and jsonwebtoken.
Bumps the npm_and_yarn group with 1 update in the /sdk/circomlib directory: circom_tester.
Bumps the npm_and_yarn group with 1 update in the /sdk/typescript/bitseed-sdk directory: vite.
Updates
postcssfrom 8.4.45 to 8.4.46Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
439d20eRelease 8.4.46 versionb93582fUpdate dependenciesc51e467Fix error on inserting node without raws in some cases829ae47Update dependencies5aaaec2Update remaining workflow jobs to use latest version of actions (#1968)Updates
axiosfrom 1.5.0 to 1.7.4Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7chore(release): v1.7.4 (#6544)6b6b605fix(sec): CVE-2024-39338 (#6539) (#6543)07a661afix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43chore(release): v1.7.3 (#6521)e3c76fcfix(adapter): fix progress event emitting; (#6518)85d4d0efix(fetch): fix withCredentials request config (#6505)92cd8edchore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fachore(release): v1.7.2 (#6414)4f79aeffix(fetch): enhance fetch API detection; (#6413)Updates
nextfrom 13.4.19 to 14.2.21Release notes
Sourced from next's releases.
Commits
2655f6ev14.2.218803d2bBackport (v14): Upgrade React from 14898b6a9 to 178c267a4e (#74115)6e35243chore(docs): add missingsearch: ''onremotePatterns(#73925) (#73927)54919d2chore(docs): update version history ofnext/image(#73926)049a690Backport: Fixunstable_allowDynamicwhen used with pnpm (#73765)663fa9cFix SWC and React versions for14-2-1branch (#73791)ed78a4av14.2.20530421d[backport] Fix/dedupe fetch clone (#73532)cbc62adv14.2.1992280dc[backport] Update max tag items limit in docs (#73445)Updates
bracesfrom 3.0.2 to 3.0.3Commits
74b2db23.0.388f1429update eslint. lint, fix unit tests.415d660Snyk js braces 6838727 (#40)190510ffix tests, skip 1 test in test/braces.expand716eb9freadme bumpa5851e5Merge pull request #37 from coderaiser/fix/vulnerability2092bd1feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cffix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9remove funding file665ab5dupdate keepEscaping doc (#27)Updates
micromatchfrom 4.0.5 to 4.0.8Release notes
Sourced from micromatch's releases.
Changelog
Sourced from micromatch's changelog.
Commits
8bd704e4.0.8a0e6841run verb to generate README documentation4ec2884Merge branch 'v4' into hauserkristof-feature/v4.0.803aa805Merge pull request #266 from hauserkristof/feature/v4.0.8814f5f7lint67fcce6fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3fix: CVE numbers in CHANGELOGd9dbd9afeat: updated CHANGELOG2ab1315fix: use actions/setup-node@v41406ea3feat: rework test to work on macos with node 10,12 and 14Updates
axiosfrom 1.3.4 to 1.7.4Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7chore(release): v1.7.4 (#6544)6b6b605fix(sec): CVE-2024-39338 (#6539) (#6543)07a661afix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43chore(release): v1.7.3 (#6521)e3c76fcfix(adapter): fix progress event emitting; (#6518)85d4d0efix(fetch): fix withCredentials request config (#6505)92cd8edchore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fachore(release): v1.7.2 (#6414)4f79aeffix(fetch): enhance fetch API detection; (#6413)Updates
nextfrom 13.2.4 to 14.2.21Release notes
Sourced from next's releases.
Commits
2655f6ev14.2.218803d2bBackport (v14): Upgrade React from 14898b6a9 to 178c267a4e (#74115)6e35243chore(docs): add missingsearch: ''onremotePatterns(#73925) (#73927)54919d2chore(docs): update version history ofnext/image(#73926)049a690Backport: Fixunstable_allowDynamicwhen used with pnpm (#73765)663fa9cFix SWC and React versions for14-2-1branch (#73791)ed78a4av14.2.20530421d[backport] Fix/dedupe fetch clone (#73532)cbc62adv14.2.1992280dc[backport] Update max tag items limit in docs (#73445)Updates
jsonwebtokenfrom 8.5.1 to 9.0.0Changelog
Sourced from jsonwebtoken's changelog.
Commits
e1fa9dcMerge pull request from GHSA-8cf7-32gw-wr335eaedbfchore(ci): remove github test actions job (#861)cd4163echore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)ecdf6ccfix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...8345030fix(sign&verify)!: Remove defaultnonesupport fromsignandverifymet...7e6a86bUpload OpsLevel YAML (#849)74d5719docs: update references vercel/ms references (#770)d71e383docs: document "invalid token" error3765003docs: fix spelling in README.md: Peak -> Peek (#754)a46097edocs: make decode impossible to discover before verifyMaintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.
Updates
circom_testerfrom 0.0.19 to 0.0.20Commits
21819aa0.0.2065ecff0depsf110b67Merge pull request #19 from iden3/fix/make-warningsc6a5e2eAdded inspect flag. Add missing prime flag for c_testere2d060fCode formatting. Changevartoletandconst1405005Merge branch 'main' into fix/make-warnings7f13f84Merge pull request #17 from nvnx7/main276e29bMerge branch 'main' into maina870064Merge pull request #13 from BlakeMScurr/patch-1d34af46Merge branch 'main' into patch-1Updates
snarkjsfrom 0.5.0 to 0.7.5Release notes
Sourced from snarkjs's releases.
Commits
0e0126f0.7.591c50cebuild8ceee1dUpdate ffjavascript and circom_runtime (#535)6519198fix groth16 verifier pub signals check (#518)99eb19eSupport for wtns calc and prover options (#517)9e6cfc2Update README.md (#529)0c580e5Fix spelling (#525)2c570a8actually use wasm options (#493)5ef268achore: Bump mocha from 10.2.0 to 10.7.3 (#515)8e43a6achore: Bump ws and puppeteer in /browser_tests (#513)Updates
vitefrom 5.4.4 to 5.4.12Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
f428aa9release: v5.4.129da4abcfix!: check host header to prevent DNS rebinding attacks and introduce `serve...b71a5c8fix: verify token for HMR WebSocket connectiondfea38ffix!: defaultserver.cors: falseto disallow fetching from untrusted originsecd2375chore: add deps update changelogc54c860release: v5.4.115f52bc8release: v5.4.107d1a3bcfix: backport #18367,augment hash for CSS files to prevent chromium erroring ...898d61frelease: v5.4.9508d9abfix: bump launch-editor-middleware to v2.9.1 (#18348)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.