Skip to content

Bump the npm_and_yarn group across 1 directory with 8 updates #644

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 8 updates #644

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 27, 2025
edited
Loading

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package From To
pdfjs-dist 4.2.67 4.10.38
socket.io-client 2.5.0 4.8.1
tinymce 5.10.9 7.2.0
@dashersw/node-discover 1.0.5 1.0.6
braces 3.0.2 3.0.3
engine.io 3.6.1 3.6.2
tar 6.1.15 6.2.1

Updates pdfjs-dist from 4.2.67 to 4.10.38

Release notes

Sourced from pdfjs-dist's releases.

v4.10.38

This release contains improvements for accessibility, the annotation editor, font conversion, performance, SMasks and the viewer.

Changes since v4.9.155

v4.9.155

... (truncated)

Commits
  • f9bea39 Merge pull request #19273 from Snuffleupagus/NetworkManager-request-methods
  • 01240fd Remove the requestRange/requestFull methods from the NetworkManager class
  • f19b0a1 Merge pull request #19271 from Snuffleupagus/l10n-update
  • 93ce29f Update l10n files
  • 61c3ed4 Merge pull request #19269 from Snuffleupagus/image-hasMask
  • 20d5332 For images that include SMask/Mask entries, ignore an SMask defined in the cu...
  • 8a50d2d Merge pull request #19259 from Snuffleupagus/more-wrapReason
  • 91d8017 Merge pull request #19262 from Snuffleupagus/CompiledFont-assert-fontMatrix
  • 5b94c86 Merge pull request #19263 from Snuffleupagus/Type2Compiled-fix-glyphNameMap
  • b4abfec Merge pull request #19260 from Snuffleupagus/src-core-simplify-ifs
  • Additional commits viewable in compare view

Updates socket.io-client from 2.5.0 to 4.8.1

Release notes

Sourced from socket.io-client's releases.

socket.io-client@4.8.1

Bug Fixes

  • bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

socket.io-client@4.8.0

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:

import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});

Here is the list of provided implementations:

Transport Description
Fetch HTTP long-polling based on the built-in fetch() method.
NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.
XHR HTTP long-polling based on the built-in XMLHttpRequest object.
NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.
WebSocket WebSocket transport based on the built-in WebSocket object.
WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun
Fetch ✅ (1)
NodeXHR
XHR
NodeWebSocket
WebSocket ✅ (2)
WebTransport

(1) since v18.0.0

... (truncated)

Commits
  • 8d5528a chore(release): socket.io-client@4.8.1
  • 71387e5 refactor(sio-client): reexport transports from the engine
  • aead835 refactor(sio): make Namespace._fns private (#5196)
  • 029e010 chore(release): engine.io-client@6.6.2
  • 4ca6ddb docs(nuxt): update example with latest version
  • ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
  • 4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
  • d4b3dde ci: use Node.js 22
  • 3b68658 chore: bump @​fails-components/webtransport to version 1.1.4 (dev)
  • 175a2c5 fix(eio-client/types): remove ws type from .d.ts file
  • Additional commits viewable in compare view

Updates tinymce from 5.10.9 to 7.2.0

Changelog

Sourced from tinymce's changelog.

7.2.0 - 2024-06-19

Added

  • Added options.debug API that logs the initial raw editor options to console. #TINY-10605
  • Added referrerpolicy as a valid attribute for an iframe element. #TINY-10374
  • New onInit and stretched properties to the HtmlPanel dialog component. #TINY-10900
  • Added support for querying the state of the mceTogglePlainTextPaste command. #TINY-10938
  • Added for option to dialog label components to improve accessibility. The value must be another component on the same dialog. #TINY-10971

Improved

  • Dialog slider components now emit an onChange event when using arrow keys. #TINY-10428
  • Accessibility for element path buttons, added tooltip to describe the button and removed incorrect aria-level attribute. #TINY-10891
  • Improve merging of inserted inline elements by removing nodes with redundant inheritable styles. #TINY-10869
  • Improved Find & Replace dialog accessibility by changing placeholders to labels. #TINY-10871

Changed

  • Replaced tiny branding logo with Build with TinyMCE text and logo. #TINY-11001

Fixed

  • Deleting in a div with preceeding br elements would sometimes throw errors. #TINY-10840
  • autoresize_bottom_margin was not reliably applied in some situations. #TINY-10793
  • Fixed cases where adding a newline around a br, table or img would not move the cursor to a new line. #TINY-10384
  • Focusing on contenteditable="true" element when using editable_root: false and inline mode causing selection to be shifted. #TINY-10820
  • Corrected the role attribute on listbox dialog components to combobox when there are no nested menu items. #TINY-10807
  • HTML entities that were double decoded in noscript elements caused an XSS vulnerability. #TINY-11019
  • It was possible to inject XSS HTML that was not matching the regexp when using the noneditable_regexp option. #TINY-11022

7.1.2 - 2024-06-05

Fixed

  • CSS color values set to transparent were incorrectly converted to '#000000`. #TINY-10916

7.1.1 - 2024-05-22

Fixed

  • Insert/Edit image dialog lost focus after the image upload completed. #TINY-10885
  • Deleting into a list from a paragraph that has an img tag could cause extra inline styles to be added. #TINY-10892
  • Resolved an issue where emojis configured with the emojiimages database were not loading correctly due to a broken CDN. #TINY-10878
  • Iframes in dialogs were not rendering rounded borders correctly. #TINY-10901
  • Autocompleter possible values are no longer capped at a length of 10. #TINY-10942

7.1.0 - 2024-05-08

Added

  • Parser support for math elements. #TINY-10809
  • New math-equation icon. #TINY-10804

Improved

  • Included itemprop, itemscope and itemtype as valid HTML5 attributes in the core schema. #TINY-9932
  • Notification accessibility improvements: added tooltips, keyboard navigation and shortcut to focus on notifications. #TINY-6925

... (truncated)

Commits
  • 754e390 TINY-10860: Prepare for 7.2 release (#9715)
  • a9fb858 TINY-11019 & TINY-11022: Fixed issues with noscript encoding and noneditable_...
  • 3fae00c TINY-10807: Use role="combobox" for flat ListBox components (#9665)
  • e7ef3b6 TINY-10871: replace placeholders with labels in Find & Replace dialog (#9689)
  • 6ce11b6 TINY-10936: Merge release to main (#9685)
  • 5fa376a TINY-11001: Replaced tiny branding logo (#9683)
  • c42efc2 TINY-10938: Added query command for paste as plaintext status. (#9651)
  • 70cff12 TINY-10971: introduce optional label for property (#9681)
  • 054671e TINY-10891: Add tooltips to element path (#9676)
  • 465fbbe TINY-10869: Improve merging inserted nested inline elements (#9658)
  • Additional commits viewable in compare view

Updates @dashersw/node-discover from 1.0.5 to 1.0.6

Commits

Updates braces from 3.0.2 to 3.0.3

Commits

Updates engine.io from 3.6.1 to 3.6.2

Commits

Updates ws from 7.4.6 to 7.5.9

Release notes

Sourced from ws's releases.

7.5.9

Bug fixes

  • Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

  • Backported 0fdcc0af to the 7.x release line (2758ed35).
  • Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

  • Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

  • Backported b8186dd1 to the 7.x release line (73dec34b).
  • Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

  • Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

  • Backported 6a72da3e to the 7.x release line (76087fbf).
  • Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

  • The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).
  • Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).
  • Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

  • The opening handshake is now aborted if the client receives a Sec-WebSocket-Extensions header but no extension was requested or if the server indicates an extension not requested by the client (aca94c86).

... (truncated)

Commits
  • 8a78f87 [dist] 7.5.9
  • 0435e6e [security] Fix same host check for ws+unix: redirects
  • 4271f07 [dist] 7.5.8
  • dc1781b [security] Drop sensitive headers when following insecure redirects
  • 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
  • a370613 [dist] 7.5.7
  • 1f72e2e [security] Drop sensitive headers when following redirects (#2013)
  • 8ecd890 [dist] 7.5.6
  • 22a26af [fix] Resume the socket in the CLOSING state
  • 73dec34 [fix] Do not throw if the redirect URL is invalid
  • Additional commits viewable in compare view

Updates tar from 6.1.15 to 6.2.1

Changelog

Sourced from tar's changelog.

Changelog

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

  • Add support for brotli compression
  • Add maxDepth option to prevent extraction into excessively deep folders.

6.1

  • remove dead link to benchmarks (#313) (@​yetzt)
  • add examples/explanation of using tar.t (@​isaacs)
  • ensure close event is emited after stream has ended (@​webark)

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 27, 2025
@dependabot dependabot bot mentioned this pull request Feb 27, 2025
Closed
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-c0fa99cc97 branch 2 times, most recently from daa2fbc to bb87544 Compare March 13, 2025 15:36
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-c0fa99cc97 branch 2 times, most recently from 89b23bb to 700cb7b Compare March 28, 2025 12:07
@dependabot
Bump the npm_and_yarn group across 1 directory with 8 updates
1b984bb 
Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pdfjs-dist](https://github.com/mozilla/pdf.js) | `4.2.67` | `4.10.38` |
| [socket.io-client](https://github.com/socketio/socket.io) | `2.5.0` | `4.8.1` |
| [tinymce](https://github.com/tinymce/tinymce/tree/HEAD/modules/tinymce) | `5.10.9` | `7.2.0` |
| [@dashersw/node-discover](https://github.com/wankdanker/node-discover) | `1.0.5` | `1.0.6` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [engine.io](https://github.com/socketio/socket.io) | `3.6.1` | `3.6.2` |
| [tar](https://github.com/isaacs/node-tar) | `6.1.15` | `6.2.1` |



Updates `pdfjs-dist` from 4.2.67 to 4.10.38
- [Release notes](https://github.com/mozilla/pdf.js/releases)
- [Commits](mozilla/pdf.js@v4.2.67...v4.10.38)

Updates `socket.io-client` from 2.5.0 to 4.8.1
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/2.5.0...socket.io-client@4.8.1)

Updates `tinymce` from 5.10.9 to 7.2.0
- [Changelog](https://github.com/tinymce/tinymce/blob/main/modules/tinymce/CHANGELOG.md)
- [Commits](https://github.com/tinymce/tinymce/commits/7.2.0/modules/tinymce)

Updates `@dashersw/node-discover` from 1.0.5 to 1.0.6
- [Commits](https://github.com/wankdanker/node-discover/commits)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `engine.io` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/commits)

Updates `ws` from 7.4.6 to 7.5.9
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.4.6...7.5.9)

Updates `tar` from 6.1.15 to 6.2.1
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.15...v6.2.1)

---
updated-dependencies:
- dependency-name: pdfjs-dist
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: socket.io-client
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: tinymce
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@dashersw/node-discover"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: engine.io
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-c0fa99cc97 branch from 700cb7b to 1b984bb Compare March 28, 2025 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants