Skip to content

Bump the npm_and_yarn group across 1 directory with 8 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 8 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 24, 2024
edited by codeant-ai bot
Loading

User description

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package From To
next 13.0.0 14.2.10
sharp 0.31.2 0.32.6
axios 0.26.1 removed
openai 3.1.0 4.73.0
braces 3.0.2 3.0.3
semver 6.3.0 7.6.3
json5 1.0.1 1.0.2

Updates next from 13.0.0 to 14.2.10

Commits

Updates sharp from 0.31.2 to 0.32.6

Changelog

Sourced from sharp's changelog.

v0.32.6 - 18th September 2023

  • Upgrade to libvips v8.14.5 for upstream bug fixes.

  • Ensure composite tile images are fully decoded (regression in 0.32.0). #3767

  • Ensure withMetadata can add ICC profiles to RGB16 output. #3773

  • Ensure withMetadata does not reduce 16-bit images to 8-bit (regression in 0.32.5). #3773

  • TypeScript: Add definitions for block and unblock. #3799 @​ldrick

v0.32.5 - 15th August 2023

  • Upgrade to libvips v8.14.4 for upstream bug fixes.

  • TypeScript: Add missing WebpPresetEnum to definitions. #3748 @​pilotso11

  • Ensure compilation using musl v1.2.4. #3755 @​kleisauke

  • Ensure resize with a fit of inside respects 90/270 degree rotation. #3756

  • TypeScript: Ensure minSize property of WebpOptions is boolean. #3758 @​sho-xizz

  • Ensure withMetadata adds default sRGB profile. #3761

v0.32.4 - 21st July 2023

  • Upgrade to libvips v8.14.3 for upstream bug fixes.

  • Expose ability to (un)block low-level libvips operations by name.

  • Prebuilt binaries: restore support for tile-based output. #3581

v0.32.3 - 14th July 2023

... (truncated)

Commits

Updates postcss from 8.4.19 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

8.4.21

8.4.20

  • Fixed source map generation for childless at-rules like @layer.
Changelog

Sourced from postcss's changelog.

8.4.31

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

  • Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

  • Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

  • Fixed source map generation for childless at-rules like @layer.
Commits

Removes axios

Updates openai from 3.1.0 to 4.73.0

Release notes

Sourced from openai's releases.

v4.73.0

4.73.0 (2024-11-20)

Full Changelog: v4.72.0...v4.73.0

Features

  • api: add gpt-4o-2024-11-20 model (#1201) (0feeafd)
  • bump model in all example snippets to gpt-4o (6961c37)

Bug Fixes

  • docs: add missing await to pagination example (#1190) (524b9e8)

Chores

Documentation

v4.72.0

4.72.0 (2024-11-12)

Full Changelog: v4.71.1...v4.72.0

Features

  • add back deno runtime testing without type checks (1626cf5)

Chores

v4.71.1

4.71.1 (2024-11-06)

Full Changelog: v4.71.0...v4.71.1

Bug Fixes

... (truncated)

Changelog

Sourced from openai's changelog.

4.73.0 (2024-11-20)

Full Changelog: v4.72.0...v4.73.0

Features

  • api: add gpt-4o-2024-11-20 model (#1201) (0feeafd)
  • bump model in all example snippets to gpt-4o (6961c37)

Bug Fixes

  • docs: add missing await to pagination example (#1190) (524b9e8)

Chores

Documentation

4.72.0 (2024-11-12)

Full Changelog: v4.71.1...v4.72.0

Features

  • add back deno runtime testing without type checks (1626cf5)

Chores

4.71.1 (2024-11-06)

Full Changelog: v4.71.0...v4.71.1

Bug Fixes

  • change release please configuration for jsr.json (#1174) (c39efba)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by dschnurr-openai, a new releaser for openai since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits

Updates semver from 6.3.0 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

Documentation

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.


Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Description

  • Updated next package from version 13.0.0 to 14.2.10 to include the latest features and fixes.
  • Updated openai package from version 3.1.0 to 4.73.0 for improved functionality.
  • Updated sharp package from version 0.31.2 to 0.32.6 for better performance and bug fixes.

Changes walkthrough

Relevant files
Dependencies
package.json
Update package dependencies in package.json                                       

package.json

  • Updated next package from version 13.0.0 to 14.2.10.
  • Updated openai package from version 3.1.0 to 4.73.0.
  • Updated sharp package from version 0.31.2 to 0.32.6.
    		•  +3/-3     
    💡 Usage Guide

    Checking Your Pull Request

    Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

    Talking to CodeAnt AI

    Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

    @codeant-ai ask: Your question here

    This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

    Retrigger review

    Ask CodeAnt AI to review the PR again, by typing:

    @codeant-ai: review

    Check Your Repository Health

    To analyze the health of your code repository, visit our dashboard at app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

    @dependabot
    Bump the npm_and_yarn group across 1 directory with 8 updates
    d7d4da7 
    Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [next](https://github.com/vercel/next.js) | `13.0.0` | `14.2.10` |
| [sharp](https://github.com/lovell/sharp) | `0.31.2` | `0.32.6` |
| [axios](https://github.com/axios/axios) | `0.26.1` | `removed` |
| [openai](https://github.com/openai/openai-node) | `3.1.0` | `4.73.0` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [semver](https://github.com/npm/node-semver) | `6.3.0` | `7.6.3` |
| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |



Updates `next` from 13.0.0 to 14.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v13.0.0...v14.2.10)

Updates `sharp` from 0.31.2 to 0.32.6
- [Release notes](https://github.com/lovell/sharp/releases)
- [Changelog](https://github.com/lovell/sharp/blob/main/docs/changelog.md)
- [Commits](lovell/sharp@v0.31.2...v0.32.6)

Updates `postcss` from 8.4.19 to 8.4.31
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.19...8.4.31)

Removes `axios`

Updates `openai` from 3.1.0 to 4.73.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](openai/openai-node@v3.1.0...v4.73.0)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `semver` from 6.3.0 to 7.6.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v6.3.0...v7.6.3)

Updates `json5` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: sharp
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: openai
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 24, 2024
    @cr-gpt
    Copy link

    cr-gpt bot commented Nov 24, 2024

    Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

    @codeant-ai codeant-ai bot added the size:XL This PR changes 500-999 lines, ignoring generated files label Nov 24, 2024
    @codeant-ai
    Copy link

    codeant-ai bot commented Nov 24, 2024

    Things to consider 🐛

    • The update of the "next" package from version "13.0.0" to "14.2.10" (line 16) might introduce breaking changes or require additional configuration changes. Ensure that the application is compatible with the new version and that any breaking changes in the "next" framework are addressed.

    • The update of the "openai" package from version "^3.1.0" to "^4.73.0" (line 17) could introduce breaking changes or new API methods. Verify that the code using the "openai" package is compatible with the new version and that any deprecated or changed methods are updated accordingly.

    codeant-ai[bot]
    codeant-ai bot reviewed Nov 24, 2024
    View reviewed changes
    package.json
    "lru-cache": "^7.14.1",
    "next": "13.0.0",
    "openai": "^3.1.0",
    "next": "14.2.10",
    Copy link

    @codeant-ai codeant-ai bot Nov 24, 2024

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    Suggestion: Verify compatibility of the updated "next" version with other dependencies and the existing codebase to prevent potential integration issues. [compatibility]

    Suggested change
    "next": "14.2.10",

    package.json
    "next": "13.0.0",
    "openai": "^3.1.0",
    "next": "14.2.10",
    "openai": "^4.73.0",
    Copy link

    @codeant-ai codeant-ai bot Nov 24, 2024

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    Suggestion: Check if the new version of "openai" introduces any breaking changes or requires code adjustments. [compatibility]

    Suggested change
    "openai": "^4.73.0",

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

    Reviewers

    @codeant-ai codeant-ai[bot] codeant-ai[bot] left review comments

    Assignees

    No one assigned

    Labels

    dependencies Pull requests that update a dependency file size:XL This PR changes 500-999 lines, ignoring generated files

    Projects

    None yet

    Milestone

    No milestone

    Development

    Successfully merging this pull request may close these issues.

    0 participants