build(deps): bump the npm_and_yarn group across 4 directories with 12 updates #10

dependabot · 2024-04-04T16:49:28Z

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
deep-object-diff	`1.1.7`	`1.1.9`
immer	`9.0.16`	`10.0.4`
vite	`2.9.15`	`2.9.18`
node-fetch	`3.2.10`	`3.3.0`
undici	`5.12.0`	`5.28.4`
express	`4.18.2`	`4.19.2`
fast-jwt	`3.1.1`	`3.3.2`
minimatch	`6.1.6`	`9.0.4`
zod	`3.21.4`	`3.22.3`

Bumps the npm_and_yarn group with 3 updates in the /examples/standard-nextjs directory: follow-redirects, next and postcss.
Bumps the npm_and_yarn group with 2 updates in the /packages/console directory: immer and vite.
Bumps the npm_and_yarn group with 4 updates in the /packages/sst directory: immer, undici, fast-jwt and minimatch.

Updates deep-object-diff from 1.1.7 to 1.1.9

Release notes

Sourced from deep-object-diff's releases.

v1.1.9

Vulnerability patch

Details outlined here: #85. TLDR: The prototype of the returned diff object could be polluted but not globally on all objects.

Fix: mattphillips/deep-object-diff#87

Thanks @Retr02332 for highlighting the issue and validating the fix.

This vulnerability was introduced in https://github.com/mattphillips/deep-object-diff/releases/tag/v1.1.6

v1.1.8

Patch

Fix typings resolution when using TypeScript 4.7+ with ESM #83

improve return type for detailedDiff #72

Credits

Thanks @Nitive and @icholy for your PRs

Commits

See full diff in compare view

Updates immer from 9.0.16 to 10.0.4

Release notes

Sourced from immer's releases.

v10.0.4

10.0.4 (2024-03-09)

Bug Fixes

Fix handling of Symbol and non-enumerable properties in finalization / freeze. Fixes #1096, #1087, #1091 (#1105)) (8949a3e)

v10.0.3

10.0.3 (2023-10-02)

Bug Fixes

don't use .mjs file for react-native, which isn't supported by default. Fixes #1058 #1065 (#1075) (f6736a4)

v10.0.2

10.0.2 (2023-05-09)

Bug Fixes

export Objectish type (#1043) (75e004d)

Move index.js.flow from dist/ -> dist/cjs/ to match index.js (#1038) (a3b5603)

v10.0.1

10.0.1 (2023-04-17)

Bug Fixes

production bundle was loaded incorrectly, fixes #1037 (707e72b)

v10.0.0

10.0.0 (2023-04-17)

Release notes

[breaking change] Immer 10 only supports modern browsers, that have support for Proxy, Reflect, Symbol and Map and Set.

[breaking change] There is no longer a UMD build exposed (thanks Mark Erikson for modernizing the build setup in #1032!

[breaking change] getters and setters are ignored by default on plain object, as this is a very uncommon case and provides a significant performance boost (ca 33%, but depends a lot on the scenario). Fixes #867, #1012. Thanks hrsh7th for implementing it in #941!

[breaking change] Promise based reducers are no longer supported. Conceptually it is an anti pattern to hold on to drafts over time. If needed the old behavior can still be achieved by leveraging createDraft and finishDraft.

[breaking change] ES5 mode (for legacy browsers) has been dropped. If your project relies on enableES5(), you SHOULD NOT upgrade Immer. enableES5 has been removed.

[breaking change] produce is no longer exposed as the default export. This improves eco system compatibility, and makes sure that there is only one correct way of doing things

[breaking change] enableAllPlugins has been removed, use enablePatches(); enableMapSet() instead

[breaking change] shortening the length of a JSON array now results in delete patches, rather than a mutation of the length property, in accordance with JSON spec. Thanks kshramt for implementing this in #964!

Immer is now an ESM package that can be directly imported into the browser. CJS should still work, UMD support has been removed.

Overall, there is a rough performance increase of 33% for Immer (and in some cases significantly higher), and the (non gzipped) bundle size has reduced from 16 to 11.5 KB, while the the minimal gzipped import of just produce has remained roughly the same at 3.3 KB.

... (truncated)

Commits

8949a3e fix: Fix handling of Symbol and non-enumerable properties in finalization / f...
44363f7 chore: remove dependency on spec.ts to fix build issue (#1104)
8fd0481 chore(deps): bump postcss from 8.4.20 to 8.4.31 in /website (#1076)
8f35846 chore(deps): bump semver from 5.7.1 to 5.7.2 (#1055)
1c82d1e chore(deps): bump semver from 5.7.1 to 5.7.2 in /website (#1054)
a92242b chore: Update question.md. Fixes #1089
f6736a4 fix: don't use .mjs file for react-native, which isn't supported by default...
75e004d fix: export Objectish type (#1043)
a3b5603 fix: Move index.js.flow from dist/ -> dist/cjs/ to match index.js (#1038)
327082c chore(deps): bump ajv from 6.11.0 to 6.12.6 (#1036)
Additional commits viewable in compare view

Updates vite from 2.9.15 to 2.9.18

Changelog

Sourced from vite's changelog.

2.9.18 (2024-03-24)

fix: port #15653 to v2 (#15657) (1f855dc), closes #15653 #15657

fix: port #16250 to v2 (#16254) (011bbca), closes #16250 #16254

release: v2.9.17 (bfc5649)

2.9.17 (2024-01-19)

fix: port #15653 to v2 (#15657) (1f855dc), closes #15653 #15657

2.9.16 (2023-05-26)

fix: port #13348 to v2, fs.deny with leading double slash (#13350) (7d8100a), closes #13348 #13350

Commits

5936352 release: v2.9.18
011bbca fix: port #16250 to v2 (#16254)
bfc5649 release: v2.9.17
1f855dc fix: port #15653 to v2 (#15657)
ea814d7 release: v2.9.16
7d8100a fix: port #13348 to v2, fs.deny with leading double slash (#13350)
See full diff in compare view

Updates node-fetch from 3.2.10 to 3.3.0

Release notes

Sourced from node-fetch's releases.

v3.3.0

3.3.0 (2022-11-10)

Features

add static Response.json (#1670) (55a4870)

Commits

55a4870 feat: add static Response.json (#1670)
c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
6f72caa docs: fix missing comma in example (#1623)
See full diff in compare view

Updates undici from 5.12.0 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260

Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

New Contributors

@bugb made their first contribution in nodejs/undici#2470

@gebsh made their first contribution in nodejs/undici#2455

@ToshB made their first contribution in nodejs/undici#2477

@MzUgM made their first contribution in nodejs/undici#2478

@matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

perf: Improve normalizeMethod by @tsctx in nodejs/undici#2456

fix: dispatch error handling by @ronag in nodejs/undici#2459

... (truncated)

Commits

fb98306 Bumped v5.28.4
2b39440 Merge pull request from GHSA-9qxr-qj54-h672
64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
0e9d54b skip failing test due to Node.js changes
e71cb4c Bumped v5.28.3
20c65b8 Fix tests for Node.js v20.11.0 (#2618)
8ec52cd Fix tests for Node.js v21 (#2609)
d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
9a14e5f Bumped v5.28.2
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates fast-jwt from 3.1.1 to 3.3.2

Release notes

Sourced from fast-jwt's releases.

v3.3.2

What's Changed

[OPTIC-RELEASE-AUTOMATION] release/v3.3.1 by @optic-release-automation in nearform/fast-jwt#390

fix: add missingRequiredClaim to TokenValidationErrorCode by @TimLehner in nearform/fast-jwt#403

fix(typescript): fix typescript type DecodedJwt by @qoomon in nearform/fast-jwt#407

New Contributors

@TimLehner made their first contribution in nearform/fast-jwt#403

@qoomon made their first contribution in nearform/fast-jwt#407

Full Changelog: nearform/fast-jwt@v3.3.1...v3.3.2

v3.3.1

What's Changed

[OPTIC-RELEASE-AUTOMATION] release/v3.3.0 by @optic-release-automation in nearform/fast-jwt#382

fix: removed pre publish step by @williamlines in nearform/fast-jwt#385

Full Changelog: nearform/fast-jwt@v3.3.0...v3.3.1

v3.3.0

What's Changed

[OPTIC-RELEASE-AUTOMATION] release/v3.2.0 by @optic-release-automation in nearform/fast-jwt#367

chore(deps-dev): bump tsd from 0.28.1 to 0.29.0 by @dependabot in nearform/fast-jwt#371

chore: drop support for Node 14 by @simoneb in nearform/fast-jwt#378

perf: use node: prefix to bypass require.cache call for builtins by @Fdawgs in nearform/fast-jwt#375

Allow expiresIn to be a string by @felixmosh in nearform/fast-jwt#376

New Contributors

@Fdawgs made their first contribution in nearform/fast-jwt#375

@felixmosh made their first contribution in nearform/fast-jwt#376

Full Changelog: nearform/fast-jwt@v3.2.0...v3.3.0

v3.2.0

What's Changed

[OPTIC-RELEASE-AUTOMATION] release/v3.1.1 by @optic-release-automation in nearform/fast-jwt#345

chore(deps-dev): bump @sinonjs/fake-timers from 10.2.0 to 11.0.0 by @dependabot in nearform/fast-jwt#346

chore: update dependabot config by @williamlines in nearform/fast-jwt#349

chore(deps-dev): bump prettier from 2.8.8 to 3.0.0 by @dependabot in nearform/fast-jwt#353

support notBefore and expiresIn as strings by @relvao in nearform/fast-jwt#364

New Contributors

@williamlines made their first contribution in nearform/fast-jwt#349

@relvao made their first contribution in nearform/fast-jwt#364

Full Changelog: nearform/fast-jwt@v3.1.1...v3.2.0

Commits

6604166 Release v3.3.2
15a6e92 Merge pull request from GHSA-c2ff-88x2-x9pg
a5ef39b fix(typescript): fix typescript type DecodedJwt (#407)
4d8c66f fix: add missingRequiredClaim to TokenValidationErrorCode (#403)
52e94dd Release v3.3.1 (#390)
05b02d7 fix: removed pre publish step (#385)
0fd4664 Release v3.3.0 (#382)
7b3d317 Allow expiresIn to be a string (#376)
f836ce1 perf: use node: prefix to bypass require.cache call for builtins (#375)
6e5242b chore: drop support for Node 14 (#378)
Additional commits viewable in compare view

Updates minimatch from 6.1.6 to 9.0.4

Changelog

Sourced from minimatch's changelog.

change log

9.0

No default export, only named exports.

8.0

Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions

Bump required Node.js version

7.4

Add escape() method

Add unescape() method

Add Minimatch.hasMagic() method

7.3

Add support for posix character classes in a unicode-aware way.

7.2

Add windowsNoMagicRoot option

7.1

Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

7.0

Preprocess patterns to simplify complicated patterns and reduce out .. pattern portions where possible. Note that this means a pattern like a/b/../* will be equivalent to a/*, and will not match the string a/b/../c. If this causes problems, it can be addressed in a patch release by resolving .. portions in the test string.

6.2

Add nocaseMagicOnly flag

6.1

... (truncated)

Commits

cb4be48 9.0.4
c091ce2 build with tshy, update tap
87c8677 fix: override with fastTest as property on regex object
ef8f267 add github link to typedocs
05b464d ci: remove node 14 from matrix
f8b46a3 9.0.3
f617a2a fix typo
402b059 update deps
b7bd6d6 9.0.2
37f6df6 Prevent dots only at the start of repeat patterns
Additional commits viewable in compare view

Updates zod from 3.21.4 to 3.22.3

Release notes

Sourced from zod's releases.

v3.22.3

Commits:

1e23990bcdd33d1e81b31e40e77a031fcfd87ce1 Commit

9bd3879b482f139fd03d5025813ee66a04195cdd docs: remove obsolete text about readonly types (#2676)

f59be093ec21430d9f32bbcb628d7e39116adf34 clarify datetime ISO 8601 (#2673)

64dcc8e2b16febe48fa8e3c82c47c92643e6c9e3 Update sponsors

18115a8f128680b4526df58ce96deab7dce93b93 Formatting

28c19273658b164c53c149785fa7a8187c428ad4 Update sponsors

ad2ee9ccf723c4388158ff6b8669c2a6cdc85643 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)

ae0f7a2c15e7741ee1b23c03a3bfb9acebd86551 docs: update ref to discriminated-unions docs (#2485)

2ba00fe2377f4d53947a84b8cdb314a63bbd6dd4 [2609] fix ReDoS vulnerability in email regex (#2824)

1e61d76cdec05de9271fc0df58798ddf9ce94923 3.22.3

v3.22.2

Commits:

13d9e6bda286cbd4c1b177171273695d8309e5de Fix lint

0d49f10b3c25a8e4cbb6534cc0773b195c56d06d docs: add typeschema to ecosystem (#2626)

8e4af7b56df6f2e3daf0dd825b986f1d963025ce X to Zod: add app.quicktype.io (#2668)

792b3ef0d41c144cd10641c6966b98dae1222d82 Fix superrefine types

v3.22.1

Commits:

Fix handing of this in ZodFunction schemas. The parse logic for function schemas now requires the Reflect API.
const methodObject = z.object({
  property: z.number(),
  method: z.function().args(z.string()).returns(z.number()),
});
const methodInstance = {
  property: 3,
  method: function (s: string) {
    return s.length + this.property;
  },
};
const parsed = methodObject.parse(methodInstance);
parsed.method("length=8"); // => 11 (8 length + 3 property)
932cc472d2e66430d368a409b8d251909d7d8d21 Initial prototype fix for issue #2651 (#2652)

0a055e726ac210ef6efc69aa70cd2491767f6060 3.22.1

v3.22.0

ZodReadonly

This release introduces ZodReadonly and the .readonly() method on ZodType.

... (truncated)

Commits

1e61d76 3.22.3
2ba00fe [2609] fix ReDoS vulnerability in email regex (#2824)
ae0f7a2 docs: update ref to discriminated-unions docs (#2485)
ad2ee9c 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
28c1927 Update sponsors
18115a8 Formatting
64dcc8e Update sponsors
f59be09 clarify datetime ISO 8601 (#2673)
9bd3879 docs: remove obsolete text about readonly types (#2676)
1e23990 Commit
Additional commits viewable in compare view

Updates follow-redirects from 1.15.3 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates next from 13.5.3 to 14.1.4

Release notes

Sourced from next's releases.

v14.1.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Update React from 60a927d04 to 4b84f11 (#63476) @ztanner

fix revalidation issue with route handlers (#63213) @ztanner

ensure mpa navigations to the same URL work after restoring from bfcache (#63155) @ztanner

Ensure PromiseLikeOfReactNode is not included in .d.ts files (#63185) @timneutkens

Fix metadata url cases should not append with trailing slash (#63050) @huozhi

feat: add deploymentId config (#63198) @styfle

fix: bump @vercel/nft@0.26.3 (#61538) @styfle

fix x-forwarded-port header (#63303) @Ethan-Arrowood

fix: x-forwarded-port header is 'undefined' when no port in url (#60484) @yuvalotem

Test Changes

test: switch order of tests to avoid flakniess (#63482) @huozhi

fix broken create-next-app tests (#63019) @ztanner

v14.1.3

Core Changes

Upgrade to latest @edge-runtime packages: #62955

Fix output: export with custom distDir: #62064

Migrate locale redirect handling to router-server: #62606

Credits

Huge thanks to @ijjk

v14.1.2

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes

Fix sitemap generateSitemaps support for string id (#61088)

Fix: generateSitemaps in production giving 404 (#62212)

Fix redirect under suspense boundary with basePath (#62597)

Fix: Add stricter check for "use server" exports (#62821)

ensure server action errors notify rejection handlers (#61588)

make router restore action resilient to a missing tree (#62098)

build: remove sentry from the externals list #61194

Reduce memory/cache overhead from over loader processing #62005

Credits

Huge thanks to @huozhi, @shuding, @Ethan-Arrowood, @styfle, @ijjk, @ztanner, @balazsorban44, @kdy1, and @williamli for helping!

... (truncated)

Commits

f1fc357 v14.1.4
e6a117b (backport) Update React from 60a927d04 to 4b84f1161 (#63476)
c227315 update assertion due to stack trace change
3aae252 test: switch order of tests to avoid flakniess (#63482)
4804982 fix broken create-next-app tests (#63019)
81114f3 fix revalidation issue with route handlers (#63213)
944a84c ensure mpa navigations to the same URL work after restoring from bfcache (#63...
21e11f1 Ensure PromiseLikeOfReactNode is not included in .d.ts files (#63185)
531cdb5 Fix metadata url cases should not append with trailing slash (#63050)
a3707f5 feat: add deploymentId config (#63198)
Additional commits viewable in compare view

Updates postcss from 8.4.30 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by @tim-we).

Cleaned up code (by @DrKiraDmitry).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by @romainmenke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

Changelog

Sourced from postcss's changelog.

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by Tim Weißenfels).

Cleaned up code (by Dmitry Kirillov).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

Commits

a69d45e Release 8.4.38 version
64e35d9 Update dependencies
c1ad8fb Merge pull request #1932 from romainmenke/fix-warning-end-index--inventive-nu...
b45e7e9 fix endIndex
1bea246 failing test: for endIndex 0 in rangeBy
0fd1d86 Add changelog auto release on Github
49c906e Release 8.4.37 version
b5bd92c Fix another broken prev sou...
Description has been truncated

… updates Bumps the npm_and_yarn group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [deep-object-diff](https://github.com/mattphillips/deep-object-diff) | `1.1.7` | `1.1.9` | | [immer](https://github.com/immerjs/immer) | `9.0.16` | `10.0.4` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `2.9.15` | `2.9.18` | | [node-fetch](https://github.com/node-fetch/node-fetch) | `3.2.10` | `3.3.0` | | [undici](https://github.com/nodejs/undici) | `5.12.0` | `5.28.4` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [fast-jwt](https://github.com/nearform/fast-jwt) | `3.1.1` | `3.3.2` | | [minimatch](https://github.com/isaacs/minimatch) | `6.1.6` | `9.0.4` | | [zod](https://github.com/colinhacks/zod) | `3.21.4` | `3.22.3` | Bumps the npm_and_yarn group with 3 updates in the /examples/standard-nextjs directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [next](https://github.com/vercel/next.js) and [postcss](https://github.com/postcss/postcss). Bumps the npm_and_yarn group with 2 updates in the /packages/console directory: [immer](https://github.com/immerjs/immer) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 4 updates in the /packages/sst directory: [immer](https://github.com/immerjs/immer), [undici](https://github.com/nodejs/undici), [fast-jwt](https://github.com/nearform/fast-jwt) and [minimatch](https://github.com/isaacs/minimatch). Updates `deep-object-diff` from 1.1.7 to 1.1.9 - [Release notes](https://github.com/mattphillips/deep-object-diff/releases) - [Commits](https://github.com/mattphillips/deep-object-diff/commits) Updates `immer` from 9.0.16 to 10.0.4 - [Release notes](https://github.com/immerjs/immer/releases) - [Commits](immerjs/immer@v9.0.16...v10.0.4) Updates `vite` from 2.9.15 to 2.9.18 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v2.9.18/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v2.9.18/packages/vite) Updates `node-fetch` from 3.2.10 to 3.3.0 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v3.2.10...v3.3.0) Updates `undici` from 5.12.0 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.12.0...v5.28.4) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `fast-jwt` from 3.1.1 to 3.3.2 - [Release notes](https://github.com/nearform/fast-jwt/releases) - [Changelog](https://github.com/nearform/fast-jwt/blob/master/CHANGELOG.md) - [Commits](nearform/fast-jwt@v3.1.1...v3.3.2) Updates `minimatch` from 6.1.6 to 9.0.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v6.1.6...v9.0.4) Updates `zod` from 3.21.4 to 3.22.3 - [Release notes](https://github.com/colinhacks/zod/releases) - [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md) - [Commits](colinhacks/zod@v3.21.4...v3.22.3) Updates `follow-redirects` from 1.15.3 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.3...v1.15.6) Updates `next` from 13.5.3 to 14.1.4 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.3...v14.1.4) Updates `postcss` from 8.4.30 to 8.4.38 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.30...8.4.38) Updates `immer` from 9.0.21 to 10.0.4 - [Release notes](https://github.com/immerjs/immer/releases) - [Commits](immerjs/immer@v9.0.16...v10.0.4) Updates `vite` from 2.9.18 to 5.2.8 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v2.9.18/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v2.9.18/packages/vite) Updates `immer` from 9.0.21 to 10.0.4 - [Release notes](https://github.com/immerjs/immer/releases) - [Commits](immerjs/immer@v9.0.16...v10.0.4) Updates `undici` from 5.28.4 to 6.11.1 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.12.0...v5.28.4) Updates `fast-jwt` from 3.3.3 to 4.0.0 - [Release notes](https://github.com/nearform/fast-jwt/releases) - [Changelog](https://github.com/nearform/fast-jwt/blob/master/CHANGELOG.md) - [Commits](nearform/fast-jwt@v3.1.1...v3.3.2) Updates `minimatch` from 6.2.0 to 9.0.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v6.1.6...v9.0.4) --- updated-dependencies: - dependency-name: deep-object-diff dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: immer dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fast-jwt dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: zod dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: immer dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: immer dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: fast-jwt dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 4, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the npm_and_yarn group across 4 directories with 12 updates #10

build(deps): bump the npm_and_yarn group across 4 directories with 12 updates #10

dependabot bot commented on behalf of github Apr 4, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

build(deps): bump the npm_and_yarn group across 4 directories with 12 updates #10

Are you sure you want to change the base?

build(deps): bump the npm_and_yarn group across 4 directories with 12 updates #10

Conversation

dependabot bot commented on behalf of github Apr 4, 2024

v1.1.9

Vulnerability patch

v1.1.8

Patch

Credits

v10.0.4

10.0.4 (2024-03-09)

Bug Fixes

v10.0.3

10.0.3 (2023-10-02)

Bug Fixes

v10.0.2

10.0.2 (2023-05-09)

Bug Fixes

v10.0.1

10.0.1 (2023-04-17)

Bug Fixes

v10.0.0

10.0.0 (2023-04-17)

Release notes

2.9.18 (2024-03-24)

2.9.17 (2024-01-19)

2.9.16 (2023-05-26)

v3.3.0

3.3.0 (2022-11-10)

Features

v5.28.4

⚠️ Security Release ⚠️

v5.28.3

⚠️ Security Release ⚠️

v5.28.2

What's Changed

New Contributors

v5.28.1

What's Changed

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

v3.3.2

What's Changed

New Contributors

v3.3.1

What's Changed

v3.3.0

What's Changed

New Contributors

v3.2.0

What's Changed

New Contributors

change log

9.0

8.0

7.4

7.3

7.2

7.1

7.0

6.2

6.1

v3.22.3

Commits:

v3.22.2

Commits:

v3.22.1

`ZodReadonly`