Bump the npm_and_yarn group across 1 directory with 16 updates #3254

dependabot · 2024-09-30T22:31:38Z

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
postcss	`8.4.31`	`8.4.32`
webpack	`5.82.0`	`5.94.0`
@adobe/css-tools	`4.2.0`	`4.4.0`
dset	`3.1.3`	`3.1.4`
ejs	`3.1.9`	`3.1.10`
es5-ext	`0.10.62`	`0.10.64`
express	`4.18.2`	`4.21.0`
follow-redirects	`1.15.5`	`1.15.9`
msgpackr	`1.9.1`	`1.11.0`
rollup	`4.10.0`	`4.22.5`
tar	`6.1.14`	`6.2.1`
vite	`5.1.4`	`5.4.8`
word-wrap	`1.2.3`	`1.2.5`

Updates postcss from 8.4.31 to 8.4.32

Release notes

Sourced from postcss's releases.

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

Changelog

Sourced from postcss's changelog.

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

Commits

a0d9f10 Release 8.4.32 version
0146b3e Add Node.js 21 to CI
2398534 Update dependencies
1918533 Merge pull request #1902 from ferreira-tb/main
395e6dc Fix ProcessOptions interface
fa8cd15 Update dependencies
199a7c4 Typo
2528047 Update EM link
See full diff in compare view

Updates webpack from 5.82.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

Added runtime condition for harmony reexport checked

Handle properly data/http/https protocols in source maps

Make bigint optimistic when browserslist not found

Move @types/eslint-scope to dev deps

Related in asset stats is now always an array when no related found

Handle ASI for export declarations

Mangle destruction incorrect with export named default properly

Fixed unexpected asi generation with sequence expression

Fixed a lot of types

New Features

Added new external type "module-import"

Support webpackIgnore for new URL() construction

[CSS] @import pathinfo support

Security

Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

Generate correct relative path to runtime chunks

Makes DefinePlugin quieter under default log level

Fixed mangle destructuring default in namespace import

Fixed consumption of eager shared modules for module federation

Strip slash for pretty regexp

Calculate correct contenthash for CSS generator options

New Features

Added the binary generator option for asset modules to explicitly keep source maps produced by loaders

Added the modern-module library value for tree shakable output

Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

Correct tidle range's comutation for module federation

Consider runtime for pure expression dependency update hash

Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

eabf85d chore(release): 5.94.0
955e057 security: fix DOM clobbering in auto public path
9822387 test: fix
cbb86ed test: fix
5ac3d7f fix: unexpected asi generation with sequence expression
2411661 security: fix DOM clobbering in auto public path
b8c03d4 fix: unexpected asi generation with sequence expression
f46a03c revert: do not use heuristic fallback for "module-import"
60f1898 fix: do not use heuristic fallback for "module-import"
66306aa Revert "fix: module-import get fallback from externalsPresets"
Additional commits viewable in compare view

Updates @adobe/css-tools from 4.2.0 to 4.4.0

Changelog

Sourced from @adobe/css-tools's changelog.

4.4.0 / 2024-06-05

add support for @starting-style #319

4.3.3 / 2024-01-24

Update export property #271

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

4.3.1 / 2023-03-14

Fix redos vulnerability with specific crafted css string - CVE-2023-26364

4.3.0 / 2023-03-07

Update build tools

Update exports path and files

Commits

See full diff in compare view

Updates dset from 3.1.3 to 3.1.4

Commits

05b1ec0 3.1.4
16d6154 fix: prevent proto assignment via implicit string
See full diff in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates es5-ext from 0.10.62 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Comparison since last release

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Commits

f76b03d chore: Release v0.10.64
2881acd chore: Bump dependencies
c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
16f2b72 docs: Fix date in the changelog
de4e03c chore: Release v0.10.63
3fd53b7 chore: Upgrade lint-staged to v13
bf8ed79 chore: Ensure postinstall script does not crash on Windows
2cbbb07 chore: Bump dependencies
22d0416 chore: Bump LICENSE year
a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: [email protected] by @blakeembrey in expressjs/express#5603

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

... (truncated)

Commits

7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
77ada90 Deprecate "back" magic string in redirects (#5935)
21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
ec4a01b feat: upgrade to [email protected] (#5926)
54271f6 fix: don't render redirect values in anchor href
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.15.5 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates msgpackr from 1.9.1 to 1.11.0

Commits

See full diff in compare view

Updates path-to-regexp from 0.1.7 to 0.1.10

Release notes

Sourced from path-to-regexp's releases.

Backtrack protection

Fixed

Add backtrack protection to parameters 29b96b4

This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

c827fce 0.1.10
29b96b4 Add backtrack protection to parameters
ac4c234 Update repo url (#314)
bdb6635 0.1.9
c4272e4 Allow a non-lookahead regex (#312)
51a1955 0.1.8
114f62d Add support for named matching groups (#301)
See full diff in compare view

Updates rollup from 4.10.0 to 4.22.5

Release notes

Sourced from rollup's releases.

v4.22.5

4.22.5

2024-09-27

Bug Fixes

Allow parsing of certain unicode characters again (#5674)

Pull Requests

#5674: Fix panic with unicode characters (@sapphi-red, @lukastaegert)

#5675: chore(deps): update dependency rollup to v4.22.4 [security] (@renovate[bot])

#5680: chore(deps): update dependency @rollup/plugin-commonjs to v28 (@renovate[bot], @lukastaegert)

#5681: chore(deps): update dependency @rollup/plugin-replace to v6 (@renovate[bot])

#5682: chore(deps): update dependency @rollup/plugin-typescript to v12 (@renovate[bot])

#5684: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

v4.22.4

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5670: refactor: Use object.prototype to check for reserved properties (@YuHyeonWook)

#5671: Fix DOM Clobbering CVE (@lukastaegert)

v4.22.3

4.22.3

2024-09-21

Bug Fixes

Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

#5669: Ensure impure dependencies of pure modules are added (@lukastaegert)

v4.22.2

4.22.2

2024-09-20

... (truncated)

Changelog

Sourced from rollup's changelog.

4.22.5

2024-09-27

Bug Fixes

Allow parsing of certain unicode characters again (#5674)

Pull Requests

#5674: Fix panic with unicode characters (@sapphi-red, @lukastaegert)

#5675: chore(deps): update dependency rollup to v4.22.4 [security] (@renovate[bot])

#5680: chore(deps): update dependency @rollup/plugin-commonjs to v28 (@renovate[bot], @lukastaegert)

#5681: chore(deps): update dependency @rollup/plugin-replace to v6 (@renovate[bot])

#5682: chore(deps): update dependency @rollup/plugin-typescript to v12 (@renovate[bot])

#5684: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5670: refactor: Use object.prototype to check for reserved properties (@YuHyeonWook)

#5671: Fix DOM Clobbering CVE (@lukastaegert)

4.22.3

2024-09-21

Bug Fixes

Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

#5669: Ensure impure dependencies of pure modules are added (@lukastaegert)

4.22.2

2024-09-20

Bug Fixes

Revert fix for side effect free modules until other issues are investigated (#5667)

... (truncated)

Commits

bc7780c 4.22.5
ee138d1 chore(deps): lock file maintenance minor/patch updates (#5684)
2d59dbc chore(deps): update dependency @rollup/plugin-commonjs to v28 (#5680)
524670d Fix panic with unicode characters (#5674)
9c5e345 chore(deps): update dependency @rollup/plugin-replace to v6 (#5681)
6d75b6d chore(deps): update dependency @rollup/plugin-typescript to v12 (#5682)
89a68c2 chore(deps): update dependency rollup to v4.22.4 [security] (#5675)
79c0aba 4.22.4
e2552c9 Fix DOM Clobbering CVE (#5671)
10ab90e refactor: Use object.prototype to check for reserved properties (#5670)
Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

@UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

9d2db99 0.19.0
ae4f298 Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

@UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

deps: [email protected]

1.16.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

ec9c5ec 1.16.2
f454d37 fix(deps): encodeurl@~2.0.0
77a8255 1.16.1
4263f49 fix(deps): [email protected]
48c7397 1.16.0
0c11fad Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates tar from 6.1.14 to 6.2.1

Changelog

Sourced from tar's changelog.

Changelog

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

Add support for brotli compression

Add maxDepth option to prevent extraction into excessively deep folders.

6.1

remove dead link to benchmarks (#313) (@yetzt)

add examples/explanation of using tar.t (@isaacs)

ensure close event is emited after stream has ended (@webark)

... (truncated)

Commits

bef7b1e 6.2.1
fe8cd57 prevent extraction in excessively deep subfolders
fe7ebfd remove security.md
5bc9d40 6.2.0
fe1ef5e changelog 6.2
e483220 get rid of npm lint stuff
689928a ci that works outside of npm org
db6f539 file inference improvements for .tbr and .tgz
336fa8f refactor: dry and other pr comments
eeba222 chore: lint fixes
Additional commits viewable in compare view

Updates vite from 5.1.4 to 5.4.8

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.8 (2024-09-25)

fix(css): backport #18113, fix missing source file warning with sass modern api custom importer (#18 (7d47fc1), closes #18183

fix(css): backport #18128, ensure sass compiler initialized only once (#18184) (8464d97), closes #18128 #18184

5.4.7 (2024-09-20)

fix: treat config file as ESM in Deno (#18158) (b5908a2), closes #18158

5.4.6 (2024-09-16)

fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (179b177), closes #18115

fix: fs raw query (#18112) (6820bb3), closes #18112

5.4.5 (2024-09-13)

fix(preload): backport #18098, throw error preloading module as well (#18099) (faa2405), closes #18098 #18099

5.4.4 (2024-09-11)

fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorrect 304 (#18078) (74a79c5), closes #17997 #18078

fix: backport #18063, allow scanning exports from script module in svelte (#18077) (d90ba40), closes #18063 #18077

fix(preload): backport #18046, allow ignoring dep errors (#18076) (8760293), closes #18046 #18076

5.4.3 (2024-09-03)

fix: allow getting URL of JS files in publicDir (#17915) (943ece1), closes #17915

fix: cjs warning respect the logLevel flag (#17993) (dc3c14f), closes #17993

fix: improve CJS warning trace information (#17926) (5c5f82c), closes #17926

fix: only remove entry assets handled by Vite core (#17916) (ebfaa7e), closes #17916

fix: waitForRequestIdle locked (#17982) (ad13760), closes #17982

fix(css): fix directory index import in sass modern api (#17960) (9b001ba), closes #17960

fix(css): fix sass file:// reference (#17909) (561b940), closes #17909

fix(css): fix sass modern source map (#17938) (d428e7e), closes #17938

fix(deps): bump tsconfck (#17990) (8c661b2), closes #17990

fix(html): rewrite assets url in <template> (#17988) (413c86a), closes #17988

fix(preload): add crossorigin attribute in CSS link tags (#17930) (15871c7), closes #17930

chore: reduce diffs with v6 branch (#17942) (bf9065a), closes #17942

chore(deps): update all non-major dependencies (#17945) (cfb621e), closes #17945

chore(deps): update all non-major dependencies (#17991) (0ca53cf), closes #17991

... (truncated)

Commits

0474550 release: v5.4.8
8464d97 fix(css): backport #18128, ensure sass compiler initialized only once (#18184)
7d47fc1 fix(css): backport #18113, fix missing source file warning with sass modern a...
a403e73 release: v5.4.7
b5908a2 fix: treat config file as ESM in Deno (#18158)
f969176 release: v5.4.6
179b177 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
6820bb3 fix: fs raw query (#18112)
37881e7 release: v5.4.5

Bumps the npm_and_yarn group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.4.32` | | [webpack](https://github.com/webpack/webpack) | `5.82.0` | `5.94.0` | | [@adobe/css-tools](https://github.com/adobe/css-tools) | `4.2.0` | `4.4.0` | | [dset](https://github.com/lukeed/dset) | `3.1.3` | `3.1.4` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.62` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.0` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.5` | `1.15.9` | | [msgpackr](https://github.com/kriszyp/msgpackr) | `1.9.1` | `1.11.0` | | [rollup](https://github.com/rollup/rollup) | `4.10.0` | `4.22.5` | | [tar](https://github.com/isaacs/node-tar) | `6.1.14` | `6.2.1` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.1.4` | `5.4.8` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `postcss` from 8.4.31 to 8.4.32 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.31...8.4.32) Updates `webpack` from 5.82.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.82.0...v5.94.0) Updates `@adobe/css-tools` from 4.2.0 to 4.4.0 - [Changelog](https://github.com/adobe/css-tools/blob/main/History.md) - [Commits](https://github.com/adobe/css-tools/commits) Updates `dset` from 3.1.3 to 3.1.4 - [Release notes](https://github.com/lukeed/dset/releases) - [Commits](lukeed/dset@v3.1.3...v3.1.4) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `es5-ext` from 0.10.62 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.62...v0.10.64) Updates `express` from 4.18.2 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md) - [Commits](expressjs/express@4.18.2...4.21.0) Updates `follow-redirects` from 1.15.5 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.5...v1.15.9) Updates `msgpackr` from 1.9.1 to 1.11.0 - [Release notes](https://github.com/kriszyp/msgpackr/releases) - [Commits](https://github.com/kriszyp/msgpackr/commits) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `rollup` from 4.10.0 to 4.22.5 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.10.0...v4.22.5) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `tar` from 6.1.14 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.14...v6.2.1) Updates `vite` from 5.1.4 to 5.4.8 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.8/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.8/packages/vite) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@adobe/css-tools" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dset dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: msgpackr dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 30, 2024

dependabot bot mentioned this pull request Sep 30, 2024

Bump the npm_and_yarn group with 16 updates #3245

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 16 updates #3254

Bump the npm_and_yarn group across 1 directory with 16 updates #3254

dependabot bot commented on behalf of github Sep 30, 2024

Bump the npm_and_yarn group across 1 directory with 16 updates #3254

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 16 updates #3254

Conversation

dependabot bot commented on behalf of github Sep 30, 2024

8.4.32

8.4.32

v5.94.0

Bug Fixes

New Features

Security

v5.93.0

Bug Fixes

New Features

v5.92.1

Bug Fixes

v5.92.0

Bug Fixes

4.4.0 / 2024-06-05

4.3.3 / 2024-01-24

4.3.2 / 2023-11-28

4.3.1 / 2023-03-14

4.3.0 / 2023-03-07

v3.1.10

0.10.64 (2024-02-27)

Bug Fixes

0.10.63 (2024-02-23)

Bug Fixes

Maintenance Improvements

0.10.64 (2024-02-27)

Bug Fixes

0.10.63 (2024-02-23)

Bug Fixes

Maintenance Improvements

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

Backtrack protection

Support non-lookahead regex output

Support named matching groups in RegExp

v4.22.5

4.22.5

Bug Fixes

Pull Requests

v4.22.4

4.22.4

Bug Fixes

Pull Requests

v4.22.3

4.22.3

Bug Fixes

Pull Requests

v4.22.2

4.22.2

4.22.5

Bug Fixes

Pull Requests

4.22.4

Bug Fixes

Pull Requests

4.22.3

Bug Fixes

Pull Requests

4.22.2

Bug Fixes

0.19.0

What's Changed

New Contributors

0.19.0 / 2024-09-10

1.16.0

Support named matching groups in `RegExp`