build(deps): bump the npm_and_yarn group across 2 directories with 29 updates#28
Open
dependabot[bot] wants to merge 1 commit into
Open
build(deps): bump the npm_and_yarn group across 2 directories with 29 updates#28dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
… updates Bumps the npm_and_yarn group with 19 updates in the /app directory: | Package | From | To | | --- | --- | --- | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.0` | | [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.28.5` | `7.29.7` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` | | [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` | | [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `5.2.2` | | [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `0.2.7` | | [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [elliptic](https://github.com/indutny/elliptic) | `6.4.0` | `removed` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.3` | `1.4.0` | | [postcss](https://github.com/postcss/postcss) | `8.4.49` | `removed` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` | | [systeminformation](https://github.com/sebhildebrandt/systeminformation) | `5.30.5` | `5.31.6` | | [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` | Bumps the npm_and_yarn group with 2 updates in the /devActionsServer directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [qs](https://github.com/ljharb/qs). Updates `dompurify` from 3.3.1 to 3.4.0 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.1...3.4.0) Updates `uuid` from 11.1.0 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v11.1.0...v14.0.0) Updates `@babel/plugin-transform-modules-systemjs` from 7.28.5 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs) Updates `@clerk/shared` from 3.43.0 to 3.47.7 - [Release notes](https://github.com/clerk/javascript/releases) - [Changelog](https://github.com/clerk/javascript/blob/@clerk/shared@3.47.7/packages/shared/CHANGELOG.md) - [Commits](https://github.com/clerk/javascript/commits/@clerk/shared@3.47.7/packages/shared) Updates `brace-expansion` from 1.1.12 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.15) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `@tootallnate/once` from 2.0.0 to 2.0.1 - [Release notes](https://github.com/TooTallNate/once/releases) - [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md) - [Commits](TooTallNate/once@2.0.0...v2.0.1) Updates `@xmldom/xmldom` from 0.8.11 to 0.8.13 - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.8.11...0.8.13) Updates `ajv` from 6.12.6 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.15.0) Updates `diff` from 5.2.0 to 5.2.2 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v5.2.0...v5.2.2) Updates `tmp` from 0.0.33 to 0.2.7 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.0.33...v0.2.7) Updates `fast-uri` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.2) Updates `fast-xml-parser` from 4.5.3 to 5.8.0 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.5.3...v5.8.0) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `ip-address` from 10.1.0 to 10.2.0 - [Commits](beaugunderson/ip-address@v10.1.0...v10.2.0) Updates `js-cookie` from 3.0.5 to 3.0.7 - [Release notes](https://github.com/js-cookie/js-cookie/releases) - [Commits](js-cookie/js-cookie@v3.0.5...v3.0.7) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Removes `elliptic` Updates `pbkdf2` from 3.0.16 to 3.1.3 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.16...v3.1.3) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `node-forge` from 1.3.3 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.3...v1.4.0) Updates `path-to-regexp` from 0.1.12 to 1.9.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.2) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Removes `postcss` Updates `protobufjs` from 7.5.4 to 7.6.1 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.1/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.6.1) Updates `systeminformation` from 5.30.5 to 5.31.6 - [Release notes](https://github.com/sebhildebrandt/systeminformation/releases) - [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md) - [Commits](sebhildebrandt/systeminformation@v5.30.5...v5.31.6) Updates `tar` from 6.2.1 to 7.5.15 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.1...v7.5.15) Updates `ws` from 8.19.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.19.0...8.21.0) Updates `path-to-regexp` from 8.3.0 to 8.4.2 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.2) Updates `qs` from 6.14.1 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.2) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.4.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/plugin-transform-modules-systemjs" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@clerk/shared" dependency-version: 3.47.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@tootallnate/once" dependency-version: 2.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@xmldom/xmldom" dependency-version: 0.8.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 5.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-version: 5.8.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-cookie dependency-version: 3.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 1.9.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 7.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: systeminformation dependency-version: 5.31.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 8.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 19 updates in the /app directory:
3.3.13.4.07.28.57.29.71.1.121.1.153.1.23.1.52.0.02.0.10.8.110.8.136.12.66.15.05.2.05.2.20.0.330.2.73.1.03.1.24.5.35.8.03.3.33.4.24.17.214.18.16.4.0removed1.3.31.4.08.4.49removed7.5.47.6.15.30.55.31.68.19.08.21.0Bumps the npm_and_yarn group with 2 updates in the /devActionsServer directory: path-to-regexp and qs.
Updates
dompurifyfrom 3.3.1 to 3.4.0Release notes
Sourced from dompurify's releases.
Commits
5b16e0bGetting 3.x branch ready for 3.4.0 release (#1250)8bcbf73chore: Preparing 3.3.3 release5faddd6fix: engine requirement (#1210)0f91e3aUpdate README.mdd5ff1a8Merge branch 'main' of github.com:cure53/DOMPurifyc3efd48fix: moved back from jsdom 28 to jsdom 20988b888fix: moved back from jsdom 28 to jsdom 202726c74chore: Preparing 3.3.2 release6202c7ebuild(deps): bump@tootallnate/onceand jsdom (#1204)302b51dfix: Expanded the regex ever so slightly to also cover scriptUpdates
uuidfrom 11.1.0 to 14.0.0Release notes
Sourced from uuid's releases.
... (truncated)
Changelog
Sourced from uuid's changelog.
Commits
7c1ea08chore(main): release 14.0.0 (#926)3d2c5b0Merge commit from forkf2c235ffix!: expectcryptoto be global everywhere (requires node@20+) (#935)529ef08chore: upgrade TypeScript and fixup types (#927)086fd79chore: update dependencies (#933)dc4ddb8feat!: drop node@18 support (#934)0f1f9c9chore: switch to Biome for parsing and linting (#932)e2879e6chore: use maintained version of npm-run-all (#930)ffa3138fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49docs: remove obsolete v1 option notes (#915)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
Updates
@babel/plugin-transform-modules-systemjsfrom 7.28.5 to 7.29.7Release notes
Sourced from @babel/plugin-transform-modules-systemjs's releases.
... (truncated)
Commits
4fba754v7.29.7a458f66v7.29.432ebd5a[7.x backport]fix(systemjs): improve module string name support (#17974)aa8394ev7.29.00053db6Update polyfill packages (#17727)Updates
@clerk/sharedfrom 3.43.0 to 3.47.7Release notes
Sourced from @clerk/shared's releases.
Changelog
Sourced from @clerk/shared's changelog.
... (truncated)
Commits
29388cdci(repo): Version packages (Core 2) (#8662)9d421effeat(clerk-js,shared): Backport Session Minter SDK changes to core-2 (#8643)071b2deci(repo): Version packages (Core 2) (#8633)fbba78cchore(shared): Bump js-cookie to 3.0.7 (#8631)4914e49ci(repo): Version packages (Core 2) (#8376)e085a17fix(shared,clerk-js,nextjs): authorization bypass in combined-condition has()...27e4f4bci(repo): Version packages (Core 2) (#8316)2c14f0efix(shared,nextjs,astro,nuxt): normalize URL paths in createPathMatcher (#8310)5384072ci(repo): Version packages (Core 2) (#8137)e5f213ffeat(clerk-js): Send touch intent with session updates (core-2 backport) (#8135)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@clerk/sharedsince your current version.Updates
brace-expansionfrom 1.1.12 to 1.1.15Release notes
Sourced from brace-expansion's releases.
Commits
2203f4f1.1.150b09384Backport v5.0.6 change to v1 (#111)10c05fc1.1.141afa1b2Add opt-in { max } mitigation to v1 legacy line (#103)2fbb6a2Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)0d7652eBackport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)6c353ca1.1.137fd684fBackport fix for GHSA-f886-m6hf-6m8v (#95)Updates
minimatchfrom 3.1.2 to 3.1.5Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
@tootallnate/oncefrom 2.0.0 to 2.0.1Release notes
Sourced from @tootallnate/once's releases.
Changelog
Sourced from @tootallnate/once's changelog.
Commits
bcbb21dci: fix OIDC publishing — Node 24, npm latest, provenancedc24387Version Packages (2.x) (#12)b8a6f80CI: test all Node versions on Linux onlydabcc0fci: drop EOL Node.js 14.x/16.x, add 22.xb464efcUpdate CI: modern Node versions, fix macOS ARM64 compata1e5e2dFix promise hang when AbortSignal is abortedMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@tootallnate/oncesince your current version.Updates
@xmldom/xmldomfrom 0.8.11 to 0.8.13Release notes
Sourced from @xmldom/xmldom's releases.
Changelog
Sourced from @xmldom/xmldom's changelog.
... (truncated)
Commits
e5c14800.8.139611e20style: drop unused import in test filedc4dff3docs: add 0.8.13 changelog entry842fa38fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)aeff69ftest: add normalize behavioral coverage to node.test.jscbdb0d7fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)0b543d3test: assert namespace declarations are isolated between siblings in serializ...c007c51refactor: migrate serializeToString to walkDOM2bb3899test: add serializeToString coverage for uncovered branchese69f38drefactor: migrate importNode to walkDOMMaintainer changes
This version was pushed to npm by karfau, a new releaser for
@xmldom/xmldomsince your current version.Updates
ajvfrom 6.12.6 to 6.15.0Commits
184bc326.15.0fea46aftest/fix prototype pollution via $data ref with format keyword (#2606)e3af0a76.14.0b552ed6add regExp option to address $data exploit via a regular expression (CVE-2025...72f2286docs: update v7 info231e52bMerge pull request #1320 from philsturgeon/patch-1d3475fcAdd spectral, an AJV util from a sponsor413afe0docs: v7.0.0-beta.311e997bupdate readme for v7Updates
difffrom 5.2.0 to 5.2.2Changelog
Sourced from diff's changelog.
Commits
b7b6339v5.2.2b5377abUpdate package version to 5.2.17801789Backport kpdecker/jsdiff#649042a837Backport kpdecker/jsdiff#647Updates
tmpfrom 0.0.33 to 0.2.7Changelog
Sourced from tmp's changelog.
... (truncated)
Commits
8ea1f37Bump up the version8f24f78Merge commit from forkce787f3Reject non-string prefix, postfix, template41f7159Bump up the versionefa4a06Merge commit from fork7ef2728Check for relative values3d2fe38Bump up the versione162828Merge pull request #309 from fflorent/fix-tmp-dir-with-dirb847d2fFix use of tmp.dir() withdiroption08fa3abUpdate versionUpdates
fast-urifrom 3.1.0 to 3.1.2Release notes
Sourced from fast-uri's releases.
Commits
919dd8eBumped v3.1.2c65ba57fixup: linting6c86c17Merge commit from forka95158aHandle malformed fragment decoding without throwing (#171)cea547c<...Description has been truncated