Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump the npm_and_yarn group across 2 directories with 26 updates

Open
Number: #36
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: None
Comments: 0
Created: August 22, 2025 at 03:11 AM UTC
(16 days ago)
Updated: August 22, 2025 at 03:11 AM UTC
(16 days ago)
Labels:
dependencies javascript
Description:

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package From To
serverless-offline 6.9.0 8.1.0
@babel/traverse 7.14.2 7.28.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
elliptic 6.5.4 6.6.1
follow-redirects 1.14.4 1.15.11
jszip 3.7.1 3.10.1
minimist 1.2.5 1.2.8
moment-timezone 0.5.33 0.5.48
moment 2.29.1 2.30.1
node-fetch 2.6.1 2.7.0
pbkdf2 3.1.2 3.1.3
protobufjs 6.11.2 6.11.4
qs 6.5.2 6.5.3
sha.js 2.4.11 2.4.12
simple-get 2.8.1 2.8.2
socket.io-parser 3.3.2 3.3.4
tar-fs 1.16.3 1.16.5
tmpl 1.0.4 1.0.5

Bumps the npm_and_yarn group with 3 updates in the /services/sechub directory: node-fetch, semver and octokit.

Updates serverless-offline from 6.9.0 to 8.1.0

Release notes

Sourced from serverless-offline's releases.

v8.1.0

New feature:

v8.0.0

Breaking changes:

New feature:

v7.1.0

New feature:

Bug fixes:

v7.0.0

Breaking changes:

New feature:

Bug fixes:

Chores

Commits
  • 77b3659 chore: Release v8.1.0
  • c9b4f9e feat: Add support for Python 3.9 runtime (#1267)
  • 6eb15d7 chore: Release v8.0.0
  • ed06c2d feat: Update hapi version to support Node 16 and drop Node 10 (#1235)
  • 60d034b chore: Release 7.1.0
  • 3fb5b69 fix: Child processes are cleaned up when useChildProcesses is used
  • b320b18 fix: Remove multiplication of this.#timeout by 1000 (#1177)
  • 3178501 feat: Support Ruby handlers with :: in path definition (#1218)
  • 4dbab1a Merge pull request #1178 from grakic/no-strip-trailing-slash
  • e9695ec Add '--noStripTrailingSlashInUrl' option
  • Additional commits viewable in compare view

Updates @babel/traverse from 7.14.2 to 7.28.3

Release notes

Sourced from @​babel/traverse's releases.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

:bug: Bug Fix

:nail_care: Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

:memo: Documentation

:house: Internal

:microscope: Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

v7.28.2 (2025-07-24)

Thanks @​souhailaS for your first PR!

:bug: Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

Committers: 4

v7.28.1 (2025-07-12)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

:bug: Bug Fix

:nail_care: Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

:memo: Documentation

:house: Internal

:microscope: Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

:bug: Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

:bug: Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

:memo: Documentation

:leftwards_arrow_with_hook: Revert

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types

v7.28.0 (2025-07-02)

:rocket: New Feature

... (truncated)

Commits

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

  • Only apps should have lockfiles 09a8995
  • [eslint] switch to eslint 83fe463
  • [meta] add npmignore and auto-changelog 4418183
  • [meta] fix package.json indentation 9ac5a5e
  • [Tests] migrate from travis to github actions d845d85
  • [Fix] sign: throw on unsupported padding scheme 8767739
  • [Fix] properly check the upper bound for DSA signatures 85994cd
  • [Tests] handle openSSL not supporting a scheme f5f17c2
  • [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
  • [Dev Deps] update nyc, standard, tape cc5350b
  • [Tests] always run coverage; downgrade nyc 75ce1d5
  • [meta] add safe-publish-latest dcf49ce
  • [Tests] add npm run posttest 75dd8fd
  • [Dev Deps] update tape 3aec038
  • [Tests] skip unsupported schemes 703c83e
  • [Tests] node < 6 lacks array includes 3aa43cf
  • [Dev Deps] fix eslint range 98d4e0d
Commits
  • bf2c3ec v4.2.3
  • 9247adf [patch] widen support to 0.12
  • f427270 [Deps] update `parse-asn1
  • 87f3a35 [Dev Deps] update aud, npmignore, tape
  • fb261ce [Deps] update elliptic
  • 4d0ee49 [patch] drop minimum node support to v1
  • 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
  • 168e16f [Deps] pin elliptic due to a breaking change
  • 37a4758 [actions] remove redundant finisher
  • 4af5a90 v4.2.2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.


Updates cipher-base from 1.0.4 to 1.0.6

Changelog

Sourced from cipher-base's changelog.

v1.0.6 - 2024-11-26

Commits

  • [Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

  • [Tests] standard -> eslint, make test dir, etc ae02fd6
  • [Tests] migrate from travis to GHA 66387d7
  • [meta] fix package.json indentation 5c02918
  • [Fix] return valid values on multi-byte-wide TypedArray input 8fd1364
  • [meta] add auto-changelog 88dc806
  • [meta] add npmignore and safe-publish-latest 7a137d7
  • Only apps should have lockfiles 42528f2
  • [Deps] update inherits, safe-buffer 0e7a2d9
  • [meta] add missing engines.node f2dc13e
Commits
  • f5249f9 v1.0.6
  • b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
  • f03cebf v1.0.5
  • 88dc806 [meta] add auto-changelog
  • 7a137d7 [meta] add npmignore and safe-publish-latest
  • 5c02918 [meta] fix package.json indentation
  • 8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
  • 66387d7 [Tests] migrate from travis to GHA
  • f2dc13e [meta] add missing engines.node
  • 0e7a2d9 [Deps] update inherits, safe-buffer
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.


Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

Updates elliptic from 6.5.4 to 6.6.1

Commits

Updates follow-redirects from 1.14.4 to 1.15.11

Commits
  • 21ef28a Release version 1.15.11 of the npm package.
  • 7c88135 Roll back tree shaking.
  • 6e389ba Release version 1.15.10 of the npm package.
  • 5bc496e Shake me up before you go-go.
  • 694d6b4 Bump minimist from 1.2.5 to 1.2.8
  • e4e55c7 Release version 1.15.9 of the npm package.
  • 31a1abf Attempt much more gentle detection.
  • d2aaa97 Fix url field.
  • 62558f0 Release version 1.15.8 of the npm package.
  • a8d1cee Return subtlety.
  • Additional commits viewable in compare view

Updates jszip from 3.7.1 to 3.10.1

Changelog

Sourced from jszip's changelog.

v3.10.1 2022-08-02

  • Add sponsorship files.
    • If you appreciate the time spent maintaining JSZip then I would really appreciate your sponsorship.
  • Consolidate metadata types and expose OnUpdateCallback #851 and #852
  • use const instead var in example from README.markdown #828
  • Switch manual download link to HTTPS #839

Internals:

  • Replace jshint with eslint #842
  • Add performance tests #834

v3.10.0 2022-05-20

  • Change setimmediate dependency to more efficient one. Fixes Stuk/jszip#617 (see #829)
  • Update types of currentFile metadata to include null (see #826)

v3.9.1 2022-04-06

  • Fix recursive definition of InputFileFormat introduced in 3.9.0.

v3.9.0 2022-04-04

  • Update types JSZip#loadAsync to accept a promise for data, and remove arguments from new JSZip() (see #752)
  • Update types for compressionOptions to JSZipFileOptions and JSZipGeneratorOptions (see #722)
  • Add types for generateInternalStream (see #774)

v3.8.0 2022-03-30

  • Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.
Commits

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits
  • 6901ee2 v1.2.8
  • a026794 Merge tag 'v0.2.3'
  • c0b2661 v0.2.3
  • 63b8fee [Fix] Fix long option followed by single dash (#17)
  • 72239e6 [Tests] Remove duplicate test (#12)
  • 34b0f1c [eslint] fix indentation
  • 3226afa [Dev Deps] add missing npmignore dev dep
  • 098873c [Dev Deps] update @ljharb/eslint-config, aud
  • 9ec4d27 [Fix] Fix long option followed by single dash
  • ba92fe6 [actions] Avoid 0.6 tests due to build failures
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.


Updates moment-timezone from 0.5.33 to 0.5.48

Release notes

Sourced from moment-timezone's releases.

Release 0.5.48

  • Updated data to IANA TZDB 2025b. #1130

Release 0.5.47

  • Updated data to IANA TZDB 2025a. #1125

Release 0.5.46

  • Updated data to IANA TZDB 2024b. #1121 This only affects historical timestamps; no future timestamps have changed.

Release 0.5.45

  • Updated data to IANA TZDB 2024a. #1095

Release 0.5.44

  • Updated data to IANA TZDB 2023d. #1085
  • Fixed .valueOf() to return NaN for invalid zoned objects (matching default moment) #1082.
  • Performance improvements:
    • Use binary search when looking up zone information #720.
    • Avoid redundant checks in tz.guess().
    • Avoid redundant getZone() calls in .tz().

Release 0.5.43

* Updated data to IANA TZDB 2023c. #1053

Release 0.5.42

  • Updated data to IANA TZDB 2023b. #1047

Release 0.5.41

  • Updated moment npm dependency to 2.29.4 to remove automated warnings about insecure dependencies #1004. Moment Timezone still works with core Moment 2.9.0 and higher.
  • Updated all dev dependencies including UglifyJS, which produces the minified builds.
  • Added deprecation warning to the pre-built moment-timezone-with-data-2012-2022 bundles #1035. Use the rolling moment-timezone-with-data-10-year-range files instead.

Release 0.5.40

  • Updated data to IANA TZDB 2022g. #1022

Release 0.5.39

  • Updated data to IANA TZDB 2022f. #1014

Release 0.5.38

  • Updated data to IANA TZDB 2022e. #1009
  • Added moment.tz.dataVersion property to TypeScript definitions. #930
  • Removed temporary .tar.gz files from npm releases. #1000

Release 0.5.37

  • Re-publish npm package, because of extra folder present in 0.5.36. #999

Release 0.5.36

  • Updated data to IANA TZDB 2022c

... (truncated)

Changelog

Sourced from moment-timezone's changelog.

0.5.48 2025-03-23

  • Updated data to IANA TZDB 2025b. #1130

0.5.47 2025-01-28

  • Updated data to IANA TZDB 2025a. #1125

0.5.46 2024-10-06

  • Updated data to IANA TZDB 2024b. #1121 This only affects historical timestamps; no future timestamps have changed.

0.5.45 2024-02-04

  • Updated data to IANA TZDB 2024a. #1095

0.5.44 2023-12-29

  • Updated data to IANA TZDB 2023d. #1085
  • Fixed .valueOf() to return NaN for invalid zoned objects (matching default moment). #1082
  • Performance improvements:
    • Use binary search when looking up zone information. #720
    • Avoid redundant checks in tz.guess().
    • Avoid redundant getZone() calls in .tz().

0.5.43 2023-03-31

  • Updated data to IANA TZDB 2023c. #1053

0.5.42 2023-03-24

  • Updated data to IANA TZDB 2023b. #1047

0.5.41 2023-02-25

  • Updated moment npm dependency to 2.29.4 to remove automated warnings about insecure dependencies. Moment Timezone still works with core Moment 2.9.0 and higher.
  • Updated all dev dependencies including UglifyJS, which produces the minified builds.
  • Added deprecation warning to the pre-built moment-timezone-with-data-2012-2022 bundles. #1035. Use the rolling moment-timezone-with-data-10-year-range files instead.

0.5.40 2022-12-11

  • Updated data to IANA TZDB 2022g. #1022

0.5.39 2022-11-13

  • Updated data to IANA TZDB 2022f. #1014

0.5.38 2022-10-15

  • Updated data to IANA TZDB 2022e. #1009
  • Added moment.tz.dataVersion property to TypeScript definitions. #930
  • Removed temporary .tar.gz files from npm releases. #1000

0.5.37 2022-08-25

  • Re-publish npm package, because of extra folder present in 0.5.36. #999

0.5.36 2022-08-25

  • Updated data to IANA TZDB 2022c.

... (truncated)

Commits
  • fcec454 Build moment-timezone 0.5.48
  • 4b320b8 Bump version to 0.5.48
  • b5452b9 Merge pull request #1130 from moment/automated/data-update
  • 582f658 data: Add 2025b
  • 56ab2a8 Build moment-timezone 0.5.47
  • 991678d Bump version to 0.5.47
  • d70aa57 Merge pull request #1125 from moment/automated/data-update
  • 5a3abe1 data: Add 2025a
  • c666ad1 tests: Rebuild guess tests for 2025
  • cfefd24 Move GitHub bug report template to new format
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by gilmoreorless, a new releaser for moment-timezone since your current version.


Updates moment from 2.29.1 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

2.30.0 Full changelog

  • Release Dec 26, 2023

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

Commits
Package Dependencies
Package:
 @babel/traverse
Ecosystem:
npm
Version Change:
7.14.2 → 7.28.3
Update Type:
Minor
Package:
tar-fs
Ecosystem:
npm
Version Change:
1.16.3 → 1.16.5
Update Type:
Patch
Package:
elliptic
Ecosystem:
npm
Version Change:
6.5.4 → 6.6.1
Update Type:
Minor
Package:
decode-uri-component
Ecosystem:
npm
Version Change:
0.2.0 → 0.2.2
Update Type:
Patch
Package:
follow-redirects
Ecosystem:
npm
Version Change:
1.14.4 → 1.15.11
Update Type:
Minor
Package:
browserify-sign
Ecosystem:
npm
Version Change:
4.2.1 → 4.2.3
Update Type:
Patch
Package:
minimist
Ecosystem:
npm
Version Change:
1.2.5 → 1.2.8
Update Type:
Patch
Package:
moment-timezone
Ecosystem:
npm
Version Change:
0.5.33 → 0.5.48
Update Type:
Patch
Package:
qs
Ecosystem:
npm
Version Change:
6.5.2 → 6.5.3
Update Type:
Patch
Package:
node-fetch
Ecosystem:
npm
Version Change:
2.6.1 → 2.7.0
Update Type:
Minor
Package:
protobufjs
Ecosystem:
npm
Version Change:
6.11.2 → 6.11.4
Update Type:
Patch
Package:
moment
Ecosystem:
npm
Version Change:
2.29.1 → 2.30.1
Update Type:
Minor
Package:
jszip
Ecosystem:
npm
Version Change:
3.7.1 → 3.10.1
Update Type:
Minor
Package:
tmpl
Ecosystem:
npm
Version Change:
1.0.4 → 1.0.5
Update Type:
Patch
Package:
simple-get
Ecosystem:
npm
Version Change:
2.8.1 → 2.8.2
Update Type:
Patch
Package:
socket.io-parser
Ecosystem:
npm
Version Change:
3.3.2 → 3.3.4
Update Type:
Patch
Package:
serverless-offline
Ecosystem:
npm
Version Change:
6.9.0 → 8.1.0
Update Type:
Major
Package:
pbkdf2
Ecosystem:
npm
Version Change:
3.1.2 → 3.1.3
Update Type:
Patch
Package:
sha.js
Ecosystem:
npm
Version Change:
2.4.11 → 2.4.12
Update Type:
Patch
Package:
cipher-base
Ecosystem:
npm
Version Change:
1.0.4 → 1.0.6
Update Type:
Patch
Security Advisories
Path Traversal: 'dir/../../filename' in moment.locale
GHSA-8hfj-j24r-96c4 CVE-2022-24785 HIGH
### Impact This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale. ### Patches This problem is patc...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 5612903
UUID: 2764982232
Node ID: PR_kwDOGF7fg86kzkfY
Host: GitHub
Repository: Enterprise-CMCS/macpro-quickstart-serverless-support
Merge State: Unknown