Bump the npm_and_yarn group across 1 directory with 19 updates

Open

Number: #3
Type: Pull Request
State: Open

Author:

dependabot[bot]
Association: None
Comments: 0

Created: August 22, 2025 at 04:13 AM UTC
(17 days ago)

Updated: August 22, 2025 at 04:13 AM UTC
(17 days ago)

Labels:
dependencies javascript

Description:

Bumps the npm_and_yarn group with 17 updates in the /web directory:

Package	From	To
json5	`2.1.0`	`2.2.3`
json5	`1.0.1`	`1.0.2`
@babel/traverse	`7.4.3`	`7.28.3`
browserify-sign	`4.0.4`	`4.2.3`
cipher-base	`1.0.4`	`1.0.6`
decode-uri-component	`0.2.0`	`0.2.2`
fsevents	`1.2.7`	`1.2.13`
ini	`1.3.5`	`1.3.8`
minimist	`1.2.0`	`1.2.8`
mkdirp	`0.5.1`	`0.5.6`
loader-utils	`1.2.3`	`1.4.2`
node-fetch	`1.7.3`	`2.7.0`
isomorphic-fetch	`2.2.1`	`3.0.0`
postcss	`7.0.14`	`8.5.6`
css-loader	`2.1.1`	`7.1.2`
y18n	`4.0.0`	`4.0.3`
yargs-parser	`11.1.1`	`13.1.2`
webpack-cli	`3.3.0`	`3.3.12`

Updates json5 from 2.1.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)

Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)

Fix: Spelling mistakes have been fixed. (#196)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

Commits

c3a7524 2.2.3
94fd06d docs: update CHANGELOG for v2.2.3
3b8cebf docs(security): use GitHub security advisories
f0fd9e1 docs: publish a security policy
6a91a05 docs(template): bug -> bug report
14f8cb1 2.2.2
10cc7ca docs: update CHANGELOG for v2.2.2
7774c10 fix: add proto to objects and arrays
edde30a Readme: slight tweak to intro
97286f8 Improve example in readme
Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v2.2.3

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)

Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)

Fix: Spelling mistakes have been fixed. (#196)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

Commits

c3a7524 2.2.3
94fd06d docs: update CHANGELOG for v2.2.3
3b8cebf docs(security): use GitHub security advisories
f0fd9e1 docs: publish a security policy
6a91a05 docs(template): bug -> bug report
14f8cb1 2.2.2
10cc7ca docs: update CHANGELOG for v2.2.2
7774c10 fix: add proto to objects and arrays
edde30a Readme: slight tweak to intro
97286f8 Improve example in readme
Additional commits viewable in compare view

Updates @babel/traverse from 7.4.3 to 7.28.3

Release notes

Sourced from @babel/traverse's releases.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

:bug: Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

:nail_care: Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

:memo: Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

:house: Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

:microscope: Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

v7.28.2 (2025-07-24)

Thanks @souhailaS for your first PR!

:bug: Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Nicolò Ribaudo (@nicolo-ribaudo)

SOUHAILA SERBOUT (@souhailaS)

@liuxingbaoyu

v7.28.1 (2025-07-12)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

:bug: Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

:nail_care: Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

:memo: Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

:house: Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

:microscope: Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

:bug: Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

:bug: Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

:memo: Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

:leftwards_arrow_with_hook: Revert

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types

#17432 Do not mark OptionalMemberExpresion as LVal (@JLHwung)

v7.28.0 (2025-07-02)

:rocket: New Feature

babel-node

#17147 Support top level await in node repl (@liuxingbaoyu)

babel-types

... (truncated)

Commits

ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
5051613 Type-check .d.ts file with strict: true (#17461)
ccc5fae v7.28.0
4b4e7e2 Create babel-helper-globals (#17297)
cf5ae03 LVal coverage updates (Part 2) (#17391)
6ca9df4 Accept bigints in t.bigIntLiteral factory (#17378)
75f0140 Parse discard binding (#17163)
4ce7dfd v7.27.7
6c8faf1 add generateUidBasedOnNode test cases (#17381)
Additional commits viewable in compare view

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](https://github.com/browserify/browserify-sign/commit/f427270ac11dc6be29f87d7afb046c16376a5a9c)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates cipher-base from 1.0.4 to 1.0.6

Changelog

Sourced from cipher-base's changelog.

v1.0.6 - 2024-11-26

Commits

[Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

[Tests] standard -> eslint, make test dir, etc ae02fd6

[Tests] migrate from travis to GHA 66387d7

[meta] fix package.json indentation 5c02918

[Fix] return valid values on multi-byte-wide TypedArray input 8fd1364

[meta] add auto-changelog 88dc806

[meta] add npmignore and safe-publish-latest 7a137d7

Only apps should have lockfiles 42528f2

[Deps] update inherits, safe-buffer 0e7a2d9

[meta] add missing engines.node f2dc13e

Commits

f5249f9 v1.0.6
b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
f03cebf v1.0.5
88dc806 [meta] add auto-changelog
7a137d7 [meta] add npmignore and safe-publish-latest
5c02918 [meta] fix package.json indentation
8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
66387d7 [Tests] migrate from travis to GHA
f2dc13e [meta] add missing engines.node
0e7a2d9 [Deps] update inherits, safe-buffer
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates elliptic from 6.4.1 to 6.6.1

Commits

9b77436 6.6.1
04cb6f5 Merge commit from fork
b8a7edd 6.6.0
34c8534 fix: signature verification due to leading zeros
3e46a48 6.5.7
accb61e lib: DER signature decoding correction
03e06e1 6.5.6
7ac5360 Merge commit from fork
7570078 6.5.5
206da2e lib: lint
Additional commits viewable in compare view

Updates fsevents from 1.2.7 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Commits

844a05d Version Bump
f393f2a Only build fsevents on macOS (#322)
6a281a7 [publish binary]
acc2bce [publish binary]
f532b6e [publish binary]
4c6a1c0 Add node 13 to travis matrix.
92e40aa Release 1.2.12.
909af26 Release v1.2.11
7074adb Release v1.2.10
0a052f6 Node.js v12 support for v1.x (#274)
Additional commits viewable in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

a2c5da8 1.3.8
af5c6bb Do not use Object.create(null)
8b648a1 don't test where our devdeps don't even work
c74c8af 1.3.7
024b8b5 update deps, add linting
032fbaf Use Object.create(null) to avoid default object property hazards
2da9039 1.3.6
cfea636 better git push script, before publish instead of after
56d2805 do not allow invalid hazardous string as section name
See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates mkdirp from 0.5.1 to 0.5.6

Commits

92f086d 0.5.6
2a28125 clean up tests
c905d65 update minimist
049cf18 0.5.5
bea6382 Remove unnecessary umask calls
42a012c 0.5.4
2867920 fix infinite loop on windows machines
d784e70 0.5.3
d612c5d add files list so this package isn't a monster
b2e7ba0 0.5.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.

Updates loader-utils from 1.2.3 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

support the [query] template for the interpolatedName method (#162) (469eeba)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

1.4.0 (2020-02-19)

Features

the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

support the [query] template for the interpolatedName method (#162) (469eeba)

Commits

331ad50 chore(release): 1.4.2
17cbf8f fix: ReDoS problem (#226)
8f082b3 chore(release): 1.4.1
4504e34 fix: security problem (#220)
d95b8b5 chore(release): 1.4.0
cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)
06d36cf chore(release): 1.3.0
469eeba feat: support the [query] template for the interpolatedName method (#162)
909c99d chore: funding.yml config and CI fix (

Pull Request Statistics

Commits:
1

Files Changed:
2

Additions:
+4001

Deletions:
-2872

Package Dependencies

Package:
@babel/traverse

Ecosystem:
npm

Version Change:
7.4.3 → 7.28.3

Update Type:
Minor

Package:
decode-uri-component

Ecosystem:
npm

Version Change:
0.2.0 → 0.2.2

Update Type:
Patch

Package:
postcss

Ecosystem:
npm

Version Change:
7.0.14 → 8.5.6

Update Type:
Major

Package:
browserify-sign

Ecosystem:
npm

Version Change:
4.0.4 → 4.2.3

Update Type:
Minor

Package:
y18n

Ecosystem:
npm

Version Change:
4.0.0 → 4.0.3

Update Type:
Patch

Package:
ini

Ecosystem:
npm

Version Change:
1.3.5 → 1.3.8

Update Type:
Patch

Package:
minimist

Ecosystem:
npm

Version Change:
1.2.0 → 1.2.8

Update Type:
Patch

Package:
css-loader

Ecosystem:
npm

Version Change:
2.1.1 → 7.1.2

Update Type:
Major

Package:
webpack-cli

Ecosystem:
npm

Version Change:
3.3.0 → 3.3.12

Update Type:
Patch

Package:
loader-utils

Ecosystem:
npm

Version Change:
1.2.3 → 1.4.2

Update Type:
Minor

Package:
json5

Ecosystem:
npm

Version Change:
2.1.0 → 2.2.3

Update Type:
Minor

Package:
node-fetch

Ecosystem:
npm

Version Change:
1.7.3 → 2.7.0

Update Type:
Major

Package:
fsevents

Ecosystem:
npm

Version Change:
1.2.7 → 1.2.13

Update Type:
Patch

Package:
mkdirp

Ecosystem:
npm

Version Change:
0.5.1 → 0.5.6

Update Type:
Patch

Package:
yargs-parser

Ecosystem:
npm

Version Change:
11.1.1 → 13.1.2

Update Type:
Major

Package:
isomorphic-fetch

Ecosystem:
npm

Version Change:
2.2.1 → 3.0.0

Update Type:
Major

Package:
cipher-base

Ecosystem:
npm

Version Change:
1.0.4 → 1.0.6

Update Type:
Patch

Security Advisories

Prototype Pollution in minimist

GHSA-xvch-5gv4-984h CVE-2021-44906 CRITICAL

Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file `index.js`, function `setKey()` (lines 69-95).

Actions

View on GitHub View Repository All Dependabot PRs

Technical Details

ID:	`5624660`
UUID:	`2765086367`
Node ID:	`PR_kwDOPfEVmM6kz96f`
Host:	GitHub
Repository:	YY-Nexus/GolangChessAI
Merge State:	Unknown