Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

build(deps): bump the npm_and_yarn group across 2 directories with 41 updates

Open
Number: #1
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 1
Created: July 15, 2024 at 08:52 PM UTC
(almost 2 years ago)
Updated: April 13, 2026 at 02:18 AM UTC
(2 months ago)
Labels:
dependencies stale
Description:

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package From To
gatsby 2.0.91 4.25.7
gatsby-plugin-sharp 2.0.17 4.25.1
gatsby-transformer-remark 2.2.0 5.25.1
chownr 1.1.1 1.1.4
decode-uri-component 0.2.0 0.2.2
es5-ext 0.10.47 0.10.64
follow-redirects 1.6.1 1.15.6
fsevents 1.2.6 1.2.13
handlebars 4.1.0 4.7.8
qs 6.5.2 6.5.3
simple-get 2.8.1 2.8.2
trim-off-newlines 1.0.1 1.0.3
ws 5.2.2 5.2.4

Bumps the npm_and_yarn group with 6 updates in the /.github/action/result-poster directory:

Package From To
braces 2.3.2 3.0.3
@semantic-release/github 5.2.10 5.5.8
chownr 1.0.1 removed
@semantic-release/npm 5.1.4 5.3.5
got 6.7.1 removed
semantic-release 15.13.3 24.0.0

Updates gatsby from 2.0.91 to 4.25.7

Release notes

Sourced from gatsby's releases.

v4.24

Welcome to gatsby@4.24.0 release (September 2022 #2)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.23

Welcome to gatsby@4.23.0 release (September 2022 #1)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.22

Welcome to gatsby@4.22.0 release (August 2022 #3)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.21

Welcome to gatsby@4.21.0 release (August 2022 #2)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

... (truncated)

Commits
  • db5eb18 chore(release): Publish
  • fc22f4b fix(gatsby): don't serve codeframes for files outside of compilation (#38059)...
  • 8889bfe chore(release): Publish
  • d3d5fd0 fix(gatsby-source-wordpress): prevent inconsistent schema customization (#377...
  • 5bdef4a fix(gatsby): don't block event loop during inference (#37780) (#37801)
  • 50e3f94 chore(release): Publish
  • 3f8477d chore: Update get-unowned-packages script to use npm 9 syntax
  • dcf88ed fix(gatsby-plugin-sharp): don't serve static assets that are not result of cu...
  • 3be4a80 chore(release): Publish
  • 98c4d27 feat(gatsby): add initial webhook body env var to bootstrap context (#37478) ...
  • Additional commits viewable in compare view

Updates gatsby-plugin-sharp from 2.0.17 to 4.25.1

Release notes

Sourced from gatsby-plugin-sharp's releases.

v4.24

Welcome to gatsby@4.24.0 release (September 2022 #2)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.23

Welcome to gatsby@4.23.0 release (September 2022 #1)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.22

Welcome to gatsby@4.22.0 release (August 2022 #3)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.21

Welcome to gatsby@4.21.0 release (August 2022 #2)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

... (truncated)

Changelog

Sourced from gatsby-plugin-sharp's changelog.

Changelog: gatsby-plugin-sharp

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

5.13.1 (2024-01-23)

Note: Version bump only for package gatsby-plugin-sharp

5.13.0 (2023-12-18)

🧾 Release notes

Chores

5.12.3 (2023-10-26)

Note: Version bump only for package gatsby-plugin-sharp

5.12.2 (2023-10-20)

Note: Version bump only for package gatsby-plugin-sharp

5.12.1 (2023-10-09)

Chores

5.12.0 (2023-08-24)

🧾 Release notes

Bug Fixes

5.11.0 (2023-06-15)

🧾 Release notes

Chores

5.10.0 (2023-05-16)

🧾 Release notes

... (truncated)

Commits

Updates gatsby-transformer-remark from 2.2.0 to 5.25.1

Release notes

Sourced from gatsby-transformer-remark's releases.

v5.13.0

Welcome to gatsby@5.13.0 release (December 2023 #1)

Key highlight of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

v5.12.0

Welcome to gatsby@5.12.0 release (August 2023 #1)

Key highlight of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

v5.11.0

Welcome to gatsby@5.11.0 release (June 2023 #1)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v5.10.0

Welcome to gatsby@5.10.0 release (May 2023 #1)

This release focused on bug fixes and perf improvements. Check out notable bugfixes and improvements.

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v5.9.0

Welcome to gatsby@5.9.0 release (April 2023 #1)

... (truncated)

Changelog

Sourced from gatsby-transformer-remark's changelog.

Changelog: gatsby-transformer-remark

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

6.13.1 (2024-01-23)

Note: Version bump only for package gatsby-transformer-remark

6.13.0 (2023-12-18)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.12.3 (2023-10-26)

Note: Version bump only for package gatsby-transformer-remark

6.12.2 (2023-10-20)

Note: Version bump only for package gatsby-transformer-remark

6.12.1 (2023-10-09)

Note: Version bump only for package gatsby-transformer-remark

6.12.0 (2023-08-24)

🧾 Release notes

Bug Fixes

  • update dependency sanitize-html to ^2.11.0 for gatsby-transformer-remark #38315 (87a3412)

6.11.0 (2023-06-15)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.10.0 (2023-05-16)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.9.0 (2023-04-18)

🧾 Release notes

... (truncated)

Commits

Updates @babel/traverse from 7.2.3 to 7.24.8

Release notes

Sourced from @​babel/traverse's releases.

v7.24.8 (2024-07-11)

Thanks @​H0onnn, @​jkup and @​SreeXD for your first pull requests!

:eyeglasses: Spec Compliance

:bug: Bug Fix

:nail_care: Polish

Committers: 9

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.8 (2024-07-11)

:eyeglasses: Spec Compliance

:bug: Bug Fix

:nail_care: Polish

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

v7.24.6 (2024-05-24)

:bug: Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
    • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
  • babel-parser, babel-plugin-transform-typescript

... (truncated)

Commits

Updates ansi-html from 0.0.7 to 0.0.9

Commits

Updates chownr from 1.1.1 to 1.1.4

Commits

Updates cross-fetch from 2.2.2 to 3.1.8

Release notes

Sourced from cross-fetch's releases.

v3.1.8

What's Changed

  • Restored caret range to node-fetch version for automatic feature and fix updates.

Full Changelog: https://github.com/lquixada/cross-fetch/compare/v3.1.7...v3.1.8

v3.1.7

What's Changed

  • Updated node-fetch version to 2.6.12

Full Changelog: https://github.com/lquixada/cross-fetch/compare/v3.1.6...v3.1.7

v3.1.6

What's Changed

  • Updated node-fetch version to 2.6.11
  • Added caret range to node-fetch version for automatic feature and fix updates.

Full Changelog: https://github.com/lquixada/cross-fetch/compare/v3.1.5...v3.1.6

v3.1.5

What's Changed

New Contributors

Full Changelog: https://github.com/lquixada/cross-fetch/compare/v3.1.4...v3.1.5

v3.1.4

🐞 fixed typescript errors.

v3.1.3

🐞 fixed typescript compilation error causing #95, #101, #102.

v3.1.2

🐞 added missing Headers interface augmentation from lib.dom.iterable.d.ts (#97)

v3.1.1

🐞 fixed missing fetch api types from constructor signatures #96 (thanks @​jstewmon)

v3.1.0

⚡️ improved TypeScript support with own fetch API type definitions (thanks @​jstewmon) ⚡️ set fetch.ponyfill to true when custom ponyfill implementation is used. 💡 set the same fetch API test suite to run against node-fetch, whatwg-fetch and native fetch.

v3.0.6

⚡️ updated node-fetch to 2.6.1

... (truncated)

Changelog

Sourced from cross-fetch's changelog.

3.1.8 (2023-07-02)

Bug Fixes

  • restored caret on node-fetch version (6669927)

3.1.7 (2023-07-01)

3.1.6 (2023-05-14)

Features

  • allowed minor and patch update of node-fetch (#132) (425395b), closes #129

Bug Fixes

  • fixed ESTree.StaticBlock error (a66f21b)
Commits
  • 0922089 chore(release): 3.1.8
  • 6669927 fix: restored caret on node-fetch version
  • ff14bdd chore: improved release script
  • d625e0d chore: release workflow now uses .nvmrc
  • 098ed1e chore: improved release workflow
  • cc2663b chore(release): 3.1.7
  • 7c1fdde chore: updated node-fetch to 2.6.12
  • e298dbb chore: reordered if statement
  • 81049e1 chore: removed github publish pipeline
  • a80be7c chore: removed console log from specs
  • Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

Updates engine.io from 3.3.2 to 6.2.1

Release notes

Sourced from engine.io's releases.

6.2.1

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

Please upgrade as soon as possible.

Bug Fixes

  • catch errors when destroying invalid upgrades (#658) (425e833)

6.2.0

Features

  • add the "maxPayload" field in the handshake details (088dcb4)

So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

Links

6.1.3

Bug Fixes

  • typings: allow CorsOptionsDelegate as cors options (#641) (a463d26)
  • uws: properly handle chunked content (#642) (3367440)

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.2.1 (2022-11-20)

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

Please upgrade as soon as possible.

Bug Fixes

  • catch errors when destroying invalid upgrades (#658) (425e833)

3.6.0 (2022-06-06)

Bug Fixes

Features

  • decrease the default value of maxHttpBufferSize (58e274c)

This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.

See also: https://github.com/advisories/GHSA-j4f2-536g-r55m

  • increase the default value of pingTimeout (f55a79a)

... (truncated)

Commits
  • 24b847b chore(release): 6.2.1
  • 425e833 fix: catch errors when destroying invalid upgrades (#658)
  • 99adb00 chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latenc...
  • d196f6a chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#660)
  • 7c1270f chore(deps): bump nanoid from 3.1.25 to 3.3.1 (#659)
  • 535a01d ci: add Node.js 18 in the test matrix
  • 1b71a6f docs: remove "Vanilla JS" highlight from README (#656)
  • 917d1d2 refactor: replace deprecated String.prototype.substr() (#646)
  • 020801a chore: add changelog for version 3.6.0
  • ed1d6f9 test: make test script work on Windows (#643)
  • Additional commits viewable in compare view

Updates es5-ext from 0.10.47 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

... (truncated)

Commits
  • f76b03d chore: Release v0.10.64
  • 2881acd chore: Bump dependencies
  • c2e2bb9 fix: Revert u...

    Description has been truncated

Package Dependencies
Package:
ws
Ecosystem:
npm
Version Change:
5.2.2 → 5.2.4
Update Type:
Patch
Package:
decode-uri-component
Ecosystem:
npm
Version Change:
0.2.0 → 0.2.2
Update Type:
Patch
Package:
es5-ext
Ecosystem:
npm
Version Change:
0.10.47 → 0.10.64
Update Type:
Patch
Package:
follow-redirects
Ecosystem:
npm
Version Change:
1.6.1 → 1.15.6
Update Type:
Minor
Package:
qs
Ecosystem:
npm
Version Change:
6.5.2 → 6.5.3
Update Type:
Patch
Package:
handlebars
Ecosystem:
npm
Version Change:
4.1.0 → 4.7.8
Update Type:
Minor
Package:
gatsby
Ecosystem:
npm
Version Change:
2.0.91 → 4.25.7
Update Type:
Major
Package:
fsevents
Ecosystem:
npm
Version Change:
1.2.6 → 1.2.13
Update Type:
Patch
Package:
trim-off-newlines
Ecosystem:
npm
Version Change:
1.0.1 → 1.0.3
Update Type:
Patch
Package:
gatsby-transformer-remark
Ecosystem:
npm
Version Change:
2.2.0 → 5.25.1
Update Type:
Major
Package:
simple-get
Ecosystem:
npm
Version Change:
2.8.1 → 2.8.2
Update Type:
Patch
Package:
chownr
Ecosystem:
npm
Version Change:
1.1.1 → 1.1.4
Update Type:
Patch
Package:
gatsby-plugin-sharp
Ecosystem:
npm
Version Change:
2.0.17 → 4.25.1
Update Type:
Major
Security Advisories
Resource exhaustion in engine.io
GHSA-j4f2-536g-r55m CVE-2020-36048 HIGH
Engine.IO before 4.0.0 and 3.6.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 15259471
UUID: 2409607955
Node ID: PR_kwDOCneph851bwla
Host: GitHub
Repository: lingnet/nodejs.dev