chore(deps): bump the npm_and_yarn group across 4 directories with 8 updates #2

dependabot · 2024-03-01T17:54:32Z

Bumps the npm_and_yarn group with 5 updates in the /test directory:

Package	From	To
express	`4.18.2`	`4.18.3`
nodemailer	`6.9.3`	`6.9.9`
sharp	`0.33.0`	`0.33.2`
svelte	`3.55.1`	`4.2.12`
undici	`5.20.0`	`5.28.3`
Bumps the npm_and_yarn group with 1 update in the /test/cli/install/migration/complex-workspace directory: sharp.
Bumps the npm_and_yarn group with 3 updates in the /test/cli/install/migration/contoso-test directory: express, follow-redirects and ip.
Bumps the npm_and_yarn group with 1 update in the /test/integration/next/default-pages-dir directory: postcss.

Updates express from 4.18.2 to 4.18.3

Release notes

Sourced from express's releases.

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

use random port in test so it won't fail on already listening by @rluvaton in expressjs/express#5162

tests: use cb() instead of done() by @kristof-low in expressjs/express#5233

examples: remove multipart example by @riddlew in expressjs/express#5195

Update support Node.js@18 in the CI by @UlisesGascon in expressjs/express#5490

Fix favicon-related bug in cookie-sessions example by @DmytroKondrashov in expressjs/express#5414

Release 4.18.3 by @UlisesGascon in expressjs/express#5505

New Contributors

@vcsjones made their first contribution in expressjs/express#5032

@abenhamdine made their first contribution in expressjs/express#5034

@armujahid made their first contribution in expressjs/express#5027

@raksbisht made their first contribution in expressjs/express#5124

@rluvaton made their first contribution in expressjs/express#5162

@kristof-low made their first contribution in expressjs/express#5233

@riddlew made their first contribution in expressjs/express#5195

@DmytroKondrashov made their first contribution in expressjs/express#5414

Full Changelog: expressjs/express@4.18.2...4.18.3

Changelog

Sourced from express's changelog.

4.18.3 / 2024-02-26

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Commits

1b51eda 4.18.3
b625132 build: pin Node 21.x to minor
e3eca80 build: pin Node 21.x to minor
23b44b3 build: support Node.js 21.6.2
b9fea12 build: support Node.js 21.x in appveyor
c259c34 build: support Node.js 21.x
fdeb1d3 build: support Node.js 20.x in appveyor
734b281 build: support Node.js 20.x
0e3ab6e examples: improve view count in cookie-sessions
59af63a build: Node.js@18.19
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates nodemailer from 6.9.3 to 6.9.9

Release notes

Sourced from nodemailer's releases.

v6.9.9

6.9.9 (2024-02-01)

Bug Fixes

security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)

tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)

v6.9.8

6.9.8 (2023-12-30)

Bug Fixes

punycode: do not use native punycode module (b4d0e0c)

v6.9.7

6.9.7 (2023-10-22)

Bug Fixes

customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)

v6.9.6

6.9.6 (2023-10-09)

Bug Fixes

inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)

tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)

v6.9.5

6.9.5 (2023-09-06)

Bug Fixes

license: Updated license year (da4744e)

Changelog

Sourced from nodemailer's changelog.

6.9.9 (2024-02-01)

Bug Fixes

security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)

tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)

6.9.8 (2023-12-30)

Bug Fixes

punycode: do not use native punycode module (b4d0e0c)

6.9.7 (2023-10-22)

Bug Fixes

customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)

6.9.6 (2023-10-09)

Bug Fixes

inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)

tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)

6.9.5 (2023-09-06)

Bug Fixes

license: Updated license year (da4744e)

6.9.4 2023-07-19

Renamed SendinBlue to Brevo

Commits

5a2e10f chore(master): release 6.9.9 [skip-ci] (#1606)
dd8f5e8 fix(security): Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eterna...
2c2b46a chore: do not use caret in version specifier
be45c1b fix(tests): Use native node test runner, added code coverage support, removed...
4233f6f chore(master): release 6.9.8 [skip-ci] (#1605)
09d502f chore: removed double file
b4d0e0c fix(punycode): do not use native punycode module
8376c02 Test new github notice syntax for README
bc46a3b Updated stale github action
78bdaf8 chore: remove redundant AWS SDK for JavaScript v2 (#1593)
Additional commits viewable in compare view

Updates sharp from 0.33.0 to 0.33.2

Changelog

Sourced from sharp's changelog.

v0.33.2 - 12th January 2024

Upgrade to libvips v8.15.1 for upstream bug fixes.

TypeScript: add definition for keepMetadata. #3914 @abhi0498

Ensure extend operation stays sequential when copying (regression in 0.32.0). #3928

Improve error handling for unsupported multi-page rotation. #3940

v0.33.1 - 17th December 2023

Add support for Yarn Plug'n'Play filesystem layout. #3888

Emit warning when attempting to use invalid ICC profiles. #3895

Ensure VIPS_NOVECTOR environment variable is respected. #3897 @icetee

Commits

bcb22af Release v0.33.2
d04dc62 Prerelease v0.33.2-rc.1
c30d355 CI: Fix npm smoke test expectation
49cb148 Prerelease v0.33.2-rc.0
3bc31a8 CI: Verify emscripten versions match
c28523e CI: Update Emscripten Docker image to 3.1.51 (#3907)
278f393 Upgrade to libvips v8.15.1
cbf68c1 Improve error for unsupported multi-page rotation #3940
45e8071 Add runtime check for outdated Node.js version
b96389d Docs: refresh index
Additional commits viewable in compare view

Updates svelte from 3.55.1 to 4.2.12

Release notes

Sourced from svelte's releases.

svelte@4.2.12

Patch Changes

fix: properly update svelte:component props when there are spread props (#10604)

svelte@4.2.11

Patch Changes

fix: check that component wasn't instantiated in connectedCallback (#10466)

svelte@4.2.10

Patch Changes

fix: add scrollend event type (#10336)

fix: add fetchpriority attribute type (#10390)

fix: Add miter-clip and arcs to stroke-linejoin attribute (#10377)

fix: make inline doc links valid (#10366)

svelte@4.2.9

Patch Changes

fix: add types for popover attributes and events (#10042)

fix: add gamepadconnected and gamepaddisconnected events (#9864)

fix: make @types/estree a dependency (#10149)

fix: bump axobject-query (#10167)

svelte@4.2.8

Patch Changes

fix: port over props that were set prior to initialization (#9701)

svelte@4.2.7

Patch Changes

fix: handle spreads within static strings (#9554)

svelte@4.2.6

Patch Changes

fix: adjust static attribute regex (#9551)

svelte@4.2.5

Patch Changes

... (truncated)

Changelog

Sourced from svelte's changelog.

4.2.12

Patch Changes

fix: properly update svelte:component props when there are spread props (#10604)

4.2.11

Patch Changes

fix: check that component wasn't instantiated in connectedCallback (#10466)

4.2.10

Patch Changes

fix: add scrollend event type (#10336)

fix: add fetchpriority attribute type (#10390)

fix: Add miter-clip and arcs to stroke-linejoin attribute (#10377)

fix: make inline doc links valid (#10366)

4.2.9

Patch Changes

fix: add types for popover attributes and events (#10042)

fix: add gamepadconnected and gamepaddisconnected events (#9864)

fix: make @types/estree a dependency (#10149)

fix: bump axobject-query (#10167)

4.2.8

Patch Changes

fix: port over props that were set prior to initialization (#9701)

4.2.7

Patch Changes

fix: handle spreads within static strings (#9554)

4.2.6

... (truncated)

Commits

b14eaba Version Packages (#10607)
055e7a8 fix: properly update svelte:component props when there are spread props (#1...
fb14a04 Version Packages (#10489)
a41bdb6 fix: check that component wasn't instantiated (#10466)
d5e4607 Version Packages (#10340)
2d7884a fix: add fetchpriority to script and link tags (#10403)
c15e021 fix: add fetchpriority to image attrs (#10390)
f834b6e fix: Add miter-clip and arcs to stroke-linejoin attribute (#10377)
2cc2510 fix: make inline doc links valid (#10366)
f2c2490 fix: add scrollend event type (#10336)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by svelte-admin, a new releaser for svelte since your current version.

Updates undici from 5.20.0 to 5.28.3

Release notes

Sourced from undici's releases.

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

New Contributors

@bugb made their first contribution in nodejs/undici#2470

@gebsh made their first contribution in nodejs/undici#2455

@ToshB made their first contribution in nodejs/undici#2477

@MzUgM made their first contribution in nodejs/undici#2478

@matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

perf: Improve normalizeMethod by @tsctx in nodejs/undici#2456

fix: dispatch error handling by @ronag in nodejs/undici#2459

perf(request): optimize if headers are given by @tsctx in nodejs/undici#2454

Full Changelog: nodejs/undici@v5.28.0...v5.28.1

v5.28.0

What's Changed

fix(parseHeaders): util.parseHeaders handle correctly array of buffer… by @mdoria12 in nodejs/undici#2398

... (truncated)

Commits

e71cb4c Bumped v5.28.3
20c65b8 Fix tests for Node.js v20.11.0 (#2618)
8ec52cd Fix tests for Node.js v21 (#2609)
d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
9a14e5f Bumped v5.28.2
fcdfe87 build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#2302)
169c157 build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)
9788177 build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 (#2392)
1f6d159 build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 (#2395)
a393a86 build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#2396)
Additional commits viewable in compare view

Updates sharp from 0.32.6 to 0.33.2

Changelog

Sourced from sharp's changelog.

v0.33.2 - 12th January 2024

Upgrade to libvips v8.15.1 for upstream bug fixes.

TypeScript: add definition for keepMetadata. #3914 @abhi0498

Ensure extend operation stays sequential when copying (regression in 0.32.0). #3928

Improve error handling for unsupported multi-page rotation. #3940

v0.33.1 - 17th December 2023

Add support for Yarn Plug'n'Play filesystem layout. #3888

Emit warning when attempting to use invalid ICC profiles. #3895

Ensure VIPS_NOVECTOR environment variable is respected. #3897 @icetee

Commits

bcb22af Release v0.33.2
d04dc62 Prerelease v0.33.2-rc.1
c30d355 CI: Fix npm smoke test expectation
49cb148 Prerelease v0.33.2-rc.0
3bc31a8 CI: Verify emscripten versions match
c28523e CI: Update Emscripten Docker image to 3.1.51 (#3907)
278f393 Upgrade to libvips v8.15.1
cbf68c1 Improve error for unsupported multi-page rotation #3940
45e8071 Add runtime check for outdated Node.js version
b96389d Docs: refresh index
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.18.3

Release notes

Sourced from express's releases.

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

use random port in test so it won't fail on already listening by @rluvaton in expressjs/express#5162

tests: use cb() instead of done() by @kristof-low in expressjs/express#5233

examples: remove multipart example by @riddlew in expressjs/express#5195

Update support Node.js@18 in the CI by @UlisesGascon in expressjs/express#5490

Fix favicon-related bug in cookie-sessions example by @DmytroKondrashov in expressjs/express#5414

Release 4.18.3 by @UlisesGascon in expressjs/express#5505

New Contributors

@vcsjones made their first contribution in expressjs/express#5032

@abenhamdine made their first contribution in expressjs/express#5034

@armujahid made their first contribution in expressjs/express#5027

@raksbisht made their first contribution in expressjs/express#5124

@rluvaton made their first contribution in expressjs/express#5162

@kristof-low made their first contribution in expressjs/express#5233

@riddlew made their first contribution in expressjs/express#5195

@DmytroKondrashov made their first contribution in expressjs/express#5414

Full Changelog: expressjs/express@4.18.2...4.18.3

Changelog

Sourced from express's changelog.

4.18.3 / 2024-02-26

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Commits

1b51eda 4.18.3
b625132 build: pin Node 21.x to minor
e3eca80 build: pin Node 21.x to minor
23b44b3 build: support Node.js 21.6.2
b9fea12 build: support Node.js 21.x in appveyor
c259c34 build: support Node.js 21.x
fdeb1d3 build: support Node.js 20.x in appveyor
734b281 build: support Node.js 20.x
0e3ab6e examples: improve view count in cookie-sessions
59af63a build: Node.js@18.19
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates follow-redirects from 1.15.3 to 1.15.5

Commits

b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
3d42aec Add bracket tests.
bcbb096 Do not directly set Error properties.
See full diff in compare view

Updates ip from 2.0.0 to 2.0.1

Commits

3b0994a 2.0.1
32f468f lib: fixed CVE-2023-42282 and added unit test
See full diff in compare view

Updates postcss from 8.4.30 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

Changelog

Sourced from postcss's changelog.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

Commits

90208de Release 8.4.31 version
58cc860 Fix carrier return parsing
4fff8e4 Improve pnpm test output
cd43ed1 Update dependencies
caa916b Update dependencies
8972f76 Typo
11a5286 Typo
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 5 updates in the /test directory: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.18.3` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `6.9.3` | `6.9.9` | | [sharp](https://github.com/lovell/sharp) | `0.33.0` | `0.33.2` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `3.55.1` | `4.2.12` | | [undici](https://github.com/nodejs/undici) | `5.20.0` | `5.28.3` | Bumps the npm_and_yarn group with 1 update in the /test/cli/install/migration/complex-workspace directory: [sharp](https://github.com/lovell/sharp). Bumps the npm_and_yarn group with 3 updates in the /test/cli/install/migration/contoso-test directory: [express](https://github.com/expressjs/express), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [ip](https://github.com/indutny/node-ip). Bumps the npm_and_yarn group with 1 update in the /test/integration/next/default-pages-dir directory: [postcss](https://github.com/postcss/postcss). Updates `express` from 4.18.2 to 4.18.3 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.18.3) Updates `nodemailer` from 6.9.3 to 6.9.9 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v6.9.3...v6.9.9) Updates `sharp` from 0.33.0 to 0.33.2 - [Release notes](https://github.com/lovell/sharp/releases) - [Changelog](https://github.com/lovell/sharp/blob/main/docs/changelog.md) - [Commits](lovell/sharp@v0.33.0...v0.33.2) Updates `svelte` from 3.55.1 to 4.2.12 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/svelte@4.2.12/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@4.2.12/packages/svelte) Updates `undici` from 5.20.0 to 5.28.3 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.20.0...v5.28.3) Updates `sharp` from 0.32.6 to 0.33.2 - [Release notes](https://github.com/lovell/sharp/releases) - [Changelog](https://github.com/lovell/sharp/blob/main/docs/changelog.md) - [Commits](lovell/sharp@v0.33.0...v0.33.2) Updates `express` from 4.18.2 to 4.18.3 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.18.3) Updates `follow-redirects` from 1.15.3 to 1.15.5 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.3...v1.15.5) Updates `ip` from 2.0.0 to 2.0.1 - [Commits](indutny/node-ip@v2.0.0...v2.0.1) Updates `postcss` from 8.4.30 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.30...8.4.31) --- updated-dependencies: - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: nodemailer dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: sharp dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: svelte dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: undici dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: sharp dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: direct:production dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 1, 2024

dependabot bot mentioned this pull request Mar 1, 2024

chore(deps): bump the npm_and_yarn group across 4 directories with 7 updates #1

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 4 directories with 8 updates #2

chore(deps): bump the npm_and_yarn group across 4 directories with 8 updates #2

dependabot bot commented on behalf of github Mar 1, 2024

chore(deps): bump the npm_and_yarn group across 4 directories with 8 updates #2

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 4 directories with 8 updates #2

Conversation

dependabot bot commented on behalf of github Mar 1, 2024

4.18.3

Main Changes

Other Changes

New Contributors

4.18.3 / 2024-02-26

v6.9.9

6.9.9 (2024-02-01)

Bug Fixes

v6.9.8

6.9.8 (2023-12-30)

Bug Fixes

v6.9.7

6.9.7 (2023-10-22)

Bug Fixes

v6.9.6

6.9.6 (2023-10-09)

Bug Fixes

v6.9.5

6.9.5 (2023-09-06)

Bug Fixes

6.9.9 (2024-02-01)

Bug Fixes

6.9.8 (2023-12-30)

Bug Fixes

6.9.7 (2023-10-22)

Bug Fixes

6.9.6 (2023-10-09)

Bug Fixes

6.9.5 (2023-09-06)

Bug Fixes

6.9.4 2023-07-19

v0.33.2 - 12th January 2024

v0.33.1 - 17th December 2023

svelte@4.2.12

Patch Changes

svelte@4.2.11

Patch Changes

svelte@4.2.10

Patch Changes

svelte@4.2.9

Patch Changes

svelte@4.2.8

Patch Changes

svelte@4.2.7

Patch Changes

svelte@4.2.6

Patch Changes

svelte@4.2.5

Patch Changes

4.2.12

Patch Changes

4.2.11

Patch Changes

4.2.10

Patch Changes

4.2.9

Patch Changes

4.2.8

Patch Changes

4.2.7

Patch Changes

4.2.6

v5.28.3

⚠️ Security Release ⚠️

v5.28.2

What's Changed

New Contributors

v5.28.1

What's Changed

v5.28.0

What's Changed

v0.33.2 - 12th January 2024

v0.33.1 - 17th December 2023

4.18.3

Main Changes