Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 2 directories with 5 updates #267

Closed
wants to merge 3 commits into from
Closed

Bump the npm_and_yarn group across 2 directories with 5 updates #267

wants to merge 3 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 23, 2025
edited
Loading

Bumps the npm_and_yarn group with 3 updates in the / directory: axios, next and @openzeppelin/contracts.
Bumps the npm_and_yarn group with 1 update in the /packages/website directory: next.

Updates axios from 1.7.7 to 1.7.8

Release notes

Sourced from axios's releases.

Release v1.7.8

Release notes:

Bug Fixes

  • allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
  • core: fixed config merging bug (#6668) (5d99fe4)
  • fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
  • http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
  • http: fixed proxy-from-env module import (#5222) (12b3295)
  • http: use globalThis.TextEncoder when available (#6634) (df956d1)
  • ios11 breaks when build (#6608) (7638952)
  • types: add missing types for mergeConfig function (#6590) (00de614)
  • types: export CJS types from ESM (#6218) (c71811b)
  • updated stream aborted error message to be more clear (#6615) (cc3217a)
  • use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

Changelog

Sourced from axios's changelog.

1.7.8 (2024-11-25)

Bug Fixes

  • allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
  • core: fixed config merging bug (#6668) (5d99fe4)
  • fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
  • http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
  • http: fixed proxy-from-env module import (#5222) (12b3295)
  • http: use globalThis.TextEncoder when available (#6634) (df956d1)
  • ios11 breaks when build (#6608) (7638952)
  • types: add missing types for mergeConfig function (#6590) (00de614)
  • types: export CJS types from ESM (#6218) (c71811b)
  • updated stream aborted error message to be more clear (#6615) (cc3217a)
  • use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

Commits
  • 415ca94 chore(release): v1.7.8 (#6715)
  • 0a8d6e1 fix: use URL API instead of DOM to fix a potential vulnerability warning; (#6...
  • c71811b fix(types): export CJS types from ESM (#6218)
  • 4355a6d chore(sponsor): update sponsor block (#6709)
  • 5d54d22 chore(sponsor): update sponsor block (#6707)
  • eac4619 fix: allow passing a callback as paramsSerializer to buildURL (#6680)
  • df956d1 fix(http): use globalThis.TextEncoder when available (#6634)
  • 7139ce9 chore(deps): bump cookie and socket.io (#6704)
  • 5ebb124 chore(deps-dev): bump elliptic from 6.5.4 to 6.6.0 (#6698)
  • 4e9b33d chore(deps): bump send and express (#6699)
  • Additional commits viewable in compare view

Updates next from 14.2.23 to 15.1.6

Release notes

Sourced from next's releases.

v15.1.6

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: don't memory-leak promises passed to waitUntil (#75041)
  • backport: fix prerender issue with intercepting routes + generateStaticParams (#75170)

Credits

Huge thanks to @​lubieowoce and @​ztanner for helping!

v15.1.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Fix missing revalidate with notFound() (#75009)
  • fix: when metadatabase is set we should not warn (#74840)
  • Fix @​vercel/og license SPDX expression (#74745)
  • fix: ts language server rule metadata should allow null (#74704)
  • fix: eslint rule of using img in metadata routes (#74864)
  • Fix presentation when onerror receives an event without error (#74643)
  • fix fetch lock not being consistently released #74623 (#75028)

Credits

Huge thanks to @​ijjk, @​huozhi, @​matmannion and @​ztanner for helping!

v15.1.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • backport: force module format for virtual client-proxy (#74608)
  • Fix prerender tags when notFound is called (#74607)
  • Use provided waitUntil for pending revalidates (#74604)
  • Feature: next/image: add support for images.qualities in next.config (#74588)
  • Chore: docs: add missing search: '' on remotePatterns (#74587)
  • Chore: docs: update version history of next/image (#73923) (#74570)
  • Chore: next/image: improve imgopt api bypass detection for unsupported images (#74569)

Credits

Huge thanks to @ and @ for helping!

... (truncated)

Commits

Updates @openzeppelin/contracts from 5.0.2 to 5.1.0

Release notes

Sourced from @​openzeppelin/contracts's releases.

v5.1.0

Breaking changes

  • ERC1967Utils: Removed duplicate declaration of the Upgraded, AdminChanged and BeaconUpgraded events. These events are still available through the IERC1967 interface located under the contracts/interfaces/ directory. Minimum pragma version is now 0.8.21.
  • Governor, GovernorCountingSimple: The _countVote virtual function now returns an uint256 with the total votes casted. This change allows for more flexibility for partial and fractional voting. Upgrading users may get a compilation error that can be fixed by adding a return statement to the _countVote function.

Custom error changes

This version comes with changes to the custom error identifiers. Contracts previously depending on the following errors should be replaced accordingly:

  • Replace Address.FailedInnerCall with Errors.FailedCall
  • Replace Address.AddressInsufficientBalance with Errors.InsufficientBalance
  • Replace Clones.Create2InsufficientBalance with Errors.InsufficientBalance
  • Replace Clones.ERC1167FailedCreateClone with Errors.FailedDeployment
  • Replace Clones.Create2FailedDeployment with Errors.FailedDeployment
  • SafeERC20: Replace Address.AddressEmptyCode with SafeERC20FailedOperation if there is no code at the token's address.
  • SafeERC20: Replace generic Error(string) with SafeERC20FailedOperation if the returned data can't be decoded as bool.
  • SafeERC20: Replace generic SafeERC20FailedOperation with the revert message from the contract call if it fails.

Changes by category

General

  • AccessManager, VestingWallet, TimelockController and ERC2771Forwarder: Added a public initializer function in their corresponding upgradeable variants. (#5008)

Access

  • AccessControlEnumerable: Add a getRoleMembers method to return all accounts that have role. (#4546)
  • AccessManager: Allow the onlyAuthorized modifier to restrict functions added to the manager. (#5014)

Finance

  • VestingWalletCliff: Add an extension of the VestingWallet contract with an added cliff. (#4870)

Governance

  • GovernorCountingFractional: Add a governor counting module that allows distributing voting power amongst 3 options (For, Against, Abstain). (#5045)
  • Votes: Set _moveDelegateVotes visibility to internal instead of private. (#5007)

Proxy

  • Clones: Add version of clone and cloneDeterministic that support sending value at creation. (#4936)
  • TransparentUpgradeableProxy: Make internal _proxyAdmin() getter have view visibility. (#4688)
  • ProxyAdmin: Fixed documentation for UPGRADE_INTERFACE_VERSION getter. (#5031)

Tokens

  • ERC1363: Add implementation of the token payable standard allowing execution of contract code after transfers and approvals. (#4631)
  • ERC20TemporaryApproval: Add an ERC-20 extension that implements temporary approval using transient storage, based on ERC7674 (draft). (#5071)
  • SafeERC20: Add "relaxed" function for interacting with ERC-1363 functions in a way that is compatible with EOAs. (#4631)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

5.1.0 (2024-10-17)

Breaking changes

  • ERC1967Utils: Removed duplicate declaration of the Upgraded, AdminChanged and BeaconUpgraded events. These events are still available through the IERC1967 interface located under the contracts/interfaces/ directory. Minimum pragma version is now 0.8.21.
  • Governor, GovernorCountingSimple: The _countVote virtual function now returns an uint256 with the total votes casted. This change allows for more flexibility for partial and fractional voting. Upgrading users may get a compilation error that can be fixed by adding a return statement to the _countVote function.

Custom error changes

This version comes with changes to the custom error identifiers. Contracts previously depending on the following errors should be replaced accordingly:

  • Replace Address.FailedInnerCall with Errors.FailedCall
  • Replace Address.AddressInsufficientBalance with Errors.InsufficientBalance
  • Replace Clones.Create2InsufficientBalance with Errors.InsufficientBalance
  • Replace Clones.ERC1167FailedCreateClone with Errors.FailedDeployment
  • Replace Clones.Create2FailedDeployment with Errors.FailedDeployment
  • SafeERC20: Replace Address.AddressEmptyCode with SafeERC20FailedOperation if there is no code at the token's address.
  • SafeERC20: Replace generic Error(string) with SafeERC20FailedOperation if the returned data can't be decoded as bool.
  • SafeERC20: Replace generic SafeERC20FailedOperation with the revert message from the contract call if it fails.

Changes by category

General

  • AccessManager, VestingWallet, TimelockController and ERC2771Forwarder: Added a public initializer function in their corresponding upgradeable variants. (#5008)

Access

  • AccessControlEnumerable: Add a getRoleMembers method to return all accounts that have role. (#4546)
  • AccessManager: Allow the onlyAuthorized modifier to restrict functions added to the manager. (#5014)

Finance

  • VestingWalletCliff: Add an extension of the VestingWallet contract with an added cliff. (#4870)

Governance

  • GovernorCountingFractional: Add a governor counting module that allows distributing voting power amongst 3 options (For, Against, Abstain). (#5045)
  • Votes: Set _moveDelegateVotes visibility to internal instead of private. (#5007)

Proxy

  • Clones: Add version of clone and cloneDeterministic that support sending value at creation. (#4936)
  • TransparentUpgradeableProxy: Make internal _proxyAdmin() getter have view visibility. (#4688)
  • ProxyAdmin: Fixed documentation for UPGRADE_INTERFACE_VERSION getter. (#5031)

Tokens

  • ERC1363: Add implementation of the token payable standard allowing execution of contract code after transfers and approvals. (#4631)
  • ERC20TemporaryApproval: Add an ERC-20 extension that implements temporary approval using transient storage, based on ERC7674 (draft). (#5071)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ernestognw, a new releaser for @​openzeppelin/contracts since your current version.


Updates rollup from 2.79.1 to 2.79.2

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

Changelog

Sourced from rollup's changelog.

2.79.2

2024-09-26

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

3.29.5

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

4.22.4

2024-09-21

Bug Fixes

  • Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

4.22.3

2024-09-21

Bug Fixes

  • Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

4.22.2

... (truncated)

Commits

Updates vite from 5.4.6 to 5.4.14

Release notes

Sourced from vite's releases.

v5.4.14

Please refer to CHANGELOG.md for details.

v5.4.13

Please refer to CHANGELOG.md for details.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.14 (2025-01-21)

5.4.13 (2025-01-20)

5.4.12 (2025-01-20)

  • fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
  • fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
  • fix: verify token for HMR WebSocket connection (b71a5c8)
  • chore: add deps update changelog (ecd2375)

5.4.11 (2024-11-11)

  • fix(deps): update dependencies of postcss-modules (ceb15db), closes #18617

5.4.10 (2024-10-23)

  • fix: backport #18367,augment hash for CSS files to prevent chromium erroring by loading previous fil (7d1a3bc), closes #18367 #18412

5.4.9 (2024-10-14)

5.4.8 (2024-09-25)

... (truncated)

Commits
  • e7eb3c5 release: v5.4.14
  • 7d1699c fix: allow CORS from loopback addresses by default (#19249)
  • 9df6e6b fix: preview.allowedHosts with specific values was not respected (#19246)
  • a1824c5 release: v5.4.13
  • 5946215 fix: try parse server.origin URL (#19241)
  • f428aa9 release: v5.4.12
  • 9da4abc fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
  • b71a5c8 fix: verify token for HMR WebSocket connection
  • dfea38f fix!: default server.cors: false to disallow fetching from untrusted origins
  • ecd2375 chore: add deps update changelog
  • Additional commits viewable in compare view

Updates next from 15.0.2 to 15.1.2

Release notes

Sourced from next's releases.

v15.1.6

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: don't memory-leak promises passed to waitUntil (#75041)
  • backport: fix prerender issue with intercepting routes + generateStaticParams (#75170)

Credits

Huge thanks to @​lubieowoce and @​ztanner for helping!

v15.1.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Fix missing revalidate with notFound() (#75009)
  • fix: when metadatabase is set we should not warn (#74840)
  • Fix @​vercel/og license SPDX expression (#74745)
  • fix: ts language server rule metadata should allow null (#74704)
  • fix: eslint rule of using img in metadata routes (#74864)
  • Fix presentation when onerror receives an event without error (#74643)
  • fix fetch lock not being consistently released #74623 (#75028)

Credits

Huge thanks to @​ijjk, @​huozhi, @​matmannion and @​ztanner for helping!

v15.1.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • backport: force module format for virtual client-proxy (#74608)
  • Fix prerender tags when notFound is called (#74607)
  • Use provided waitUntil for pending revalidates (#74604)
  • Feature: next/image: add support for images.qualities in next.config (#74588)
  • Chore: docs: add missing search: '' on remotePatterns (#74587)
  • Chore: docs: update version history of next/image (#73923) (#74570)
  • Chore: next/image: improve imgopt api bypass detection for unsupported images (#74569)

Credits

Huge thanks to @ and @ for helping!

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 23, 2025
@vercel Vercel
Copy link

vercel bot commented Jan 23, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
foil-app ❌ Failed (Inspect) Jan 31, 2025 11:48pm
foil-docs ❌ Failed (Inspect) Jan 31, 2025 11:48pm
foil-website ❌ Failed (Inspect) Jan 31, 2025 11:48pm

@dependabot
Bump the npm_and_yarn group across 2 directories with 5 updates
73ec475 
Bumps the npm_and_yarn group with 3 updates in the / directory: [axios](https://github.com/axios/axios), [next](https://github.com/vercel/next.js) and [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts).
Bumps the npm_and_yarn group with 1 update in the /packages/website directory: [next](https://github.com/vercel/next.js).


Updates `axios` from 1.7.7 to 1.7.8
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.7.7...v1.7.8)

Updates `next` from 14.2.23 to 15.1.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.23...v15.1.6)

Updates `@openzeppelin/contracts` from 5.0.2 to 5.1.0
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v5.0.2...v5.1.0)

Updates `rollup` from 2.79.1 to 2.79.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v2.79.1...v2.79.2)

Updates `vite` from 5.4.6 to 5.4.14
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.14/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.14/packages/vite)

Updates `next` from 15.0.2 to 15.1.2
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.23...v15.1.6)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@openzeppelin/contracts"
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-62bcd811fa branch from 1121f37 to 73ec475 Compare January 23, 2025 19:12
@noahlitvin
Copy link
Collaborator

I don't think the breaking changes in Next 15 are relevant to us? https://nextjs.org/blog/next-15

@noahlitvin noahlitvin closed this Feb 11, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 11, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-62bcd811fa branch February 11, 2025 22:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@noahlitvin