Bump the npm_and_yarn group across 1 directory with 4 updates #1

dependabot · 2024-10-04T08:01:17Z

Bumps the npm_and_yarn group with 4 updates in the /ui directory: @adobe/css-tools, follow-redirects, rollup and word-wrap.

Updates @adobe/css-tools from 4.2.0 to 4.4.0

Changelog

Sourced from @adobe/css-tools's changelog.

4.4.0 / 2024-06-05

add support for @starting-style #319

4.3.3 / 2024-01-24

Update export property #271

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

4.3.1 / 2023-03-14

Fix redos vulnerability with specific crafted css string - CVE-2023-26364

4.3.0 / 2023-03-07

Update build tools

Update exports path and files

Commits

See full diff in compare view

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates rollup from 2.79.1 to 2.79.2

Changelog

Sourced from rollup's changelog.

rollup changelog

4.24.0

2024-10-02

Features

Support preserving and transpiling JSX syntax (#5668)

Pull Requests

#5668: Introduce JSX support (@lukastaegert, @Martin-Idel, @felixhuttmann, @AlexDroll, @tiptr)

4.23.0

2024-10-01

Features

Collect all emitted names and originalFileNames for assets (#5686)

Pull Requests

#5686: Add names and originalFileNames to assets (@lukastaegert)

4.22.5

2024-09-27

Bug Fixes

Allow parsing of certain unicode characters again (#5674)

Pull Requests

#5674: Fix panic with unicode characters (@sapphi-red, @lukastaegert)

#5675: chore(deps): update dependency rollup to v4.22.4 [security] (@renovate[bot])

#5680: chore(deps): update dependency @rollup/plugin-commonjs to v28 (@renovate[bot], @lukastaegert)

#5681: chore(deps): update dependency @rollup/plugin-replace to v6 (@renovate[bot])

#5682: chore(deps): update dependency @rollup/plugin-typescript to v12 (@renovate[bot])

#5684: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

... (truncated)

Commits

c9bd03d 2.79.2
48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
See full diff in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

… name

There is now a configuration file for `yamllint` and a `pre-commit` hook. The most straightforward linting issues were fixed. The other ones are ignored and should be handled in the future.

Bumps the npm_and_yarn group with 4 updates in the /ui directory: [@adobe/css-tools](https://github.com/adobe/css-tools), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [rollup](https://github.com/rollup/rollup) and [word-wrap](https://github.com/jonschlinkert/word-wrap). Updates `@adobe/css-tools` from 4.2.0 to 4.4.0 - [Changelog](https://github.com/adobe/css-tools/blob/main/History.md) - [Commits](https://github.com/adobe/css-tools/commits) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `rollup` from 2.79.1 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.1...v2.79.2) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: "@adobe/css-tools" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-10-09T08:50:04Z

Looks like these dependencies are no longer updatable, so this is no longer needed.

marcus-oscarsson and others added 30 commits October 1, 2024 14:56

[Configuration] - Updated configuration files

2c2dce2

[TMP] - Temporary suppression of harmless error messages

47ac805

[TMP] - Temporarily disabling single cell rendering

76a8b04

[ID29 Task Dialog] - json-schema-form API change

cc94959

[SSO] Initial SSO work

19cc769

[Lint] - Removed outdated comment

fadbb33

[Centering] - Not triggering centering twice if in queue mode

6ef5bb2

[UserManager] - Cleaner log

c3e6116

Fixed incorrect function call/name

1e4ed72

[Login] - More informative error message when login fails

2701429

[Typo] - added missing quotes

592c736

[Queue Progress] - Fixed progress

b61b8ce

[SampleView] - Updating beam size correctly

8e70e99

[Harvester] - Fixed minor bugs

612cb4f

[Syntax] - Added missing ""

7fa1a27

[SampleList] - Making sure that there are no ":" left from the sample…

93c52dc

… name

[Lint] - Removed outdated comment

71c9b0d

[Centering] - Not triggering centering twice if in queue mode

2bd0b27

[pyproject.toml] - Added missing depdency authlib

17085e9

Minimal set of changes to use proposalTuple

35697b0

Removed commented changes

f0dc784

Remove spaces

b353cb0

Refactoring proposal_tuple

4dc0220

Refactoring

4fce4ef

Adding create_session

269e0a4

Added session creation

63d57ad

Refactoring and clean up of the code

335800d

Refactoring and clean up of the code

2f17c31

- Refactoring sessions

0a16f65

Refactoring sessions

25e2bf9

antolinos and others added 15 commits October 1, 2024 16:27

Simplify code

65d6f75

Fix some linting and removing loop

b61a8a4

Lint YAML files with yamllint

ac22b9a

There is now a configuration file for `yamllint` and a `pre-commit` hook. The most straightforward linting issues were fixed. The other ones are ignored and should be handled in the future.

[Snapshots] - New snapshot routine

56b9e01

[SSO] - Handling sso logout

f1f7f69

[LINT]

ff03944

[ICAT-SSO] - Only allow login from one proposal at a time

7169790

[TMP] - sendGetAttribute does not always return "safe json"

3d9740c

Re-generated poetry.lock

077f258

[ICAT] - Linted python files

9c870db

[YAML - Lint]

5b14052

[PyProject.toml] - Using mxcubecore from esrf-mxcubecore

12cff62

[TEST] - Disabled authn tests

f0c2468

[ICAT] - Lint

0871150

[PyProject.toml] Bumped mxcubecore

d1e23f2

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 4, 2024

marcus-oscarsson added 3 commits October 4, 2024 14:40

[DEP] - Bumped video streamer

1ba949e

[ICAT] - Removed empty table head

10d5e04

Bumped mxcubecore

92e0907

marcus-oscarsson force-pushed the esrf-develop branch from 0bc74e6 to 92e0907 Compare October 4, 2024 14:17

marcus-oscarsson and others added 3 commits October 4, 2024 16:35

[ICAT] - Updated E2E test

19551f5

Updated mxcubecore

1d25391

dependabot bot force-pushed the dependabot/npm_and_yarn/ui/npm_and_yarn-ec50d02f4b branch from 2774f01 to 2bc779e Compare October 4, 2024 14:40

marcus-oscarsson force-pushed the esrf-develop branch 3 times, most recently from 9119b59 to 2438131 Compare October 9, 2024 08:48

dependabot bot closed this Oct 9, 2024

dependabot bot deleted the dependabot/npm_and_yarn/ui/npm_and_yarn-ec50d02f4b branch October 9, 2024 08:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 4 updates #1

Bump the npm_and_yarn group across 1 directory with 4 updates #1

dependabot bot commented on behalf of github Oct 4, 2024 •

edited

Loading

dependabot bot commented on behalf of github Oct 9, 2024

Bump the npm_and_yarn group across 1 directory with 4 updates #1

Bump the npm_and_yarn group across 1 directory with 4 updates #1

Conversation

dependabot bot commented on behalf of github Oct 4, 2024 • edited Loading

4.4.0 / 2024-06-05

4.3.3 / 2024-01-24

4.3.2 / 2023-11-28

4.3.1 / 2023-03-14

4.3.0 / 2023-03-07

rollup changelog

4.24.0

Features

Pull Requests

4.23.0

Features

Pull Requests

4.22.5

Bug Fixes

Pull Requests

4.22.4

Bug Fixes

1.2.5

1.2.4

What's Changed

New Contributors

dependabot bot commented on behalf of github Oct 9, 2024

dependabot bot commented on behalf of github Oct 4, 2024 •

edited

Loading