Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump the npm-low-risk group with 6 updates #50

Merged
merged 1 commit into from
Oct 10, 2023
Merged

chore: bump the npm-low-risk group with 6 updates #50

merged 1 commit into from
Oct 10, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 10, 2023

Bumps the npm-low-risk group with 6 updates:

Package From To
@actions/core 1.10.0 1.10.1
@types/mocha 10.0.1 10.0.2
@vercel/ncc 0.36.1 0.38.0
chai 4.3.8 4.3.10
@types/chai 4.3.5 4.3.7
eslint 8.48.0 8.51.0

Updates @actions/core from 1.10.0 to 1.10.1

Changelog

Sourced from @​actions/core's changelog.

1.10.1

  • Fix error message reference in oidc utils #1511
Commits

Updates @types/mocha from 10.0.1 to 10.0.2

Commits

Updates @vercel/ncc from 0.36.1 to 0.38.0

Release notes

Sourced from @​vercel/ncc's releases.

0.38.0

0.38.0 (2023-09-06)

Features

0.37.0

0.37.0 (2023-09-06)

Features

  • add support for TypeScript 5.0's array extends in tsconfig (#1105) (f898f8e)
Commits
  • e2779f4 feat: Log minification error when --debug (#1102)
  • 4a9d97c chore(deps): Bump protobufjs from 6.11.3 to 6.11.4 (#1103)
  • ca70272 chore(deps): bump cookiejar from 2.1.2 to 2.1.4 (#1031)
  • c366ead chore(deps): Bump apollo-server-core from 2.22.1 to 2.26.2 (#1108)
  • f898f8e feat: add support for TypeScript 5.0's array extends in tsconfig (#1105)
  • 2a1437b chore(deps-dev): Bump mongoose from 5.13.15 to 5.13.20 (#1093)
  • 5556e86 chore(deps): Bump semver from 5.7.1 to 5.7.2 (#1089)
  • dae0b9b chore(deps): Bump dottie from 2.0.2 to 2.0.4 (#1081)
  • d748256 chore(deps-dev): Bump vm2 from 3.9.17 to 3.9.18 (#1071)
  • ee10b72 chore(deps-dev): Bump vm2 from 3.9.16 to 3.9.17 (#1064)
  • Additional commits viewable in compare view

Updates chai from 4.3.8 to 4.3.10

Release notes

Sourced from chai's releases.

v4.3.10

This release simply bumps all dependencies to their latest non-breaking versions.

What's Changed

Full Changelog: chaijs/chai@v4.3.9...v4.3.10

v4.3.9

Upgrade dependencies.

This release upgrades dependencies to address CVE-2023-43646 where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang.

Full Changelog: chaijs/chai@v4.3.8...v4.3.9

Commits

Updates @types/chai from 4.3.5 to 4.3.7

Commits

Updates eslint from 8.48.0 to 8.51.0

Release notes

Sourced from eslint's releases.

v8.51.0

Features

  • 0a9c433 feat: Add --no-warn-ignored CLI option for flat config (#17569) (Domantas Petrauskas)
  • 977e67e feat: logical-assignment-operators to report expressions with 3 operands (#17600) (Yosuke Ota)

Bug Fixes

  • f976b2f fix: make rule severity case-sensitive in flat config (#17619) (Milos Djermanovic)
  • 0edfe36 fix: Ensure crash error messages are not duplicated (#17584) (Nicholas C. Zakas)
  • dd79abc fix: eslint-disable to be able to parse quoted rule names (#17612) (Yosuke Ota)
  • d2f6801 fix: Ensure correct code path for && followed by ?? (#17618) (Nicholas C. Zakas)

Documentation

  • ee5be81 docs: default to sourceType: "module" in rule examples (#17615) (Francesco Trotta)
  • 1aa26df docs: Add more examples for multiline-ternary (#17610) (George Ashiotis)
  • 47d0b44 docs: Update README (GitHub Actions Bot)
  • dbf831e docs: use generated og image (#17601) (Percy Ma)
  • 1866da5 docs: Update README (GitHub Actions Bot)

Chores

  • 1ef39ea chore: upgrade @​eslint/js@​8.51.0 (#17624) (Milos Djermanovic)
  • f8c7403 chore: package.json update for @​eslint/js release (ESLint Jenkins)
  • 2665552 test: fix flat config linter tests to use Linter in flat config mode (#17616) (Milos Djermanovic)
  • 7b77bcc chore: Refactor CodePathState (#17510) (Nicholas C. Zakas)
  • bc77c9a chore: Document and refactor ForkContext (#17566) (Nicholas C. Zakas)
  • 24e1f14 chore: Refactor and document CodePath (#17558) (Nicholas C. Zakas)

v8.50.0

Features

  • 27d5a9e feat: add suggestions to array-callback-return (#17590) (Tanuj Kanti)
  • f9082ff feat: flat-rule-tester make sure default config always matches (#17585) (fnx)
  • 83914ad feat: Implement SourceCode#applyInlineConfig() (#17351) (Nicholas C. Zakas)
  • 22a5582 feat: add rule no-object-constructor, deprecate no-new-object (#17576) (Francesco Trotta)
  • 85a3d9e feat: allowVoid option in array-callback-return (#17564) (Tanuj Kanti)

Bug Fixes

  • cc4d26b fix: Ensure deprecated context.parserServices warns (#17593) (Nicholas C. Zakas)
  • 1ea4cfb fix: Ensure all RuleTester tests all deprecated context methods (#17587) (Nicholas C. Zakas)
  • aa1b657 fix: wrong suggestion and message in no-misleading-character-class (#17571) (Yosuke Ota)

Documentation

  • 1800537 docs: Fix and standardize JSX code examples (#17591) (Francesco Trotta)
  • 48a44a7 docs: Add correct/incorrect tags to prefer-arrow-callback (#17589) (Francesco Trotta)
  • 20893d4 docs: fix incorrect tag's place (#17575) (Tanuj Kanti)
  • bd7a71f docs: Update README (GitHub Actions Bot)

Chores

  • f8a8a2d chore: upgrade @​eslint/js@​8.50.0 (#17599) (Milos Djermanovic)
  • 38ada6d chore: package.json update for @​eslint/js release (ESLint Jenkins)

v8.49.0

... (truncated)

Changelog

Sourced from eslint's changelog.

v8.51.0 - October 6, 2023

  • 1ef39ea chore: upgrade @​eslint/js@​8.51.0 (#17624) (Milos Djermanovic)
  • f8c7403 chore: package.json update for @​eslint/js release (ESLint Jenkins)
  • f976b2f fix: make rule severity case-sensitive in flat config (#17619) (Milos Djermanovic)
  • 0edfe36 fix: Ensure crash error messages are not duplicated (#17584) (Nicholas C. Zakas)
  • ee5be81 docs: default to sourceType: "module" in rule examples (#17615) (Francesco Trotta)
  • dd79abc fix: eslint-disable to be able to parse quoted rule names (#17612) (Yosuke Ota)
  • d2f6801 fix: Ensure correct code path for && followed by ?? (#17618) (Nicholas C. Zakas)
  • 2665552 test: fix flat config linter tests to use Linter in flat config mode (#17616) (Milos Djermanovic)
  • 1aa26df docs: Add more examples for multiline-ternary (#17610) (George Ashiotis)
  • 47d0b44 docs: Update README (GitHub Actions Bot)
  • dbf831e docs: use generated og image (#17601) (Percy Ma)
  • 0a9c433 feat: Add --no-warn-ignored CLI option for flat config (#17569) (Domantas Petrauskas)
  • 1866da5 docs: Update README (GitHub Actions Bot)
  • 7b77bcc chore: Refactor CodePathState (#17510) (Nicholas C. Zakas)
  • 977e67e feat: logical-assignment-operators to report expressions with 3 operands (#17600) (Yosuke Ota)
  • bc77c9a chore: Document and refactor ForkContext (#17566) (Nicholas C. Zakas)
  • 24e1f14 chore: Refactor and document CodePath (#17558) (Nicholas C. Zakas)

v8.50.0 - September 22, 2023

  • f8a8a2d chore: upgrade @​eslint/js@​8.50.0 (#17599) (Milos Djermanovic)
  • 38ada6d chore: package.json update for @​eslint/js release (ESLint Jenkins)
  • 27d5a9e feat: add suggestions to array-callback-return (#17590) (Tanuj Kanti)
  • f9082ff feat: flat-rule-tester make sure default config always matches (#17585) (fnx)
  • 83914ad feat: Implement SourceCode#applyInlineConfig() (#17351) (Nicholas C. Zakas)
  • cc4d26b fix: Ensure deprecated context.parserServices warns (#17593) (Nicholas C. Zakas)
  • 1ea4cfb fix: Ensure all RuleTester tests all deprecated context methods (#17587) (Nicholas C. Zakas)
  • 1800537 docs: Fix and standardize JSX code examples (#17591) (Francesco Trotta)
  • 22a5582 feat: add rule no-object-constructor, deprecate no-new-object (#17576) (Francesco Trotta)
  • 48a44a7 docs: Add correct/incorrect tags to prefer-arrow-callback (#17589) (Francesco Trotta)
  • aa1b657 fix: wrong suggestion and message in no-misleading-character-class (#17571) (Yosuke Ota)
  • 20893d4 docs: fix incorrect tag's place (#17575) (Tanuj Kanti)
  • 85a3d9e feat: allowVoid option in array-callback-return (#17564) (Tanuj Kanti)
  • bd7a71f docs: Update README (GitHub Actions Bot)

v8.49.0 - September 8, 2023

  • b7621c3 chore: remove browser test from npm test (#17550) (Milos Djermanovic)
  • cac45d0 chore: upgrade @​eslint/js@​8.49.0 (#17549) (Milos Djermanovic)
  • cd39508 chore: package.json update for @​eslint/js release (ESLint Jenkins)
  • ecfb54f docs: Update README (GitHub Actions Bot)
  • da09f4e feat: Implement onUnreachableCodePathStart/End (#17511) (Nicholas C. Zakas)
  • de86b3b docs: update no-promise-executor-return examples (#17529) (Nitin Kumar)
  • 203a971 ci: bump actions/checkout from 3 to 4 (#17530) (dependabot[bot])
  • 32b2327 feat: Emit deprecation warnings in RuleTester (#17527) (Nicholas C. Zakas)
  • acb7df3 feat: add new enforce option to lines-between-class-members (#17462) (Nitin Kumar)
  • 032c4b1 docs: add typescript template (#17500) (James)
  • cd7da5c docs: Update README (GitHub Actions Bot)

... (truncated)

Commits
  • f079382 8.51.0
  • e8235e5 Build: changelog update for 8.51.0
  • 1ef39ea chore: upgrade @​eslint/js@​8.51.0 (#17624)
  • f8c7403 chore: package.json update for @​eslint/js release
  • f976b2f fix: make rule severity case-sensitive in flat config (#17619)
  • 0edfe36 fix: Ensure crash error messages are not duplicated (#17584)
  • ee5be81 docs: default to sourceType: "module" in rule examples (#17615)
  • dd79abc fix: eslint-disable to be able to parse quoted rule names (#17612)
  • d2f6801 fix: Ensure correct code path for && followed by ?? (#17618)
  • 2665552 test: fix flat config linter tests to use Linter in flat config mode (#17616)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the npm-low-risk group with 6 updates
9b15bbe 
Bumps the npm-low-risk group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.10.0` | `1.10.1` |
| [@types/mocha](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mocha) | `10.0.1` | `10.0.2` |
| [@vercel/ncc](https://github.com/vercel/ncc) | `0.36.1` | `0.38.0` |
| [chai](https://github.com/chaijs/chai) | `4.3.8` | `4.3.10` |
| [@types/chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chai) | `4.3.5` | `4.3.7` |
| [eslint](https://github.com/eslint/eslint) | `8.48.0` | `8.51.0` |


Updates `@actions/core` from 1.10.0 to 1.10.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@types/mocha` from 10.0.1 to 10.0.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/mocha)

Updates `@vercel/ncc` from 0.36.1 to 0.38.0
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](vercel/ncc@0.36.1...0.38.0)

Updates `chai` from 4.3.8 to 4.3.10
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/4.x.x/History.md)
- [Commits](chaijs/chai@v4.3.8...v4.3.10)

Updates `@types/chai` from 4.3.5 to 4.3.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chai)

Updates `eslint` from 8.48.0 to 8.51.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.48.0...v8.51.0)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: "@types/mocha"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: chai
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: "@types/chai"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner October 10, 2023 15:52
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 10, 2023
@Zidious Zidious merged commit 8676344 into main Oct 10, 2023
10 checks passed
@Zidious Zidious deleted the dependabot/npm_and_yarn/npm-low-risk-1d8d3b4d39 branch October 10, 2023 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zidious Zidious Zidious approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Zidious