Bump the npm_and_yarn group across 1 directory with 19 updates#11
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 1 directory with 19 updates#11dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@opentelemetry/core](https://github.com/open-telemetry/opentelemetry-js) | `2.5.1` | `2.9.0` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `3.0.5` | `3.0.7` | | [js-cookie](https://github.com/js-cookie/js-cookie) | `3.0.5` | `3.0.7` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.3.0` | | [liquidjs](https://github.com/harttle/liquidjs) | `10.25.5` | `10.26.0` | | [next](https://github.com/vercel/next.js) | `16.2.3` | `16.2.6` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.18` | `4.1.0` | | [form-data](https://github.com/form-data/form-data) | `4.0.5` | `4.0.6` | | [form-data](https://github.com/form-data/form-data) | `2.5.5` | `2.5.6` | | [axios](https://github.com/axios/axios) | `1.15.0` | `1.18.1` | | [undici](https://github.com/nodejs/undici) | `6.24.0` | `6.27.0` | | [undici](https://github.com/nodejs/undici) | `7.24.1` | `7.28.0` | | [fast-uri](https://github.com/fastify/fast-uri) | `3.0.1` | `3.1.3` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `removed` | | [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.3` | | [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` | Updates `@opentelemetry/core` from 2.5.1 to 2.9.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-js@v2.5.1...v2.9.0) Updates `http-proxy-middleware` from 3.0.5 to 3.0.7 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v3.0.7/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v3.0.5...v3.0.7) Updates `js-cookie` from 3.0.5 to 3.0.7 - [Release notes](https://github.com/js-cookie/js-cookie/releases) - [Commits](js-cookie/js-cookie@v3.0.5...v3.0.7) Updates `js-yaml` from 4.1.1 to 4.3.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.1...4.3.0) Updates `liquidjs` from 10.25.5 to 10.26.0 - [Release notes](https://github.com/harttle/liquidjs/releases) - [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md) - [Commits](harttle/liquidjs@v10.25.5...v10.26.0) Updates `next` from 16.2.3 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Commits](vercel/next.js@v16.2.3...v16.2.6) Updates `vitest` from 4.0.18 to 4.1.0 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest) Updates `@grpc/grpc-js` from 1.14.3 to 1.14.4 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.14.3...@grpc/grpc-js@1.14.4) Updates `protobufjs` from 7.5.4 to 7.6.5 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.5/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.6.5) Updates `@opentelemetry/exporter-prometheus` from 0.211.0 to 0.220.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-js@experimental/v0.211.0...experimental/v0.220.0) Updates `form-data` from 4.0.5 to 4.0.6 - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.5...v4.0.6) Updates `form-data` from 2.5.5 to 2.5.6 - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.5...v4.0.6) Updates `axios` from 1.15.0 to 1.18.1 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.15.0...v1.18.1) Updates `undici` from 6.24.0 to 6.27.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.24.0...v6.27.0) Updates `undici` from 7.24.1 to 7.28.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.24.0...v6.27.0) Updates `fast-uri` from 3.0.1 to 3.1.3 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.0.1...v3.1.3) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Removes `markdown-it` Updates `qs` from 6.14.2 to 6.15.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.2...v6.15.3) Updates `tmp` from 0.2.5 to 0.2.7 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.5...v0.2.7) Updates `vite` from 7.3.2 to 8.1.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite) --- updated-dependencies: - dependency-name: "@opentelemetry/core" dependency-version: 2.9.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 3.0.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: js-cookie dependency-version: 3.0.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.3.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: liquidjs dependency-version: 10.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vitest dependency-version: 4.1.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-version: 1.14.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 7.6.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@opentelemetry/exporter-prometheus" dependency-version: 0.220.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 2.5.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 6.27.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 7.28.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-uri dependency-version: 3.1.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 8.1.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 14 updates in the / directory:
2.5.12.9.03.0.53.0.73.0.53.0.74.1.14.3.010.25.510.26.016.2.316.2.64.0.184.1.04.0.54.0.62.5.52.5.61.15.01.18.16.24.06.27.07.24.17.28.03.0.13.1.314.1.0removed6.14.26.15.30.2.50.2.7Updates
@opentelemetry/corefrom 2.5.1 to 2.9.0Release notes
Sourced from @opentelemetry/core's releases.
... (truncated)
Changelog
Sourced from @opentelemetry/core's changelog.
... (truncated)
Commits
40d67b7chore: prepare next release (#6869)b1c196dMerge commit from forkd375c08fix(instrumentation,instrumentation-http): fix codecov under-reporting (#6867)d61ab5fperf(sdk-metrics): optionally capture active context for sync instruments (#6...9e6475efix(core): guard timeInputToHrTime against clock-skew misclassification (#677...c989308feat(sdk-node): wire up tracer_provider.sampler from declarative config (#6847)dddbc0efeat(sdk-trace): add AlwaysRecordSampler (#6168)991434cchore(deps): update dependency@bufbuild/bufto v1.71.0 (#6863)69303d0chore(deps): update all patch versions (#6862)6690b03chore(sdk-node)!: Drop support for deprecated OpenCensusMetricProducer from d...Updates
http-proxy-middlewarefrom 3.0.5 to 3.0.7Release notes
Sourced from http-proxy-middleware's releases.
... (truncated)
Changelog
Sourced from http-proxy-middleware's changelog.
Commits
8cc4ebachore(package.json): v3.0.7 (#1261)c13a99cfix(fixRequestBody): harden form-data stringification (#1259)ea0bb98chore(package.json): v3.0.6 (#1256)f377520fix(router): harden proxy-table matching (#1254)f6be2c6chore(yarn.lock): bump to follow-redirects 1.16.0a36f009ci(publish.yml): npm stage publish3471790ci(github actions): update publish.yml for 3.x branchbcf1864build(vscode): use workspace version of TypeScript (#1173)48ed092docs(examples): fix websocket example (#1170)0fe7c24chore(package.json): bump dev-deps (#1171)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for http-proxy-middleware since your current version.
Updates
js-cookiefrom 3.0.5 to 3.0.7Release notes
Sourced from js-cookie's releases.
Commits
17bacbaCraft v3.0.7 releaseadb823cFix release workflow halting atgit tag5f9e759May remove Git user config from release workflow6ac9211Fix release workflow not able to push commit + tag2278bc5Fix missing package version bumpeb3c40ePrevent cookie attribute injectionf6f157fBump globals from 17.5.0 to 17.6.0f409d02Bump eslint from 10.2.0 to 10.3.0a686883Bump protobufjs in the npm_and_yarn group across 1 directoryc6112d2Bump@protobufjs/utf8in the npm_and_yarn group across 1 directoryMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for js-cookie since your current version.
Updates
js-yamlfrom 4.1.1 to 4.3.0Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
33d05b54.3.0 released663bfabDrop demo publish, to not override new v5 one.1cb8c7bAdd v4-legacy tag for publish02f27afRestore umd builds back to es58be84edFix es5 compatibility59423c6ReplacemaxMergeSeqLengthoption withmaxTotalMergeKeys(more robust). Ba...6842ef6doc polish590dbab4.2.0 releasedf944dc5Add package.json funding fieldf692719Changelog updateUpdates
liquidjsfrom 10.25.5 to 10.26.0Release notes
Sourced from liquidjs's releases.
Changelog
Sourced from liquidjs's changelog.
Commits
c20c0afchore(release): 10.26.0 [skip ci]457fae0fix(security): block Object.prototype filter/tag lookups (RCE) (#897)3616a74fix(strip_html): rewrite as linear single-pass scan to avoid ReDoS (#896)3129d46fix(date): cap strftime widths and account padding in memoryLimit (#895)5b9c346fix: enforce renderLimit for empty renderTemplates calls (#894)dbbf628fix: propagate ownPropertyOnly into Context.spawn() for {% render %} (#893)26ea285fix: strip html newline tags (#892)a55f543docs(readme): add Freshet to Who's Using LiquidJS (#888)d1d517ddocs: add VladimirFilonov as a contributor for code (#891)1c816d4feat: add sha256 and hmac_sha256 filters for cryptographic operations (#889)Updates
nextfrom 16.2.3 to 16.2.6Release notes
Sourced from next's releases.
... (truncated)
Commits
ee6e79bv16.2.6afa053dTurbopack: Match proxy matchers with webpack implementation (#93594)97a154eTurbopack: Fix middleware matcher suffix (#93590)83899bc[backport] Disable build caches for production/staging/force-preview deploys ...7b222b9[backport][test] Pin package manager to patch versions (#93595)a8dc24f[backport] Turbopack: more strict vergen setup (#93587)766148fv16.2.50dd9483fix: add explicit checks for RSC header (#83) (#98)d166096fix proxy matching for segment prefetch URLs (#89) (#96)9d50c0bStrip next-resume header from incoming requests (#92)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.
Updates
vitestfrom 4.0.18 to 4.1.0Release notes
Sourced from vitest's releases.