build(deps): bump the npm_and_yarn group across 4 directories with 18 updates #2

dependabot · 2024-05-10T03:14:24Z

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package	From	To
vite	`4.5.3`	`5.0.13`
node-fetch	`2.6.7`	`2.6.8`
next	`13.2.0`	`14.1.1`
@sveltejs/kit	`2.0.2`	`2.4.3`
express	`4.18.2`	`4.19.2`
mysql2	`3.7.1`	`3.9.7`
@xmldom/xmldom	`0.8.3`	`0.8.10`
ejs	`3.1.8`	`3.1.10`
follow-redirects	`1.15.2`	`1.15.6`
hosted-git-info	`2.8.8`	`2.8.9`
ip	`2.0.0`	`2.0.1`
loader-utils	`1.4.0`	`1.4.2`
mout	`1.2.3`	`1.2.4`
shell-quote	`1.7.2`	`1.8.1`
tmpl	`1.0.4`	`1.0.5`
tough-cookie	`4.0.0`	`4.1.4`
undici	`5.28.3`	`5.28.4`

Bumps the npm_and_yarn group with 1 update in the /dev-packages/e2e-tests/test-applications/create-next-app directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/nextjs/test/types directory: next.

Updates vite from 4.5.3 to 5.0.13

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.0.13 (2024-03-24)

fix: fs.deny with globs with directories (#16250) (d2db33f), closes #16250

5.0.12 (2024-01-19)

fix: await configResolved hooks of worker plugins (#15597) (#15605) (ef89f80), closes #15597 #15605

fix: fs deny for case insensitive systems (#15653) (91641c4), closes #15653

5.0.11 (2024-01-05)

fix: don't pretransform classic script links (#15361) (19e3c9a), closes #15361

fix: inject __vite__mapDeps code before sourcemap file comment (#15483) (d2aa096), closes #15483

fix(assets): avoid splitting , inside base64 value of srcset attribute (#15422) (8de7bd2), closes #15422

fix(html): handle offset magic-string slice error (#15435) (5ea9edb), closes #15435

chore(deps): update dependency strip-literal to v2 (#15475) (49d21fe), closes #15475

chore(deps): update tj-actions/changed-files action to v41 (#15476) (2a540ee), closes #15476

5.0.10 (2023-12-15)

fix: omit protocol does not require pre-transform (#15355) (d9ae1b2), closes #15355

fix(build): use base64 for inline SVG if it contains both single and double quotes (#15271) (1bbff16), closes #15271

5.0.9 (2023-12-14)

fix: htmlFallbackMiddleware for favicon (#15301) (c902545), closes #15301

fix: more stable hash calculation for depsOptimize (#15337) (2b39fe6), closes #15337

fix(scanner): catch all external files for glob imports (#15286) (129d0d0), closes #15286

fix(server): avoid chokidar throttling on startup (#15347) (56a5740), closes #15347

fix(worker): replace import.meta correctly for IIFE worker (#15321) (08d093c), closes #15321

feat: log re-optimization reasons (#15339) (b1a6c84), closes #15339

chore: temporary typo (#15329) (7b71854), closes #15329

perf: avoid computing paths on each request (#15318) (0506812), closes #15318

perf: temporary hack to avoid fs checks for /@react-refresh (#15299) (b1d6211), closes #15299

5.0.8 (2023-12-12)

perf: cached fs utils (#15279) (c9b61c4), closes #15279

fix: missing warmupRequest in transformIndexHtml (#15303) (103820f), closes #15303

fix: public files map will be updated on add/unlink in windows (#15317) (921ca41), closes #15317

... (truncated)

Commits

80b1b07 release: v5.0.13
d2db33f fix: fs.deny with globs with directories (#16250)
ee81e19 release: v5.0.12
91641c4 fix: fs deny for case insensitive systems (#15653)
ef89f80 fix: await configResolved hooks of worker plugins (#15597) (#15605)
b44c493 release: v5.0.11
d2aa096 fix: inject __vite__mapDeps code before sourcemap file comment (#15483)
2a540ee chore(deps): update tj-actions/changed-files action to v41 (#15476)
5ea9edb fix(html): handle offset magic-string slice error (#15435)
49d21fe chore(deps): update dependency strip-literal to v2 (#15475)
Additional commits viewable in compare view

Updates node-fetch from 2.6.7 to 2.6.8

Release notes

Sourced from node-fetch's releases.

v2.6.8

2.6.8 (2023-01-13)

Bug Fixes

headers: don't forward secure headers on protocol change (#1605) (fddad0e), closes #1599

premature close with chunked transfer encoding and for async iterators in Node 12 (#1172) (50536d1), closes #1064 node-fetch/node-fetch#1064

prevent hoisting of the undefined global variable in browser.js (#1534) (8bb6e31)

Commits

6e9464d ci(release): install dependencies
dd2a0ba ci(release): install dependencies
49bef02 ci(release): use latest Node LTS
ce37bcd ci(semantic-release): config
1768eaa ci(release): initial version
8bb6e31 fix: prevent hoisting of the undefined global variable in browser.js (#1534)
e218f8d Add missing changelog entries. (#1613)
fddad0e fix(headers): don't forward secure headers on protocol change (#1605)
50536d1 fix: premature close with chunked transfer encoding and for async iterators i...
838d971 Handle zero-length OK deflate responses (#903)
See full diff in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates next from 13.2.0 to 14.1.1

Commits

5f59ee5 v14.1.1
f48b90b even more
7f789f4 more timeout
ab71c4c update timeout
75f60d9 update trigger release workflow
74b3f0f Server Action tests (#62655)
a6946b6 Backport metadata fixes (#62663)
4002f4b Fix draft mode invariant (#62121)
7dbf6f8 fix: babel usage with next/image (#61835)
3efc842 Fix next/server apit push alias for ESM pkg (#61721)
Additional commits viewable in compare view

Updates @sveltejs/kit from 2.0.2 to 2.4.3

Release notes

Sourced from @sveltejs/kit's releases.

@sveltejs/kit@2.4.3

Patch Changes

fix: only disallow body with GET/HEAD (#11710)

@sveltejs/kit@2.4.2

Patch Changes

fix: ignore bodies sent with non-PUT/PATCH/POST requests (#11708)

@sveltejs/kit@2.4.1

Patch Changes

fix: use Vite's default value for build.target and respect override supplied by user (#11688)

fix: properly decode base64 strings inside read (#11682)

fix: default route config to {} for feature checking (#11685)

fix: handle onNavigate callbacks correctly (#11678)

@sveltejs/kit@2.4.0

Minor Changes

feat: add $app/server module with read function for reading assets from filesystem (#11649)

@sveltejs/kit@2.3.5

Patch Changes

fix: log a warning if fallback page overwrites prerendered page (#11661)

@sveltejs/kit@2.3.4

Patch Changes

fix: don't stash away original history methods so other libs can monkeypatch it (#11657)

@sveltejs/kit@2.3.3

Patch Changes

fix: remove internal __sveltekit/ module declarations from types (#11620)

@sveltejs/kit@2.3.2

Patch Changes

fix: return plaintext 404 for anything under appDir (#11597)

fix: populate dynamic public env without using top-level await, which fails in Safari (#11601)

@sveltejs/kit@2.3.1

Patch Changes

... (truncated)

Changelog

Sourced from @sveltejs/kit's changelog.

2.4.3

Patch Changes

fix: only disallow body with GET/HEAD (#11710)

2.4.2

Patch Changes

fix: ignore bodies sent with non-PUT/PATCH/POST requests (#11708)

2.4.1

Patch Changes

fix: use Vite's default value for build.target and respect override supplied by user (#11688)

fix: properly decode base64 strings inside read (#11682)

fix: default route config to {} for feature checking (#11685)

fix: handle onNavigate callbacks correctly (#11678)

2.4.0

Minor Changes

feat: add $app/server module with read function for reading assets from filesystem (#11649)

2.3.5

Patch Changes

fix: log a warning if fallback page overwrites prerendered page (#11661)

2.3.4

Patch Changes

fix: don't stash away original history methods so other libs can monkeypatch it (#11657)

2.3.3

Patch Changes

fix: remove internal __sveltekit/ module declarations from types (#11620)

2.3.2

... (truncated)

Commits

a93e19b Version Packages (#11711)
f56781f fix: only disallow body with GET/HEAD requests (#11710)
d570557 Version Packages (#11709)
af34142 fix: ignore bodies sent with non-PUT/PATCH/POST requests (#11708)
b8d0429 chore: upgrade playwright (#11690)
b3c8a8c Version Packages (#11681)
36dc54a fix: respect build.target config supplied by user (#11688)
ada5959 fix: default route config to {} for feature checking (#11685)
5dae367 fix: properly decode base64 strings inside read (#11682)
e228f89 fix: runtime error when onNavigate returns a function (#11678)
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates mysql2 from 3.7.1 to 3.9.7

Release notes

Sourced from mysql2's releases.

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

revert breaking change in results creation (#2591) (f7c60d0)

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

SSL: separate each certificate into an individual item #2542 (63f1055)

security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab

security: improve results object creation (#2574) (4a964a3)

Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab

docs: improve the contribution guidelines (#2552) (8a818ce)

v3.9.3

3.9.3 (2024-03-26)

Bug Fixes

security: improve cache key formation (#2424) (0d54b0c)

Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab

update Amazon RDS SSL CA cert (#2131) (d9dccfd)

v3.9.2

3.9.2 (2024-02-26)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.9.7 (2024-04-21)

Bug Fixes

security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

Bug Fixes

docs: improve the contribution guidelines (#2552) (8a818ce)

security: improve results object creation (#2574) (4a964a3)

security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

3.9.3 (2024-03-26)

Bug Fixes

security: improve cache key formation (#2424) (0d54b0c)

Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab

update Amazon RDS SSL CA cert (#2131) (d9dccfd)

3.9.2 (2024-02-26)

Bug Fixes

stream: premature close when it is paused (#2416) (7c6bc64)

types: expose TypeCast types (#2425) (336a7f1)

3.9.1 (2024-01-29)

... (truncated)

Commits

2d3cad8 chore(master): release 3.9.7 (#2609)
7d4b098 fix(security): sanitize timezone parameter value to prevent code injection (#...
2efd6ab build(deps): bump lucide-react from 0.371.0 to 0.372.0 in /website (#2606)
e3391ed build(deps): bump lucide-react from 0.368.0 to 0.371.0 in /website (#2604)
4f58caa chore(master): release 3.9.6 (#2603)
705835d fix: binary parser sometimes reads out of packet bounds when results contain ...
2129818 chore(master): release 3.9.5 (#2600)
f7c60d0 fix: revert breaking change in results creation (#2591)
7f5b395 build(deps-dev): bump @typescript-eslint/eslint-plugin in /website (#2596)
a770052 build(deps-dev): bump @typescript-eslint/parser in /website (#2595)
Additional commits viewable in compare view

Updates @xmldom/xmldom from 0.8.3 to 0.8.10

Release notes

Sourced from @xmldom/xmldom's releases.

0.8.10

Commits

Fixed

dom: prevent iteration over deleted items [#514](https://github.com/xmldom/xmldom/issues/514)/ [#499](https://github.com/xmldom/xmldom/issues/499)

Thank you, @qtow, for your contributions

0.8.9

Commits

Fixed

Set nodeName property in ProcessingInstruction [#509](https://github.com/xmldom/xmldom/issues/509) / [#505](https://github.com/xmldom/xmldom/issues/505)

Thank you, @cjbarth, for your contributions

0.8.8

Commits

Fixed

extend list of HTML entities [#489](https://github.com/xmldom/xmldom/issues/489)

Thank you, @zorkow, for your contributions

0.8.7

Commits

Fixed

properly parse closing where the last attribute has no value [#485](https://github.com/xmldom/xmldom/issues/485) / [#486](https://github.com/xmldom/xmldom/issues/486)

Thank you, @bulandent, for your contributions

0.8.6

Commits

Fixed

Properly check nodes before replacement [#457](https://github.com/xmldom/xmldom/issues/457) / [#455](https://github.com/xmldom/xmldom/issues/455) / [#456](https://github.com/xmldom/xmldom/issues/456)

Thank you, @edemaine, @pedro-l9, for your contributions

0.8.5

Commits

Fixed

... (truncated)

Changelog

Sourced from @xmldom/xmldom's changelog.

0.8.10

Fixed

dom: prevent iteration over deleted items [#514](https://github.com/xmldom/xmldom/issues/514)/ [#499](https://github.com/xmldom/xmldom/issues/499)

Thank you, @qtow, for your contributions

0.7.13

Fixed

dom: prevent iteration over deleted items [#514](https://github.com/xmldom/xmldom/issues/514)/ [#499](https://github.com/xmldom/xmldom/issues/499)

Thank you, @qtow, for your contributions

0.9.0-beta.9

Fixed

Set nodeName property in ProcessingInstruction [#509](https://github.com/xmldom/xmldom/issues/509) / [#505](https://github.com/xmldom/xmldom/issues/505)

preserve DOCTYPE internal subset [#498](https://github.com/xmldom/xmldom/issues/498) / [#497](https://github.com/xmldom/xmldom/issues/497) / [#117](https://github.com/xmldom/xmldom/issues/117)
BREAKING CHANGES: Many documents that were previously accepted by xmldom, esecially non well-formed ones are no longer accepted. Some issues that were formerly reported as errors are now a fatalError.

DOMParser: Align parseFromString errors with specs [#454](https://github.com/xmldom/xmldom/issues/454)

Chore

stop running mutation tests using stryker [#496](https://github.com/xmldom/xmldom/issues/496)

make toErrorSnapshot windows compatible [#503](https://github.com/xmldom/xmldom/issues/503)

Thank you, @cjbarth, @shunkica, @pmahend1, @niklasl, for your contributions

0.8.9

Fixed

Set nodeName property in ProcessingInstruction [#509](https://github.com/xmldom/xmldom/issues/509) / [#505](https://github.com/xmldom/xmldom/issues/505)

Thank you, @cjbarth, for your contributions

0.7.12

Fixed

Set nodeName property in ProcessingInstruction [#509](https://github.com/xmldom/xmldom/issues/509) / [#505](https://github.com/xmldom/xmldom/issues/505)

... (truncated)

Commits

252395e 0.8.10
00c683e fix(dom): prevent iteration over deleted items (#514)
b87f2bd 0.8.9
efac66a fix: Set nodeName property in ProcessingInstruction (#509)
a26058a 0.8.8
4943e7f fix: extend list of HTML entities (#489)
b69bbbe 0.8.7
eae888a fix: properly parse closing where the last attribute has no value (#485)
238b1ea 0.8.6
b6ad6e9 fix: Properly check nodes before replacement (#457)
Additional commits viewable in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates hosted-git-info from 2.8.8 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

backport regex fix from #76 (29adfe5), closes #84

Commits

8d4b369 chore(release): 2.8.9
29adfe5 fix: backport regex fix from #76
See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates ip from 2.0.0 to 2.0.1

Commits

3b0994a 2.0.1
32f468f lib: fixed CVE-2023-42282 and added unit test
See full diff in compare view

Updates loader-utils from 1.4.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

Commits

331ad50 chore(release): 1.4.2
17cbf8f fix: ReDoS problem (

… updates Bumps the npm_and_yarn group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.3` | `5.0.13` | | [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.7` | `2.6.8` | | [next](https://github.com/vercel/next.js) | `13.2.0` | `14.1.1` | | [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.0.2` | `2.4.3` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [mysql2](https://github.com/sidorares/node-mysql2) | `3.7.1` | `3.9.7` | | [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.3` | `0.8.10` | | [ejs](https://github.com/mde/ejs) | `3.1.8` | `3.1.10` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [hosted-git-info](https://github.com/npm/hosted-git-info) | `2.8.8` | `2.8.9` | | [ip](https://github.com/indutny/node-ip) | `2.0.0` | `2.0.1` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.4.0` | `1.4.2` | | [mout](https://github.com/mout/mout) | `1.2.3` | `1.2.4` | | [shell-quote](https://github.com/ljharb/shell-quote) | `1.7.2` | `1.8.1` | | [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.4` | | [undici](https://github.com/nodejs/undici) | `5.28.3` | `5.28.4` | Bumps the npm_and_yarn group with 1 update in the /dev-packages/e2e-tests/test-applications/create-next-app directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /packages/nextjs directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /packages/nextjs/test/types directory: [next](https://github.com/vercel/next.js). Updates `vite` from 4.5.3 to 5.0.13 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.0.13/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.0.13/packages/vite) Updates `node-fetch` from 2.6.7 to 2.6.8 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.7...v2.6.8) Updates `next` from 13.2.0 to 14.1.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.2.0...v14.1.1) Updates `@sveltejs/kit` from 2.0.2 to 2.4.3 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/[email protected]/packages/kit) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `mysql2` from 3.7.1 to 3.9.7 - [Release notes](https://github.com/sidorares/node-mysql2/releases) - [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md) - [Commits](sidorares/node-mysql2@v3.7.1...v3.9.7) Updates `@xmldom/xmldom` from 0.8.3 to 0.8.10 - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.8.3...0.8.10) Updates `ejs` from 3.1.8 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.8...v3.1.10) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `hosted-git-info` from 2.8.8 to 2.8.9 - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](npm/hosted-git-info@v2.8.8...v2.8.9) Updates `ip` from 2.0.0 to 2.0.1 - [Commits](indutny/node-ip@v2.0.0...v2.0.1) Updates `loader-utils` from 1.4.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.4.0...v1.4.2) Updates `mout` from 1.2.3 to 1.2.4 - [Changelog](https://github.com/mout/mout/blob/master/CHANGELOG.md) - [Commits](mout/mout@v1.2.3...v1.2.4) Updates `postcss` from 8.4.14 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.14...8.4.31) Updates `shell-quote` from 1.7.2 to 1.8.1 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.2...v1.8.1) Updates `tmpl` from 1.0.4 to 1.0.5 - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) Updates `tough-cookie` from 4.0.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.0.0...v4.1.4) Updates `undici` from 5.28.3 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.3...v5.28.4) Updates `next` from 14.0.0 to 14.1.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.2.0...v14.1.1) Updates `next` from 13.2.0 to 14.1.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.2.0...v14.1.1) Updates `next` from 13.2.0 to 14.1.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.2.0...v14.1.1) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@sveltejs/kit" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mysql2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@xmldom/xmldom" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hosted-git-info dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mout dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmpl dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label May 10, 2024

dependabot bot mentioned this pull request May 10, 2024

build(deps): bump the npm_and_yarn group across 3 directories with 15 updates #1

Closed

DawallAZllon91 added help wanted Extra attention is needed and removed dependencies Pull requests that update a dependency file labels May 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the npm_and_yarn group across 4 directories with 18 updates #2

build(deps): bump the npm_and_yarn group across 4 directories with 18 updates #2

Uh oh!

dependabot bot commented on behalf of github May 10, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

build(deps): bump the npm_and_yarn group across 4 directories with 18 updates #2

Are you sure you want to change the base?

build(deps): bump the npm_and_yarn group across 4 directories with 18 updates #2

Uh oh!

Conversation

dependabot bot commented on behalf of github May 10, 2024

5.0.13 (2024-03-24)

5.0.12 (2024-01-19)

5.0.11 (2024-01-05)

5.0.10 (2023-12-15)

5.0.9 (2023-12-14)

5.0.8 (2023-12-12)

v2.6.8

2.6.8 (2023-01-13)

Bug Fixes

@​sveltejs/kit@​2.4.3

Patch Changes

@​sveltejs/kit@​2.4.2

Patch Changes

@​sveltejs/kit@​2.4.1

Patch Changes

@​sveltejs/kit@​2.4.0

Minor Changes

@​sveltejs/kit@​2.3.5

Patch Changes

@​sveltejs/kit@​2.3.4

Patch Changes

@​sveltejs/kit@​2.3.3

Patch Changes

@​sveltejs/kit@​2.3.2

Patch Changes

@​sveltejs/kit@​2.3.1

Patch Changes

2.4.3

Patch Changes

2.4.2

Patch Changes

2.4.1

Patch Changes

2.4.0

Minor Changes

2.3.5

Patch Changes

2.3.4

Patch Changes

2.3.3

Patch Changes

2.3.2

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

v3.9.3

3.9.3 (2024-03-26)

Bug Fixes

v3.9.2

3.9.2 (2024-02-26)

3.9.7 (2024-04-21)

`@sveltejs/kit@2`.4.3

`@sveltejs/kit@2`.4.2

`@sveltejs/kit@2`.4.1

`@sveltejs/kit@2`.4.0

`@sveltejs/kit@2`.3.5

`@sveltejs/kit@2`.3.4

`@sveltejs/kit@2`.3.3

`@sveltejs/kit@2`.3.2

`@sveltejs/kit@2`.3.1