Bump the npm_and_yarn group with 10 updates #4

dependabot · 2024-11-24T01:24:09Z

Bumps the npm_and_yarn group with 10 updates:

Package	From	To
braces	`2.3.2`	`3.0.3`
@docusaurus/theme-search-algolia	`2.0.0-beta.9`	`2.4.3`
docusaurus-theme-search-typesense	`0.1.0`	`0.22.0`
loader-utils	`1.4.0`	`2.0.4`
path-to-regexp	`0.1.7`	`0.1.10`
postcss	`8.3.9`	`8.4.49`
qs	`6.7.0`	`6.11.0`
send	`0.17.1`	`0.19.0`
serve-static	`1.14.1`	`1.16.2`
webpack	`5.58.2`	`5.96.1`

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

The undocumented .makeRe method was removed

Non-breaking changes

Caching was removed

Commits

See full diff in compare view

Updates @docusaurus/theme-search-algolia from 2.0.0-beta.9 to 2.4.3

Release notes

Sourced from @docusaurus/theme-search-algolia's releases.

2.4.3 (2023-09-20)

🐛 Bug Fix

docusaurus-plugin-content-docs

#9107 fix(content-docs): sidebar generator should return customProps for doc items (@TheCatLady)

docusaurus-theme-classic

#9108 feat(theme-classic): add description & keywords microdata to blog posts (@TheCatLady)

#9099 fix(theme): only set classname on ul elements if they have an existing class (@homotechsual)

#9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@slorber)

docusaurus-theme-classic, docusaurus-theme-common

#9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@ori-shalom)

Committers: 4

Mikey O'Toole (@homotechsual)

Ori Shalom (@ori-shalom)

Sébastien Lorber (@slorber)

@TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

docusaurus-theme-classic, docusaurus-theme-common

#8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@slorber)

docusaurus-theme-translations

#8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@LiberaTeMetuMortis)

docusaurus

#8908 fix(core): Correct yarn upgrade command for yarn 2.x (@andrewnicols)

docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus

#8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@slorber)

docusaurus-theme-common

#8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@slorber)

#8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@slorber)

docusaurus-utils

#8874 fix(utils): handle Markdown links with spaces to route correctly (@morsko1)

docusaurus-theme-classic, docusaurus-theme-translations

#8842 fix(theme-translations): remove redundant navigation text in aria label (@tarunrajput)

create-docusaurus

#8831 fix(create): add missing await (@SACHINnANYAKKARA)

💅 Polish

docusaurus-theme-classic

#8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@armano2)

... (truncated)

Changelog

Sourced from @docusaurus/theme-search-algolia's changelog.

2.4.3 (2023-09-20)

🐛 Bug Fix

docusaurus-plugin-content-docs

#9107 fix(content-docs): sidebar generator should return customProps for doc items (@TheCatLady)

docusaurus-theme-classic

#9108 feat(theme-classic): add description & keywords microdata to blog posts (@TheCatLady)

#9099 fix(theme): only set classname on ul elements if they have an existing class (@homotechsual)

#9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@slorber)

docusaurus-theme-classic, docusaurus-theme-common

#9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@ori-shalom)

Committers: 4

Mikey O'Toole (@homotechsual)

Ori Shalom (@ori-shalom)

Sébastien Lorber (@slorber)

@TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

docusaurus-theme-classic, docusaurus-theme-common

#8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@slorber)

docusaurus-theme-translations

#8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@LiberaTeMetuMortis)

docusaurus

#8908 fix(core): Correct yarn upgrade command for yarn 2.x (@andrewnicols)

docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus

#8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@slorber)

docusaurus-theme-common

#8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@slorber)

#8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@slorber)

docusaurus-utils

#8874 fix(utils): handle Markdown links with spaces to route correctly (@morsko1)

docusaurus-theme-classic, docusaurus-theme-translations

#8842 fix(theme-translations): remove redundant navigation text in aria label (@tarunrajput)

create-docusaurus

#8831 fix(create): add missing await (@SACHINnANYAKKARA)

💅 Polish

docusaurus-theme-classic

#8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@armano2)

... (truncated)

Commits

56410aa v2.4.3
4a2200a chore: backport retro compatible commits for the Docusaurus v2.4.1 release (#...
4fb67ef chore: backport retro compatible commits for the Docusaurus v2.4 release (#8809)
c60387d chore: backport retro compatible commits for the Docusaurus v2.3.1 release (#...
c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (#8585)
de97214 chore: backport retro compatible commits for the Docusaurus v2.2 release (#8264)
7743aa6 chore: release Docusaurus v2.1.0 (#8040)
bb65b5c chore: release v2.0.1 (#7919)
d255389 chore: prepare v2.0.0-rc.1 release (#7778)
1ad9784 fix(algolia-search): test for canUseIntersectionObserver (#7761)
Additional commits viewable in compare view

Updates docusaurus-theme-search-typesense from 0.1.0 to 0.22.0

Release notes

Sourced from docusaurus-theme-search-typesense's releases.

v0.22.0

What's Changed

support docusaurus 3.5.2 by @fharper in typesense/docusaurus-theme-search-typesense#51

add missing peerDependencies upgrade for 3.5.2 by @fharper in typesense/docusaurus-theme-search-typesense#52

feat(docusaurus): accept docusaurus updates by @lpillonel in typesense/docusaurus-theme-search-typesense#50

Full Changelog: typesense/docusaurus-theme-search-typesense@v0.20.0...v0.22.0

v0.22.0-1

feat(docusaurus): accept docusaurus updates @lpillonel 838a17044

add missing peerDependencies upgrade for 3.5.2 @fharper ed1855c0e

typesense/docusaurus-theme-search-typesense@v0.22.0-0...v0.22.0-1

v0.21.0-0

support docusaurus 3.5.2 0dda9acc9 @fharper

typesense/docusaurus-theme-search-typesense@v0.20.0...v0.21.0-0

v0.20.0

Support for Docusaurus 3.4.0. Resolves #46

v0.20.0-0

Support for Docusaurus 3.4.0 f578313fd

typesense/docusaurus-theme-search-typesense@v0.19.0...v0.20.0-0

v0.19.0

Support for Docusaurus 3.3.2

v0.19.0-0

Update for @docusaurus 3.3.2 462a18658

typesense/docusaurus-theme-search-typesense@v0.18.0...v0.19.0-0

v0.18.0

upgrade for Docusaurus 3.2.1 @fharper 410760082

typesense/docusaurus-theme-search-typesense@v0.17.0...v0.18.0

v0.17.0

Upgrade for Docusaurus 3.2.0 by @fharper in typesense/docusaurus-theme-search-typesense#43

Full Changelog: typesense/docusaurus-theme-search-typesense@v0.16.0...v0.17.0

v0.17.0-0

Update dependencies b0ed25e7e

Merge pull request #43 from fharper/fharper/3.2.0 1d2f1bd97 @fharper

Upgrade for Docusaurus 3.2.0 f4ab30af8

... (truncated)

Commits

19dfd33 v0.22.0
e02e66d v0.22.0-1
838a170 Merge pull request #50 from lpillonel/master
5c66543 Merge branch 'master' into lpillonel/master
3c7bfea Merge pull request #52 from fharper/fharper/3.5.2
89f1e5f v0.22.0-0
ed1855c add missing peerDependencies upgrade for 3.5.2
a1a73ac Merge branch 'master' into lpillonel/master
33d1d30 v0.21.0-0
8994425 Update additional packages to support Docusaurus 3.5.2
Additional commits viewable in compare view

Updates loader-utils from 1.4.0 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

md4 support on Node.js v17 (#193) (1069f61)

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

minimum required Node.js version is 8.9.0 (#166) (c937e8c)

the getOptions method returns empty object on empty query (#167) (b595cfb)

Use md4 by default

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

md4 support on Node.js v17 (#193) (1069f61)

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

minimum required Node.js version is 8.9.0 (#166) (c937e8c)

the getOptions method returns empty object on empty query (#167) (b595cfb)

Use md4 by default

Commits

6688b50 chore(release): 2.0.4
ac09944 fix: ReDoS problem (#225)
7162619 chore(release): 2.0.3
a93cf6f fix(security): prototype polution exploit (#217)
90c7c4b chore(release): 2.0.2
8c2d24e fix: base64 generation and unicode characters (#197)
5fb5562 chore(release): 2.0.1
1069f61 fix: md4 support on Node.js v17 (#193)
d9f4e23 chore(release): 2.0.0
865dc03 refactor: switch to md4 by default (#168)
Additional commits viewable in compare view

Updates path-to-regexp from 0.1.7 to 0.1.10

Release notes

Sourced from path-to-regexp's releases.

Backtrack protection

Fixed

Add backtrack protection to parameters 29b96b4

This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

c827fce 0.1.10
29b96b4 Add backtrack protection to parameters
ac4c234 Update repo url (#314)
bdb6635 0.1.9
c4272e4 Allow a non-lookahead regex (#312)
51a1955 0.1.8
114f62d Add support for named matching groups (#301)
See full diff in compare view

Updates postcss from 8.3.9 to 8.4.49

Release notes

Sourced from postcss's releases.

8.4.49

Fixed custom syntax without source.offset (by @romainmenke).

8.4.48

Fixed position calculation in error/warnings methods (by @romainmenke).

8.4.47

Removed debug code.

8.4.46

Fixed Cannot read properties of undefined (reading 'before').

8.4.45

Removed unnecessary fix which could lead to infinite loop.

8.4.44

Another way to fix markClean is not a function error.

8.4.43

Fixed markClean is not a function error.

8.4.42

Fixed CSS syntax error on long minified files (by @varpstar).

8.4.41

Fixed types (by @nex3 and @querkmachine).

Cleaned up RegExps (by @bluwy).

8.4.40

Moved to getter/setter in nodes types to help Sass team (by @nex3).

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by @tim-we).

Cleaned up code (by @DrKiraDmitry).

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.49

Fixed custom syntax without source.offset (by @romainmenke).

8.4.48

Fixed position calculation in error/warnings methods (by @romainmenke).

8.4.47

Removed debug code.

8.4.46

Fixed Cannot read properties of undefined (reading 'before').

8.4.45

Removed unnecessary fix which could lead to infinite loop.

8.4.44

Another way to fix markClean is not a function error.

8.4.43

Fixed markClean is not a function error.

8.4.42

Fixed CSS syntax error on long minified files (by @varpstar).

8.4.41

Fixed types (by @nex3 and @querkmachine).

Cleaned up RegExps (by @bluwy).

8.4.40

Moved to getter/setter in nodes types to help Sass team (by @nex3).

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by Tim Weißenfels).

Cleaned up code (by Dmitry Kirillov).

... (truncated)

Commits

aed8b89 Release 8.4.49 version
3450630 Fix position calculations when offset is missing (#1983)
77420d6 Release 8.4.48 version
341529f Update dependencies
66fa667 Add Node.js 23 to CI
1a8b261 fix inconsistent position calculations (#1980)
1cc6ac3 Clarify usage in docs
5e6fd13 Release 8.4.47 version
714bc10 Typo
439d20e Release 8.4.46 version
Additional commits viewable in compare view

Updates qs from 6.7.0 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

[New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)

[readme] fix version badge

6.10.5

[Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

[Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)

[meta] use npmignore to autogenerate an npmignore file

[Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

[Fix] parse: ignore __proto__ keys (#428)

[Robustness] stringify: avoid relying on a global undefined (#427)

[actions] reuse common workflows

[Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

[Fix] stringify: actually fix cyclic references (#426)

[Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] add note and links for coercing primitive values (#408)

[actions] update codecov uploader

[actions] update workflows

[Tests] clean up stringify tests slightly

[Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

[Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

[New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)

[New] parse: add allowSparse option for collapsing arrays with missing indices (#312)

[meta] fix README.md (#399)

[meta] only run npm run dist in publish, not install

[Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape

[Tests] fix tests on node v0.6

[Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run

[Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

[Fix] parse: ignore __proto__ keys (#428)

[Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] add note and links for coercing primitive values (#408)

[Tests] clean up stringify tests slightly

[meta] fix README.md (#399)

Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits

56763c1 v6.11.0
ddd3e29 [readme] fix version badge
c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
95bc018 v6.10.5
0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
ba9703c v6.10.4
4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
113b990 [Dev Deps] update object-inspect
c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
2cf45b2 [meta] use npmignore to autogenerate an npmignore file
Additional commits viewable in compare view

Updates send from 0.17.1 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

@UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

Remove link renderization in html while redirecting

0.18.0 / 2022-03-23

Fix emitted 416 error missing headers property

Limit the headers removed for 304 response

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

0.17.2 / 2021-12-11

pref: ignore empty http tokens

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

Commits

9d2db99 0.19.0
ae4f298 Merge commit from fork
b69cbb3 0.18.0
f53edbb Limit the headers removed for 304 response
706d6dd docs: add security policy
b690ba4 docs: fix linux build badge link
fed09ff docs: update copyright
aee1a65 deps: [email protected]
6060bda deps: [email protected]
8055f78 build: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.14.1 to 1.16.2

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

@UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

1.15.0

deps: [email protected]

Fix emitted 416 error missing headers property

Limit the headers removed for 304 response

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

1.14.2

deps: [email protected]

deps: [email protected]

deps: [email protected]

pref: ignore empty http tokens

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

deps: [email protected]

1.16.0 / 2024-09-10

Remove link renderization in html while redirecting

1.15.0 / 2022-03-24

deps: [email protected]

Fix emitted 416 error missing headers property

Limit the headers removed for 304 response

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

1.14.2 / 2021-12-15

deps: [email protected]

deps: [email protected]

deps: [email protected]

pref: ignore empty http tokens

Commits

ec9c5ec 1.16.2
f454d37 fix(deps): encodeurl@~2.0.0
77a8255 1.16.1
4263f49 fix(deps): [email protected]
48c7397 1.16.0
0c11fad Merge commit from fork
9b5a12a 1.15.0
a39a0df docs: update CI link
d702ea2 build: [email protected]
ff1510a deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates webpack from 5.58.2 to 5.96.1

Release notes

Sourced from webpack's releases.

v5.96.1

Bug Fixes

[Types] Add @types/eslint-scope to dependencieS

[Types] Fixed regression in validate

v5.96.0

Bug Fixes

Fixed Module Federation should track all referenced chunks

Handle Data URI without base64 word

HotUpdateChunk have correct runtime when modified with new runtime

Order of chunks ids in generated chunk code

No extra Javascript chunks when using asset module as an entrypoint

Use optimistically logic for output.environment.dynamicImport to determine chunk format when no browserslist or target

Collision with global variables for optimization.avoidEntryIife

Avoid through variables in inlined module

Allow chunk template strings in output.devtoolNamespace

No extra runtime for get javascript/css chunk filename

No extra runtime for prefetch and preload in JS runtime when it was unsed in CSS

Avoid cache invalidation using ProgressPlugin

Increase parallelism when using importModule on the execution stage

Correctly parsing string in export and import

Typescript types

[CSS] css/auto considers a module depending on its filename as css (pure CSS) or css/local, before it was css/global and css/local

[CSS] Always interpolate classes even if they are not involved in export

[CSS] No extra runtime in Javascript runtime chunks for asset modules used in CSS

[CSS] No extra runtime in Javascript runtime chunks for external asset modules used in CSS

[CSS] No extra runtime for the node target

[CSS] Fixed url()s and @import parsing

[CSS] Fixed - emit a warning on broken :local and :global

New Features

Export CSS and ESM runtime modules

Single Runtime Chunk and Federation eager module hoisting

[CSS] Support /* webpackIgnore: true */ for CSS files

[CSS] Support src() support

[CSS] CSS nesting in CSS modules

v5.95.0

Bug Fixes

Fixed hanging when attempting to read a symlink-like file that it can't read

Handle default for import context element dependency

Merge duplicate chunks call after split chunks

Generate correctly code for dynamically importing the same file twice and destructuring

Use content hash as [base] and [name] for extracted DataURI's

Distinguish module and import in module-import for externals import's

... (truncated)

Commits

d4ced73 chore(release): 5.96.1
7d6dbea fix: types regression in validate
5c556e3 fix: types regression in validate
2420eae fix: add @types/eslint-scope to dependencies due types regression
ec45d2d fix: add @types/eslint-scope to dependencies
aff0c3e chore(release): 5.96.0
6f11ec1 refactor: module source types code
b07142f refactor: module source types code
7d98b3c fix: Module Federation should track all referenced chunks
6d09769 chore: linting
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps the npm_and_yarn group with 10 updates: | Package | From | To | | --- | --- | --- | | [braces](https://github.com/micromatch/braces) | `2.3.2` | `3.0.3` | | [@docusaurus/theme-search-algolia](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-search-algolia) | `2.0.0-beta.9` | `2.4.3` | | [docusaurus-theme-search-typesense](https://github.com/typesense/docusaurus-theme-search-typesense) | `0.1.0` | `0.22.0` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.4.0` | `2.0.4` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `0.1.10` | | [postcss](https://github.com/postcss/postcss) | `8.3.9` | `8.4.49` | | [qs](https://github.com/ljharb/qs) | `6.7.0` | `6.11.0` | | [send](https://github.com/pillarjs/send) | `0.17.1` | `0.19.0` | | [serve-static](https://github.com/expressjs/serve-static) | `1.14.1` | `1.16.2` | | [webpack](https://github.com/webpack/webpack) | `5.58.2` | `5.96.1` | Updates `braces` from 2.3.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/3.0.3) Updates `@docusaurus/theme-search-algolia` from 2.0.0-beta.9 to 2.4.3 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v2.4.3/packages/docusaurus-theme-search-algolia) Updates `docusaurus-theme-search-typesense` from 0.1.0 to 0.22.0 - [Release notes](https://github.com/typesense/docusaurus-theme-search-typesense/releases) - [Commits](typesense/docusaurus-theme-search-typesense@v0.1.0...v0.22.0) Updates `loader-utils` from 1.4.0 to 2.0.4 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.4.0...v2.0.4) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `postcss` from 8.3.9 to 8.4.49 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.3.9...8.4.49) Updates `qs` from 6.7.0 to 6.11.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.7.0...v6.11.0) Updates `send` from 0.17.1 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.0) Updates `serve-static` from 1.14.1 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.2) Updates `webpack` from 5.58.2 to 5.96.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.58.2...v5.96.1) --- updated-dependencies: - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@docusaurus/theme-search-algolia" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: docusaurus-theme-search-typesense dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

socket-security · 2024-11-24T01:24:55Z

Report too large to display inline

View full report↗︎

socket-security · 2024-11-24T01:24:56Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
License Policy Violation	npm/[email protected]	License: CC-BY-SA-4.0 - Not allowed by license policy (package/LICENSE, package/LICENSE)	`package-lock.json`	⚠︎
License Policy Violation	npm/[email protected]	License: CC-BY-4.0 - Not allowed by license policy (npm metadata, package/LICENSE, package/package.json)	`package-lock.json`	⚠︎

View full report↗︎

Next steps

What is a license policy violation?

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]

dependabot bot added the dependencies Pull requests that update a dependency file label Nov 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group with 10 updates #4

Bump the npm_and_yarn group with 10 updates #4

dependabot bot commented on behalf of github Nov 24, 2024 •

edited

Loading

socket-security bot commented Nov 24, 2024

socket-security bot commented Nov 24, 2024

Bump the npm_and_yarn group with 10 updates #4

Are you sure you want to change the base?

Bump the npm_and_yarn group with 10 updates #4

Conversation

dependabot bot commented on behalf of github Nov 24, 2024 • edited Loading

Release history

[3.0.0] - 2018-04-08

2.4.3 (2023-09-20)

🐛 Bug Fix

Committers: 4

2.4.2 (2023-09-20)

2.4.1 (2023-05-15)

🐛 Bug Fix

💅 Polish

2.4.3 (2023-09-20)

🐛 Bug Fix

Committers: 4

2.4.2 (2023-09-20)

2.4.1 (2023-05-15)

🐛 Bug Fix

💅 Polish

v0.22.0

What's Changed

v0.22.0-1

v0.21.0-0

v0.20.0

v0.20.0-0

v0.19.0

v0.19.0-0

v0.18.0

v0.17.0

v0.17.0-0

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

2.0.4 (2022-11-11)

Bug Fixes

2.0.3 (2022-10-20)

Bug Fixes

2.0.2 (2021-11-04)

Bug Fixes

2.0.1 (2021-10-29)

Bug Fixes

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

Backtrack protection

Support non-lookahead regex output

Support named matching groups in RegExp

8.4.49

8.4.48

8.4.47

8.4.46

8.4.45

8.4.44

8.4.43

8.4.42

8.4.41

8.4.40

8.4.39

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.49

dependabot bot commented on behalf of github Nov 24, 2024 •

edited

Loading

Support named matching groups in `RegExp`