Bump shell-quote and next #21

dependabot · 2022-10-01T23:11:36Z

Removes shell-quote. It's no longer used after updating ancestor dependency next. These dependencies need to be updated together.

Removes shell-quote

Updates next from 11.1.2 to 12.3.1

Release notes

Sourced from next's releases.

v12.3.1

Core Changes

Update react-server-dom-webpack: #40356

Fix flight manifest to include all chunks: #40365

docs: fix typos: #40342

Fix page url for edge routes in app dir: #40361

Subresource Integrity for App Directory: #39729

Stop build warning about experimental: { esmExternals: 'loose' }: #40377

Add template and error file types: #39808

Bump styled-jsx for showing displayName: #40411

fix(#40388): next/dynamic should only add default loading without suspense: #40397

Add missing trace for full reload event: #40393

feat(ts): expose AppType: #40391

Update dev watcher to ignore more accurately: #40412

Add failing case for location throw: #40445

Drop legacy RSC handling in client for pages: #40472

fix: eslint no-script-component-in-head error url: #40422

chore: Update swc: #40292

feat(edge): allows configuring Dynamic code execution guard: #39539

Rename allowDynamic to unstable_allowDynamic: #40496

Don't execute prefetches for bot user agents: #40435

Update semver of eslint-plugin-react: #40246

Clean up startTransition in Link: #40505

docs(README): next.js logo with dark mode: #40223

Passing down original sourcemap for flight client loader: #40508

next/script: make onLoad concurrent rendering resilient: #40191

chore: Update swc: #40520

Add missing feature in next-swc: #40550

Mask Flight Parameters from Middleware: #39939

Unwrap promise with experimental_use: #40575

fix(next/router): Prevent query delete in routing when next.config basePath option is truthy: #40566

fix(image): handle image imports with high aspect ratio: #40563

fix: loosen webpack compilation with fallbackNodePolyfills: false: #40612

Adding experimentalAdjustFallback feature to font optimization: #40185

fix: handle notFound: true in / with next export: #40592

refactor: split up CONTRIBUTING.md: #40515

Implement SWC transformer for server and client graphs: #40603

Fix edge wasm handling during deploy: #40625

Client directive: #40415

Remove internal client next api detection: #40646

Attach module trace for RSC related errors: #40652

Use createFromFetch instead of createFromReadableStream to fetch Flight: #40656

Change Flight response content type to application/octet-stream: #40665

Send web vitals to Vercel analytics in app: #40669

Refactor fetchServerResponse: #40674

Port page and layout level API assertions to SWC transform: #40653

Ensure smooth scroll is disabled for navigation in new and existing router: #40642

Upgrade to latest React experimental: #40672

Refine error messages: #40661

... (truncated)

Commits

980095d v12.3.1
4901fc7 v12.3.1-canary.5
a03cdc6 docs(examples): fix error connection handling (#40633)
5a50a99 Drop legacy RSC server and client extension (#40692)
35098a1 v12.3.1-canary.4
7f9fe8c chore: Refactor active-class-name example (#40670)
24b20dd chore: Migrate with-prefetching example to typescript (#40671)
6279dba Avoid direct React client API imports in the server graph (#40686)
aed2dc0 Add handling for static generation in app (#40561)
4a53582 fix(image): preload should respect crossOrigin (#40676)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) --- updated-dependencies: - dependency-name: async dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md">async's changelog</a>.</em></p> <blockquote> <h1>v2.6.4</h1> <ul> <li>Fix potential prototype pollution exploit (<a href="https://github-redirect.dependabot.com/caolan/async/issues/1828">#1828</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/caolan/async/commit/c6bdaca4f9175c14fc655d3783c6af6a883e6514"><code>c6bdaca</code></a> Version 2.6.4</li> <li><a href="https://github.com/caolan/async/commit/8870da9d5022bab310413041b4079e10db3980b7"><code>8870da9</code></a> Update built files</li> <li><a href="https://github.com/caolan/async/commit/4df6754ef4e96a742956df8782fee27242a2ea12"><code>4df6754</code></a> update changelog</li> <li><a href="https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2"><code>8f7f903</code></a> Fix prototype pollution vulnerability (<a href="https://github-redirect.dependabot.com/caolan/async/issues/1828">#1828</a>)</li> <li>See full diff in <a href="https://github.com/caolan/async/compare/v2.6.3...v2.6.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~hargasinski">hargasinski</a>, a new releaser for async since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async&package-manager=npm_and_yarn&previous-version=2.6.3&new-version=2.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TyMick/rt-simulator/network/alerts). </details>

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/substack/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846"><code>7efb22a</code></a> 1.2.6</li> <li><a href="https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2"><code>ef88b93</code></a> security notice for additional prototype pollution issue</li> <li><a href="https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d"><code>c2b9819</code></a> isConstructorOrProto adapted from PR</li> <li><a href="https://github.com/substack/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb"><code>bc8ecee</code></a> test from prototype pollution PR</li> <li>See full diff in <a href="https://github.com/substack/minimist/compare/1.2.5...1.2.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=minimist&package-manager=npm_and_yarn&previous-version=1.2.5&new-version=1.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TyMick/rt-simulator/network/alerts). </details>

Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) to 2.6.7 and updates ancestor dependency [next](https://github.com/vercel/next.js). These dependencies need to be updated together. Updates `node-fetch` from 2.6.1 to 2.6.7 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.1...v2.6.7) Updates `next` from 11.1.2 to 11.1.4 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v11.1.2...v11.1.4) --- updated-dependencies: - dependency-name: node-fetch dependency-type: indirect - dependency-name: next dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.25 to 3.3.4. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.1.25...3.3.4) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) to 2.6.7 and updates ancestor dependency [next](https://github.com/vercel/next.js). These dependencies need to be updated together. Updates `node-fetch` from 2.6.1 to 2.6.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/releases">node-fetch's releases</a>.</em></p> <blockquote> <h2>v2.6.7</h2> <h1>Security patch release</h1> <p>Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred</p> <h2>What's Changed</h2> <ul> <li>fix: don't forward secure headers to 3th party by <a href="https://github.com/jimmywarting"><code>@jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1453">node-fetch/node-fetch#1453</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7">https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7</a></p> <h2>v2.6.6</h2> <h2>What's Changed</h2> <ul> <li>fix(URL): prefer built in URL version when available and fallback to whatwg by <a href="https://github.com/jimmywarting"><code>@jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1352">node-fetch/node-fetch#1352</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6">https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6</a></p> <h2>v2.6.2</h2> <p>fixed main path in package.json</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35"><code>1ef4b56</code></a> backport of <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1449">#1449</a> (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1453">#1453</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/8fe5c4ea66b9b8187600e6d5ec9b1b6781f44009"><code>8fe5c4e</code></a> 2.x: Specify encoding as an optional peer dependency in package.json (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1310">#1310</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/f56b0c66d3dd2ef185436de1f2fd40f66bfea8f4"><code>f56b0c6</code></a> fix(URL): prefer built in URL version when available and fallback to whatwg (...</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/b5417aea6a3275932283a200214522e6ab53f1ea"><code>b5417ae</code></a> fix: import whatwg-url in a way compatible with ESM Node (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1303">#1303</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/18193c5922c64046b922e18faf41821290535f06"><code>18193c5</code></a> fix v2.6.3 that did not sending query params (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1301">#1301</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/ace7536c955556be742d9910566738630cc3c2a6"><code>ace7536</code></a> fix: properly encode url with unicode characters (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1291">#1291</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/152214ca2f6e2a5a17d71e4638114625d3be30c6"><code>152214c</code></a> Fix(package.json): Corrected main file path in package.json (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1274">#1274</a>)</li> <li>See full diff in <a href="https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~endless">endless</a>, a new releaser for node-fetch since your current version.</p> </details> <br /> Updates `next` from 11.1.2 to 11.1.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v12.3.2.-canary.11</h2> <h3>Core Changes</h3> <ul> <li>Fix bundling and module resolution in the server layer: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40818">#40818</a></li> <li>Handle loading returning undefined: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40938">#40938</a></li> <li>Fix SWC loader ignore for the server layer when Babel is used: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40939">#40939</a></li> <li>Code refactoring for webpack-config: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40942">#40942</a></li> <li>Merge e2e test node_modules: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40926">#40926</a></li> <li>Rename 404 -> not-found for new router: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40941">#40941</a></li> <li>remove reducer from server bundle: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40959">#40959</a></li> <li>[edge] serialize custom config to middleware-manifest: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40881">#40881</a></li> <li>Font loader support in app: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40898">#40898</a></li> <li>docs: add inline documentation for Link props: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40855">#40855</a></li> <li>feat(experimental): option to polyfill <code>fetch</code> using <code>undici</code> in Node.js <18: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40318">#40318</a></li> <li>Update return shape of generateStaticParams: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40965">#40965</a></li> <li>remove legacy transform code: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40966">#40966</a></li> <li>Revert "edge-ssr: bundle next/dist as ESM for better tree-shaking (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40251">#40251</a>): <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40967">#40967</a></li> </ul> <h3>Documentation Changes</h3> <ul> <li>Typo in middleware upgrade guide: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40963">#40963</a></li> <li>Add useState and useEffect import: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40944">#40944</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>Always show node_modules inside test in VS Code: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40956">#40956</a></li> <li>misc: add benchmarking script for edge rendering: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40716">#40716</a></li> <li>Add timeout to playwright setup job: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/40960">#40960</a></li> <li>Increase playwright install timeout to 5 min</li> <li>Increase other timeouts</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/shuding"><code>@shuding</code></a>, <a href="https://github.com/timneutkens"><code>@timneutkens</code></a>, <a href="https://github.com/feedthejim"><code>@feedthejim</code></a>, <a href="https://github.com/ijjk"><code>@ijjk</code></a>, <a href="https://github.com/Schniz"><code>@Schniz</code></a>, <a href="https://github.com/hanneslund"><code>@hanneslund</code></a>, <a href="https://github.com/HaNdTriX"><code>@HaNdTriX</code></a>, <a href="https://github.com/sedlukha"><code>@sedlukha</code></a>, <a href="https://github.com/hashlash"><code>@hashlash</code></a>, and <a href="https://github.com/Ethan-Arrowood"><code>@Ethan-Arrowood</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/75b7a57e0f0044d9315eb6adbd4231b67799d0b1"><code>75b7a57</code></a> v11.1.4</li> <li><a href="https://github.com/vercel/next.js/commit/e8b6d05f9a86eb93fa3441cbcdf672ab19958066"><code>e8b6d05</code></a> Update node-fetch</li> <li><a href="https://github.com/vercel/next.js/commit/ec1a0f7643172e5beba96e7be7d000471813cf69"><code>ec1a0f7</code></a> v11.1.3</li> <li><a href="https://github.com/vercel/next.js/commit/4dc9bba59b5c4f1d49d9a7b2662c21f225cbd38e"><code>4dc9bba</code></a> Add no-verify-access for lerna</li> <li><a href="https://github.com/vercel/next.js/commit/e314019e987e9bfcc7c8cf6cb7bf6c005521a3f6"><code>e314019</code></a> use correct token</li> <li><a href="https://github.com/vercel/next.js/commit/1a40e71a5ef6b906a5871c1deab6c79b5118189a"><code>1a40e71</code></a> fix lint</li> <li><a href="https://github.com/vercel/next.js/commit/b01acc1b1a5ede2840023bfc3aaedd7415cb8aec"><code>b01acc1</code></a> Update branch name to next-11</li> <li><a href="https://github.com/vercel/next.js/commit/66de88d9dc2e8f58d392a694eb8833bce7d43c80"><code>66de88d</code></a> Use next-11 tag</li> <li><a href="https://github.com/vercel/next.js/commit/303bc0f94d8f3bb809a1eed14ddcaf15bc915a14"><code>303bc0f</code></a> Allow publishing on v11-patch branch</li> <li><a href="https://github.com/vercel/next.js/commit/f59c82b53fabfb3a07184816d3949f9553aaf44d"><code>f59c82b</code></a> Enable GitHub actions for v11-patch branch</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v11.1.2...v11.1.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~vercel-release-bot">vercel-release-bot</a>, a new releaser for next since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TyMick/rt-simulator/network/alerts). </details>

Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.25 to 3.3.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's changelog</a>.</em></p> <blockquote> <h2>3.3.4</h2> <ul> <li>Fixed <code>--help</code> in CLI (by <a href="https://github.com/Lete114"><code>@Lete114</code></a>).</li> </ul> <h2>3.3.3</h2> <ul> <li>Reduced size (by Anton Khlynovskiy).</li> </ul> <h2>3.3.2</h2> <ul> <li>Fixed <code>enhanced-resolve</code> support.</li> </ul> <h2>3.3.1</h2> <ul> <li>Reduced package size.</li> </ul> <h2>3.3</h2> <ul> <li>Added <code>size</code> argument to function from <code>customAlphabet</code> (by Stefan Sundin).</li> </ul> <h2>3.2</h2> <ul> <li>Added <code>--size</code> and <code>--alphabet</code> arguments to binary (by Vitaly Baev).</li> </ul> <h2>3.1.32</h2> <ul> <li>Reduced <code>async</code> exports size (by Artyom Arutyunyan).</li> <li>Moved from Jest to uvu (by Vitaly Baev).</li> </ul> <h2>3.1.31</h2> <ul> <li>Fixed collision vulnerability on object in <code>size</code> (by Artyom Arutyunyan).</li> </ul> <h2>3.1.30</h2> <ul> <li>Reduced size for project with <code>brotli</code> compression (by Anton Khlynovskiy).</li> </ul> <h2>3.1.29</h2> <ul> <li>Reduced npm package size.</li> </ul> <h2>3.1.28</h2> <ul> <li>Reduced npm package size.</li> </ul> <h2>3.1.27</h2> <ul> <li>Cleaned <code>dependencies</code> from development tools.</li> </ul> <h2>3.1.26</h2> <ul> <li>Improved performance (by Eitan Har-Shoshanim).</li> <li>Reduced npm package size.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ai/nanoid/commit/fc5bd0dbba830b1e6f3e572da8e2bc9ddc1b4b44"><code>fc5bd0d</code></a> Release 3.3.4 version</li> <li><a href="https://github.com/ai/nanoid/commit/5ae2628e3b2ce10081cebc59a72f15dc4f459e0b"><code>5ae2628</code></a> Update dependencies</li> <li><a href="https://github.com/ai/nanoid/commit/2f48e9c59399fa1e9aa8693be80ad9224aaec293"><code>2f48e9c</code></a> Try to fix CI</li> <li><a href="https://github.com/ai/nanoid/commit/85991e3e2a8254c9c55b6972051560f6f446b01b"><code>85991e3</code></a> fix: CLI help examples (<a href="https://github-redirect.dependabot.com/ai/nanoid/issues/361">#361</a>)</li> <li><a href="https://github.com/ai/nanoid/commit/89d994cd30cac6e2cb465ea8baf3828668ad3c88"><code>89d994c</code></a> Update dependencies</li> <li><a href="https://github.com/ai/nanoid/commit/00547e79e9717e632264af4477076a4e90c23c20"><code>00547e7</code></a> Fix benchmark order</li> <li><a href="https://github.com/ai/nanoid/commit/a8f4099263b8c1befffcbf983977aa8862866915"><code>a8f4099</code></a> bench: add back <code>@napi-rs/uuid</code> (<a href="https://github-redirect.dependabot.com/ai/nanoid/issues/360">#360</a>)</li> <li><a href="https://github.com/ai/nanoid/commit/acd897f565719ada3f6f9e509e818932afe23bdb"><code>acd897f</code></a> Added postgres extension to various README files (<a href="https://github-redirect.dependabot.com/ai/nanoid/issues/359">#359</a>)</li> <li><a href="https://github.com/ai/nanoid/commit/772a61307d127f58c750d360d925a75b3061f5a1"><code>772a613</code></a> Update CI and dependencies</li> <li><a href="https://github.com/ai/nanoid/commit/e7aeb0fb84efef026dd6d5c4105a08160febf205"><code>e7aeb0f</code></a> Added zig-nanoid to readme. (<a href="https://github-redirect.dependabot.com/ai/nanoid/issues/357">#357</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ai/nanoid/compare/3.1.25...3.3.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nanoid&package-manager=npm_and_yarn&previous-version=3.1.25&new-version=3.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TyMick/rt-simulator/network/alerts). </details>

Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 3.0.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chalk/ansi-regex/commit/f545bdb80048f527889eddb9ac1a851c6f2a2241"><code>f545bdb</code></a> 3.0.1</li> <li><a href="https://github.com/chalk/ansi-regex/commit/c57d4c2fdbe0357a0f6dd42d1160defdc9fffdf5"><code>c57d4c2</code></a> fix a few old XO issues for backport</li> <li><a href="https://github.com/chalk/ansi-regex/commit/419250fa510bf31b4cc672e76537a64f9332e1f1"><code>419250f</code></a> Fix potential ReDoS (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/37">#37</a>)</li> <li>See full diff in <a href="https://github.com/chalk/ansi-regex/compare/v3.0.0...v3.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ansi-regex&package-manager=npm_and_yarn&previous-version=3.0.0&new-version=3.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TyMick/rt-simulator/network/alerts). </details>

Removes [shell-quote](https://github.com/substack/node-shell-quote). It's no longer used after updating ancestor dependency [next](https://github.com/vercel/next.js). These dependencies need to be updated together. Removes `shell-quote` Updates `next` from 11.1.2 to 12.3.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v11.1.2...v12.3.1) --- updated-dependencies: - dependency-name: shell-quote dependency-type: indirect - dependency-name: next dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot and others added 6 commits March 30, 2022 02:30

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 1, 2022

dependabot bot and others added 4 commits October 1, 2022 23:11

dependabot bot force-pushed the dependabot/npm_and_yarn/shell-quote-and-next--removed branch from c8c5a8f to 000a5b3 Compare October 1, 2022 23:14

dependabot bot force-pushed the dependabot/npm_and_yarn/shell-quote-and-next--removed branch from 000a5b3 to a1e0446 Compare October 1, 2022 23:15

TyMick force-pushed the master branch from 9827bbc to 6cc89ec Compare October 1, 2022 23:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump shell-quote and next #21

Bump shell-quote and next #21

dependabot bot commented on behalf of github Oct 1, 2022 •

edited

Loading

Bump shell-quote and next #21

Are you sure you want to change the base?

Bump shell-quote and next #21

Conversation

dependabot bot commented on behalf of github Oct 1, 2022 • edited Loading

v12.3.1

Core Changes

dependabot bot commented on behalf of github Oct 1, 2022 •

edited

Loading