Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

Bump the npm_and_yarn group across 1 directories with 7 updates #147

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directories with 7 updates #147

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 8, 2024

Bumps the npm_and_yarn group with 2 updates in the /. directory: grunt and extend.

Updates grunt from 1.0.1 to 1.5.3

Release notes

Sourced from grunt's releases.

v1.5.3

  • Merge pull request #1745 from gruntjs/fix-copy-op 572d79b
  • Patch up race condition in symlink copying. 58016ff
  • Merge pull request #1746 from JamieSlome/patch-1 0749e1d
  • Create SECURITY.md 69b7c50

gruntjs/grunt@v1.5.2...v1.5.3

v1.5.2

  • Update Changelog 7f15fd5
  • Merge pull request #1743 from gruntjs/cleanup-link b0ec6e1
  • Clean up link handling 433f91b

gruntjs/grunt@v1.5.1...v1.5.2

v1.5.1

  • Merge pull request #1742 from gruntjs/update-symlink-test ad22608
  • Fix symlink test 0652305

gruntjs/grunt@v1.5.0...v1.5.1

v1.5.0

  • Updated changelog b2b2c2b
  • Merge pull request #1740 from gruntjs/update-deps-22-10 3eda6ae
  • Update testing matrix 47d32de
  • More updates 2e9161c
  • Remove console log 04b960e
  • Update dependencies, tests... aad3d45
  • Merge pull request #1736 from justlep/main fdc7056
  • support .cjs extension e35fe54

gruntjs/grunt@v1.4.1...v1.5.0

v1.4.1

  • Update Changelog e7625e5
  • Merge pull request #1731 from gruntjs/update-options 5d67e34
  • Fix ci install d13bf88
  • Switch to Actions 08896ae
  • Update grunt-known-options eee0673
  • Add note about a breaking change 1b6e288

gruntjs/grunt@v1.4.0...v1.4.1

v1.4.0

  • Merge pull request #1728 from gruntjs/update-deps-changelog 63b2e89
  • Update changelog and util dep 106ed17
  • Merge pull request #1727 from gruntjs/update-deps-apr 49de70b
  • Update CLI and nodeunit 47cf8b6
  • Merge pull request #1722 from gruntjs/update-through e86db1c
  • Update deps 4952368

... (truncated)

Changelog

Sourced from grunt's changelog.

v1.5.3 date: 2022-04-23 changes: - Patch up race condition in symlink copying. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: gulpjs/liftoff@e7a969d. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0 date: 2020-07-03 changes: - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: gruntjs/grunt#1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for grunt since your current version.


Updates extend from 3.0.1 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

  • [Fix] Prevent merging __proto__ property (#48)
  • [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm
Commits
  • 8d106d2 v3.0.2
  • e97091f [Dev Deps] update tape
  • e841aac [Tests] up to node v10.7
  • 0e68e71 [Fix] Prevent merging proto property
  • a689700 Only apps should have lockfiles
  • f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
  • See full diff in compare view

Updates getobject from 0.1.0 to 1.0.2

Release notes

Sourced from getobject's releases.

v1.0.2

  • Merge pull request #8 from cowboy/dependabot/npm_and_yarn/path-parse-1.0.7 6f86cf7
  • Bump path-parse from 1.0.6 to 1.0.7 6e79841

cowboy/node-getobject@v1.0.1...v1.0.2

v1.0.1

  • Update deps 141e3a5
  • Merge pull request #7 from cowboy/dependabot/npm_and_yarn/hosted-git-info-2.8.9 c97cf3e
  • Bump hosted-git-info from 2.8.8 to 2.8.9 201e91b
  • Update dev deps 5ffb873

cowboy/node-getobject@v1.0.0...v1.0.1

v1.0.0

No release notes provided.

Commits
Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for getobject since your current version.


Updates js-yaml from 3.5.5 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

  • Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.

Fixed

  • Quote = in plain scalars #519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

  • Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

  • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

  • Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

  • Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

  • Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

  • Add arrow functions suport for !!js/function.

Fixed

  • Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits
  • 37caaad 3.14.1 released
  • 094c0f7 dist rebuild
  • 9586ebe Avoid calling hasOwnProperty of user-controlled objects
  • 34e5072 3.14.0 released
  • 7b25c83 Browser files rebuild
  • 6f73473 Dev deps bump
  • 0c29349 Travis-CI: drop old nodejs versions
  • 10be97e fix(loader): Add support for safe/loadAll(input, options)
  • d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
  • 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
  • Additional commits viewable in compare view

Updates lodash from 3.10.1 to 4.17.4

Release notes

Sourced from lodash's releases.

4.0.0

lodash v4.0.0

2015 was big year! Lodash became the most depended on npm package, passed 1 billion downloads, & its v3 release saw massive adoption!

The year was also one of collaboration, as discussions began on merging Lodash & Underscore. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 would not be possible without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with several members contributing to both libraries.

For 2016 & lodash v4.0.0 we wanted to cut loose, push forward, & take things up a notch!

Modern only

With v4 we’re breaking free from old projects, old environments, & dropping old IE < 9 support!

4 kB Core

Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) core build that’s compatible with Backbone v1.2.4 for folks who want Lodash without lugging around the kitchen sink.

More ES6

We’ve continued to embrace ES6 with methods like _.isSymbol, added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable _(…).

In addition, we’ve published an es-build & pulled babel-plugin-lodash into core to make tree-shaking a breeze.

More Modular

Pop quiz! 📣

What category path does the bindAll method belong to? Is it

A) require('lodash/function/bindAll') B) require('lodash/utility/bindAll') C) require('lodash/util/bindAll')

Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as

var bindAll = require('lodash/bindAll');

We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like Async & Redux!

1st Class FP

With v3 we introduced lodash-fp. We learned a lot & with v4 we decided to pull it into core.

Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as

var _ = require('lodash/fp');
var object = { 'a': 1 };
</tr></table>

... (truncated)

Commits
  • 912d6b0 Bump to v4.17.4.
  • 1655720 Rebuild lodash and docs.
  • ae467c7 Update deps.
  • 1e80c19 Remove dead “modern environments” link from readme. [ci skip]
  • 6eeafd3 Update kitchen sink size. [ci skip]
  • e33b156 Ensure _.omit doesn’t mutate object with deep paths. [closes #2912]
  • a23b918 Increment package version to enable ci tests.
  • ef61899 Bump to v4.17.3.
  • 708b962 Rebuild lodash and docs.
  • da2d08d Update deps.
  • Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.0.8

Commits

Updates underscore.string from 3.2.3 to 3.3.6

Changelog

Sourced from underscore.string's changelog.

3.3.6

  • Rebuild all assets for the release packages

3.3.5

3.3.4

  • set standalone in browserify s

3.3.1 / 3.3.2 / 3.3.3

  • fix release script

3.3.0

  • sprintf and vsprintf is now marked as deprecated #479
  • wrap is added to exports #489
  • new build chain without gulp
  • Full changelog
Commits
Maintainer changes

This version was pushed to npm by esamatti, a new releaser for underscore.string since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directories with 7 updates
701e1df 
Bumps the npm_and_yarn group with 2 updates in the /. directory: [grunt](https://github.com/gruntjs/grunt) and [extend](https://github.com/justmoon/node-extend).


Updates `grunt` from 1.0.1 to 1.5.3
- [Release notes](https://github.com/gruntjs/grunt/releases)
- [Changelog](https://github.com/gruntjs/grunt/blob/main/CHANGELOG)
- [Commits](gruntjs/grunt@v1.0.1...v1.5.3)

Updates `extend` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/justmoon/node-extend/blob/main/CHANGELOG.md)
- [Commits](justmoon/node-extend@v3.0.1...v3.0.2)

Updates `getobject` from 0.1.0 to 1.0.2
- [Release notes](https://github.com/cowboy/node-getobject/releases)
- [Commits](cowboy/node-getobject@v0.1.0...v1.0.2)

Updates `js-yaml` from 3.5.5 to 3.14.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.5.5...3.14.1)

Updates `lodash` from 3.10.1 to 4.17.4
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@3.10.1...4.17.4)

Updates `minimatch` from 3.0.4 to 3.0.8
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.0.8)

Updates `underscore.string` from 3.2.3 to 3.3.6
- [Release notes](https://github.com/epeli/underscore.string/releases)
- [Changelog](https://github.com/esamattis/underscore.string/blob/master/CHANGELOG.markdown)
- [Commits](esamattis/underscore.string@3.2.3...3.3.6)

---
updated-dependencies:
- dependency-name: grunt
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: extend
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: getobject
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: js-yaml
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: lodash
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: underscore.string
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 8, 2024
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-6e9d24c8d0 branch from f91bd08 to 701e1df Compare February 8, 2024 02:30
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants