Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the npm_and_yarn group across 1 directory with 11 updates #4

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Aug 16, 2024

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
coveralls 2.13.3 3.1.1
cssnano 3.10.0 7.0.5
grunt-cli 0.1.13 1.5.0
grunt-eslint 19.0.0 25.0.0
mocha 3.5.3 10.7.3
elliptic 6.5.4 6.5.7

Updates coveralls from 2.13.3 to 3.1.1

Release notes

Sourced from coveralls's releases.

Maintenance / Security updates

  • swapped exec for execFile. Credit: Adar Zandberg from the CxSCA AppSec team at Checkmarx.
  • updated devDependencies
  • merged Dependabot PRs

Improved CircleCI / Travis parallelism support

  • Handle service_job_number for parallelism in Travis and CircleCI (#290) 705c3b5
  • Update sinon to v7.5.0. (#288) eb6dc35

nickmerwin/node-coveralls@v3.0.14...v3.1.0


This is a minor release due to the change in behavior for CircleCI, which now uses the Workflow ID to merge parallel coverage jobs:

    options.service_number = process.env.CIRCLE_WORKFLOW_ID;
    options.service_job_number = process.env.CIRCLE_BUILD_NUM;

Maintenance

Maintenance release

No release notes provided.

COVERALLS_SERVICE_NUMBER environment variable support

Improved:

  • If COVERALLS_SERVICE_NUMBER is set, set service_number from it. (@​midgleyc)

CodeFresh support, Maintenance

Added:

Improved:

Updated:

... (truncated)

Commits

Updates cssnano from 3.10.0 to 7.0.5

Release notes

Sourced from cssnano's releases.

v7.0.5

Bug Fixes

v7.0.4

Bug fixes

v7.0.3

Bug Fixes

  • cssnano-preset-default: preserve SVG viewbox and title by default
  • postcss-convert-values: preserve percent sign in arguments of color functions when needed
  • postcss-ordered-values: preserve correct order in animation property
  • postcss-minify-selectors: preserve quotes when escaping selector is required
  • postcss-discard-comments: do not remove strings that only look like comments in selectors

Thanks to @​ota-meshi and @​seiyab for their contributions to this release.

v7.0.2

Bug Fixes

  • fix invalid output in some cases where selectors contain comments

v7.0.1

Patch changes

Update postcss-calc dependency to latest version

v7.0.0

Breaking changes

This release drops official support for unmaintained long term support Node.js releases 14 and 16. It also drops support for non-long term support releases 19 and 21 and add support for Node.js 22. Only the package.json engines field has been updated. The code should otherwise be identical to the previous 6.1.2 release.

Ensuring support for older Node.js had become difficult as the GitHub actions runners are not available for the latest MacOS and recent pnpm also could not run on CI any more.

v6.1.2

Bug Fixes

  • preserve correct order of gap and column-gap properties

Patch Changes

  • update autoprefixer

v6.1.1

Patch changes

  • update selector parser
  • in the minify font plugin, you can pass a function to determine whether a css variable is one of font, font-family, and font-weight to determine whether the variable needs to remove quotes.

v6.1.0

This release contains a lot of fixes to Browserslist support thanks to @​colinrotherham

... (truncated)

Commits
  • a7855c1 Publish cssnano 7.0.5
  • 314868b Fix layer rule deduping (#1656)
  • f14a898 chore: update all dependencies
  • 656011d chore: update development dependencies
  • dff5c42 chore: update browserslist and postcss-selector-parser
  • 7e4c9ae chore: update development dependencies
  • 511ca60 docs: update website for release
  • 88df72a Publish cssnano 7.0.4
  • 36b3087 chore: update postcss dev dependency
  • d6f9a32 fix(postcss-convert-values): prserve percent sign in border-image-width
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ludovicofischer, a new releaser for cssnano since your current version.


Updates grunt-cli from 0.1.13 to 1.5.0

Release notes

Sourced from grunt-cli's releases.

v1.5.0

  • package version for np 7f5c4e8
  • v1.5.0 (#157) bd5917d
  • Update from nopt 4.x to nopt 5.0.0 (#156) f33cc6a
  • Updated dependencies on v8flags to latest, v8flags no longer uses an md5 hash. (#154) 670029a

gruntjs/grunt-cli@v1.4.3...v1.5.0

v1.4.3

gruntjs/grunt-cli@v1.4.0...v1.4.3

v1.4.2

gruntjs/grunt-cli@v1.4.0...v1.4.2

v1.4.1

gruntjs/grunt-cli@v1.4.0...v1.4.1

v1.4.0

  • Update changelog bbc4400
  • Ignore package-lock 3fa5bf6
  • Update deps, switch to actions (#141) c271173
  • Bump deps, required node version and ci (#137) 84ebcb8

gruntjs/grunt-cli@v1.3.2...v1.4.0

Changelog

Sourced from grunt-cli's changelog.

  • v1.5.0:
    • date: 2024-07-20
    • changes:
      • Update "v8flags" dependency to support FIPS-enabled systems.
      • Update "nopt"d peendency to fix "osenv" deprecation warning.
  • v1.4.1:
    • date: 2021-05-24
    • changes:
      • fix preload option for latest grunt
  • v1.4.0:
    • date: 2021-03-25
    • changes:
      • updated dependencies
      • Requires node >= 10
  • v1.3.2:
    • date: 2018-11-04
    • changes:
      • bump v8 flags dependency
  • v1.3.1:
    • date: 2018-08-18
    • changes:
      • cwd option fix
  • v1.3.0:
    • date: 2018-08-15
    • changes:
      • Switch to 'liftoff' module for CLI
      • Dropped support for node 0.10, 0.12.
  • v1.2.0
    • date: 2016-04-01
    • changes:
      • Use shared grunt-known-options module.
  • v1.1.0
    • date: 2016-03-22
    • changes:
      • Update to "nopt": "~3.0.6".
      • nopt is upgraded to ~3.0.6 which has fixed many issues, including passing multiple arguments and dealing with numbers as options. Be aware previously --foo bar used to pass the value 'bar' to the option foo. It will now set the option foo to true and run the task bar.
  • v1.0.1
    • date: 2016-03-22
    • changes:
      • Revert to "nopt": "~1.0.10" due to issues with the update.
  • v1.0.0
    • date: 2016-03-21
    • changes:
      • Update dev deps
      • Update error message when Gruntfile is not found
  • v1.0.0-rc1
    • date: 2016-02-11
    • changes:
      • Update findup-sync and other deps

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for grunt-cli since your current version.


Updates grunt-eslint from 19.0.0 to 25.0.0

Release notes

Sourced from grunt-eslint's releases.

v25.0.0

Breaking

Improvements

  • Update to ESLint 9 (#175) 81834b4
  • Support flat config (#175) 81834b4

sindresorhus/grunt-eslint@v24.3.0...v25.0.0

v24.3.0

  • Update dependencies 495118b

sindresorhus/grunt-eslint@v24.2.0...v24.3.0

v24.2.0

  • Update dependencies 826ca5f

sindresorhus/grunt-eslint@v24.1.0...v24.2.0

v24.1.0

  • Support async formatters (#174) 89eb056

sindresorhus/grunt-eslint@v24.0.1...v24.1.0

v24.0.1

  • Fix the plugin not finishing in some cases 1322e30

sindresorhus/grunt-eslint@v24.0.0...v24.0.1

v24.0.0

Breaking

  • Upgrade to ESLint 8 (#171) dbaf9d5
  • Require Node.js 12 (#171) dbaf9d5
  • Due to ESLint changes, some of the options (the ones that are not documented in the readme here) have changed. For example, configFile changed to overrideConfigFile. Consult the ESLint docs for the available options.

sindresorhus/grunt-eslint@v23.0.0...v24.0.0

v23.0.0

Breaking

  • Upgrade to ESLint 7 (#167) a8f45f6
  • Require Node.js 10 (#167) a8f45f6

sindresorhus/grunt-eslint@v22.0.0...v23.0.0

... (truncated)

Commits

Updates mocha from 3.5.3 to 10.7.3

Release notes

Sourced from mocha's releases.

v10.7.3

10.7.3 (2024-08-09)

🩹 Fixes

v10.7.2

10.7.2 (2024-08-06)

📚 Documentation

🧹 Chores

v10.7.1

10.7.1 (2024-08-06)

🩹 Fixes

  • crash with --parallel and --retries both enabled (#5173) (d7013dd)

🧹 Chores

  • add knip to validate included dependencies (5c2989f)
  • more fully remove assetgraph-builder and canvas (#5175) (1883c41)
  • replace nps with npm scripts (#5128) (c44653a), closes #5126

v10.7.0

What's Changed

New Contributors

Full Changelog: mochajs/mocha@v10.6.1...v10.7.0

v10.6.1

What's Changed

... (truncated)

Changelog

Sourced from mocha's changelog.

10.7.3 (2024-08-09)

🩹 Fixes

10.7.2 (2024-08-06)

📚 Documentation

🧹 Chores

10.7.1 (2024-08-06)

🩹 Fixes

  • crash with --parallel and --retries both enabled (#5173) (d7013dd)

🧹 Chores

  • add knip to validate included dependencies (5c2989f)
  • more fully remove assetgraph-builder and canvas (#5175) (1883c41)
  • replace nps with npm scripts (#5128) (c44653a), closes #5126

10.7.0 / 2024-07-20

🎉 Enhancements

10.6.1 / 2024-07-20

🐛 Fixes

10.6.0 / 2024-07-02

🎉 Enhancements

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.


Updates js-yaml from 3.6.1 to 3.13.1

Changelog

Sourced from js-yaml's changelog.

[3.13.1] - 2019-04-05

Security

  • Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

  • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

  • Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

  • Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

  • Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

  • Add arrow functions suport for !!js/function.

Fixed

  • Fix dump in bin/octal/hex formats for negative integers, #399.

[3.10.0] - 2017-09-10

Fixed

  • Fix condenseFlow output (quote keys for sure, instead of spaces), #371, #370.
  • Dump astrals as codepoints instead of surrogate pair, #368.

[3.9.1] - 2017-07-08

Fixed

  • Ensure stack is present for custom errors in node 7.+, #351.

[3.9.0] - 2017-07-08

Added

  • Add condenseFlow option (to create pretty URL query params), #346.

Fixed

... (truncated)

Commits

Updates minimist from 0.0.8 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits
  • 6901ee2 v1.2.8
  • a026794 Merge tag 'v0.2.3'
  • c0b2661 v0.2.3
  • 63b8fee [Fix] Fix long option followed by single dash (#17)
  • 72239e6 [Tests] Remove duplicate test (#12)
  • 34b0f1c [eslint] fix indentation
  • 3226afa [Dev Deps] add missing npmignore dev dep
  • 098873c [Dev Deps] update @ljharb/eslint-config, aud
  • 9ec4d27 [Fix] Fix long option followed by single dash
  • ba92fe6 [actions] Avoid 0.6 tests due to build failures
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.


Updates request from 2.79.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

v2.87.0 (2018/05/21)

v2.86.0 (2018/05/15)

v2.85.0 (2018/03/12)

v2.84.0 (2018/03/12)

v2.83.0 (2017/09/27)

v2.82.0 (2017/09/19)

v2.81.0 (2017/03/09)

v2.80.0 (2017/03/04)

... (truncated)

Commits

Updates elliptic from 6.5.4 to 6.5.7

Commits

Updates lodash from 2.4.2 to 4.17.21

Release notes

Sourced from lodash's releases.

4.0.0

lodash v4.0.0

2015 was big year! Lodash became the most depended on npm package, passed 1 billion downloads, & its v3 release saw massive adoption!

The year was also one of collaboration, as discussions began on merging Lodash & Underscore. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 would not be possible without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with several members contributing to both libraries.

For 2016 & lodash v4.0.0 we wanted to cut loose, push forward, & take things up a notch!

Modern only

With v4 we’re breaking free from old projects, old environments, & dropping old IE < 9 support!

4 kB Core

Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) core build that’s compatible with Backbone v1.2.4 for folks who want Lodash without lugging around the kitchen sink.

More ES6

We’ve continued to embrace ES6 with methods like _.isSymbol, added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable _(…).

In addition, we’ve published an es-build & pulled babel-plugin-lodash into core to make tree-shaking a breeze.

More Modular

Pop quiz! 📣

What category path does the bindAll method belong to? Is it

A) require('lodash/function/bindAll') B) require('lodash/utility/bindAll') C) require('lodash/util/bindAll')

Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as

var bindAll = require('lodash/bindAll');

We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like Async & Redux!

1st Class FP

With v3 we introduced lodash-fp. We learned a lot & with v4 we decided to pull it into core.

Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as

var _ = require('lodash/fp');
var object = { 'a': 1 };
</tr></table> 

... (truncated)

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates tunnel-agent from 0.4.3 to 0.6.0

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [coveralls](https://github.com/nickmerwin/node-coveralls) | `2.13.3` | `3.1.1` |
| [cssnano](https://github.com/cssnano/cssnano) | `3.10.0` | `7.0.5` |
| [grunt-cli](https://github.com/gruntjs/grunt-cli) | `0.1.13` | `1.5.0` |
| [grunt-eslint](https://github.com/sindresorhus/grunt-eslint) | `19.0.0` | `25.0.0` |
| [mocha](https://github.com/mochajs/mocha) | `3.5.3` | `10.7.3` |
| [elliptic](https://github.com/indutny/elliptic) | `6.5.4` | `6.5.7` |



Updates `coveralls` from 2.13.3 to 3.1.1
- [Release notes](https://github.com/nickmerwin/node-coveralls/releases)
- [Commits](https://github.com/nickmerwin/node-coveralls/commits/3.1.1)

Updates `cssnano` from 3.10.0 to 7.0.5
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/[email protected])

Updates `grunt-cli` from 0.1.13 to 1.5.0
- [Release notes](https://github.com/gruntjs/grunt-cli/releases)
- [Changelog](https://github.com/gruntjs/grunt-cli/blob/main/CHANGELOG.md)
- [Commits](gruntjs/grunt-cli@v0.1.13...v1.5.0)

Updates `grunt-eslint` from 19.0.0 to 25.0.0
- [Release notes](https://github.com/sindresorhus/grunt-eslint/releases)
- [Commits](sindresorhus/grunt-eslint@v19.0.0...v25.0.0)

Updates `mocha` from 3.5.3 to 10.7.3
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](mochajs/mocha@v3.5.3...v10.7.3)

Updates `js-yaml` from 3.6.1 to 3.13.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.6.1...3.13.1)

Updates `minimist` from 0.0.8 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v0.0.8...v1.2.8)

Updates `request` from 2.79.0 to 2.88.2
- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)
- [Commits](https://github.com/request/request/commits)

Updates `elliptic` from 6.5.4 to 6.5.7
- [Commits](indutny/elliptic@v6.5.4...v6.5.7)

Updates `lodash` from 2.4.2 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@2.4.2...4.17.21)

Updates `tunnel-agent` from 0.4.3 to 0.6.0
- [Commits](request/tunnel-agent@v0.4.3...v0.6.0)

---
updated-dependencies:
- dependency-name: coveralls
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: cssnano
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: grunt-cli
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: grunt-eslint
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: mocha
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimist
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: request
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tunnel-agent
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants