Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the npm_and_yarn group across 1 directories with 7 updates #383

Merged
merged 1 commit into from
Feb 7, 2024
Merged

build(deps): bump the npm_and_yarn group across 1 directories with 7 updates #383

merged 1 commit into from
Feb 7, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 7, 2024

Bumps the npm_and_yarn group with 4 updates in the /. directory: semver, @apideck/portman, semantic-release and nodemon.

Updates semver from 5.7.2 to 7.5.4

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

Documentation

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

v7.5.0

7.5.0 (2023-04-17)

Features

Bug Fixes

v7.4.0

7.4.0 (2023-04-10)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

7.5.3 (2023-06-22)

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

7.5.0 (2023-04-17)

Features

Bug Fixes

7.4.0 (2023-04-10)

Features

... (truncated)

Commits
  • 36cd334 chore: release 7.5.4
  • 8456d87 chore: postinstall for dependabot template-oss PR
  • dde1f00 chore: postinstall for dependabot template-oss PR
  • dffcd1b chore: bump @​npmcli/template-oss from 4.16.0 to 4.17.0
  • d619f66 chore: postinstall for dependabot template-oss PR
  • 3bc4247 chore: bump @​npmcli/template-oss from 4.15.1 to 4.16.0
  • cc6fde2 fix: trim each range set before parsing
  • 99d8287 fix: correctly parse long build ids as valid (#583)
  • 4f0f6b1 chore: fix arguments in whitespace test (#574)
  • 6bd1a37 chore: remove duplicate test in semver class (#575)
  • Additional commits viewable in compare view

Updates @apideck/portman from 1.22.0 to 1.26.3

Release notes

Sourced from @​apideck/portman's releases.

v1.26.3

What's Changed

Full Changelog: apideck-libraries/portman@v1.26.2...v1.26.3

v1.26.2

What's Changed

Full Changelog: apideck-libraries/portman@v1.26.1...v1.26.2

v1.26.1

What's Changed

Full Changelog: apideck-libraries/portman@v1.26.0...v1.26.1

v1.26.0

What's Changed

[!CAUTION]
Breaking Change: The default behaviour of the Query parameters is changed since version 1.26.0.Optional query parameters will be disabled in Postman by default. More details can be found in the https://github.com/apideck-libraries/portman/blob/HEAD/CHANGELOG.md.

Full Changelog: apideck-libraries/portman@v1.25.1...v1.26.0

v1.25.1

What's Changed

Full Changelog: apideck-libraries/portman@v1.25.0...v1.25.1

v1.25.0

What's Changed

  • AssignVariables: Option to use template expressions for variable names (#548)
  • AssignVariables: Option to use template expressions for variable properties for Request body, Response body & header (#548)
  • Overwrites: Option to use template expressions for values (#548)
  • Globals: Define the casing of the generated variable names (#541)
  • Globals: Apply variableCasing for injected .ENV variables (#548)
  • Globals: Define the separatorSymbol used in the Postman test names (#541)
  • Support for loading local or remote JSON/YAML config files (#547)
  • Implement openapi-format as module (#539)
  • Fix includeTests parameter behaviour (#544)

... (truncated)

Changelog

Sourced from @​apideck/portman's changelog.

v1.26.3 - (2024-02-07)

  • overwriteRequestQueryParams - Auto-enable query parameters when overwrite value is set (#559)
  • overwriteRequestHeaders - Auto-enable headers when overwrite value is set (#559)
  • normalizedPathRef: Improve handling colon character (#556)

v1.26.2 - (2024-01-28)

  • Fuzzing - Enable query parameters and headers for fuzzed values (#554)

v1.26.1 - (2024-01-18)

  • overwriteRequestHeaders: Added disable false option (#551)
  • Bumped dependencies: openapi-to-postman 4.19.0 (#551)

v1.26.0 - (2024-01-16)

  • Portman - Change default enableOptionalParameters setting to false (#550)

[!CAUTION]
Breaking Change: The default behaviour of the Query parameters is changed since version 1.26.0.Optional query parameters will be disabled in Postman by default.

This will reduce the need for extra Portman config to disable the optional query parameters in the Postman collection and provide a more expected result in Postman.

OpenAPI:

    limitParam:
      name: limit
      in: query
      description: (Required) Number of records to return
      required: true # <----------
      schema:
        type: string

BEFORE

All the query parameters are enabled in the Postman collection.

AFTER

Only the required query parameters are enabled in the Postman collection.

You can modify this default behaviour by using --postmanConfigFile parameters. This will allow you to provide a specific configuration file that will be used for converting the OpenAPI specification to Postman.

... (truncated)

Commits
  • 6573622 1.26.3
  • 455027d release 1.26.3
  • 6558fa5 Merge pull request #561 from apideck-libraries/556-keep-colon
  • f025e4a normalizedPathRef: Improve : handling
  • 646704d Merge pull request #559 from apideck-libraries/557-query-param
  • cd58891 Auto-enable headers when overwrite value is set
  • 34d2fe0 Auto-enable query parameters when overwrite value is set
  • 2ea059a 1.26.2
  • f22ba3b Merge pull request #554 from apideck-libraries/fuzzing-enabled-query
  • 232bf4a Fuzzing: Enable Fuzzed query params & headers
  • Additional commits viewable in compare view

Updates semantic-release from 19.0.5 to 23.0.2

Release notes

Sourced from semantic-release's releases.

v23.0.2

23.0.2 (2024-02-07)

Bug Fixes

v23.0.1

23.0.1 (2024-02-06)

Bug Fixes

  • deps: update dependency marked-terminal to v7 (9faded8)

v23.0.0

23.0.0 (2024-01-12)

Bug Fixes

  • deps: update dependency cosmiconfig to v9 (#3105) (07dde04)
  • deps: update dependency marked to v11 (#3079) (6d2a6f1)
  • deps: upgraded to the latest version of env-ci (0d0ed9d)
  • use one note reference per tag to prevent conflicts (#2085) (020ea7d)

Features

BREAKING CHANGES

related to semantic-release/semantic-release#3088

v23.0.0-beta.5

23.0.0-beta.5 (2024-01-05)

Bug Fixes

... (truncated)

Commits
  • 38105f5 fix(deps): update dependency marked to v12 (#3176)
  • 7fb784f ci(action): update actions/upload-artifact action to v4.3.1 (#3181)
  • e3245f3 ci(action): update actions/setup-node action to v4.0.2 (#3184)
  • 28bcc1d chore(deps): update dependency prettier to v3.2.5 (#3177)
  • 9faded8 fix(deps): update dependency marked-terminal to v7
  • fccab39 chore(deps): lock file maintenance (#3179)
  • 6be2280 chore(deps): update dependency got to v14.2.0 (#3175)
  • 518b47d chore(deps): update dependency npm-run-all2 to v6.1.2 (#3171)
  • c6c01aa ci(action): update github/codeql-action action to v3.24.0 (#3173)
  • ee4f99f chore(deps): update dependency ava to v6.1.1 (#3168)
  • Additional commits viewable in compare view

Updates nodemon from 2.0.22 to 3.0.3

Release notes

Sourced from nodemon's releases.

v3.0.3

3.0.3 (2024-01-16)

Bug Fixes

v3.0.2

3.0.2 (2023-12-01)

Bug Fixes

v3.0.1

3.0.1 (2023-07-09)

Bug Fixes

v3.0.0

3.0.0 (2023-07-08)

Bug Fixes

Features

  • always use polling on IBM i (3b58104)

BREAKING CHANGES

  • official support for node@8 dropped.

However there's no function being used in semver that breaks node 8, so it's technically still possible to run with node 8, but it will no longer be supported (or tested in CI).

Commits

Updates axios from 0.26.1 to 1.6.7

Release notes

Sourced from axios's releases.

Release v1.6.7

Release notes:

Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Release v1.6.6

Release notes:

Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Release v1.6.5

Release notes:

Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

Release v1.6.4

Release notes:

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

Release v1.6.3

Release notes:

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.7 (2024-01-25)

Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

1.6.6 (2024-01-24)

Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

1.6.5 (2024-01-05)

Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

1.6.4 (2024-01-03)

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

... (truncated)

Commits

Updates tough-cookie from 2.5.0 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • b1a8898 fix: allow set cookies with localhost (#253)
  • ec70796 4.1.1 Patch -- allow special use domains by default (#250)
  • d4ac580 fix: allow special use domains by default (#249)
  • 79c2f7d 4.1.0 release to NPM (#245)
  • 4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
  • aa4396d fix: distinguish between no samesite and samesite=none (#240)
  • b8d7511 Modernize README (#234)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.


Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

New Contributors

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directories with 7 …
001d8a2 
…updates

Bumps the npm_and_yarn group with 4 updates in the /. directory: [semver](https://github.com/npm/node-semver), [@apideck/portman](https://github.com/apideck-libraries/portman), [semantic-release](https://github.com/semantic-release/semantic-release) and [nodemon](https://github.com/remy/nodemon).


Updates `semver` from 5.7.2 to 7.5.4
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.2...v7.5.4)

Updates `@apideck/portman` from 1.22.0 to 1.26.3
- [Release notes](https://github.com/apideck-libraries/portman/releases)
- [Changelog](https://github.com/apideck-libraries/portman/blob/main/CHANGELOG.md)
- [Commits](apideck-libraries/portman@v1.22.0...v1.26.3)

Updates `semantic-release` from 19.0.5 to 23.0.2
- [Release notes](https://github.com/semantic-release/semantic-release/releases)
- [Commits](semantic-release/semantic-release@v19.0.5...v23.0.2)

Updates `nodemon` from 2.0.22 to 3.0.3
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](remy/nodemon@v2.0.22...v3.0.3)

Updates `axios` from 0.26.1 to 1.6.7
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.26.1...v1.6.7)

Updates `tough-cookie` from 2.5.0 to 4.1.3
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v2.5.0...v4.1.3)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@apideck/portman"
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: semantic-release
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: nodemon
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: axios
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: word-wrap
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 7, 2024
@bagelbits bagelbits merged commit 9a3966d into main Feb 7, 2024
9 checks passed
@bagelbits bagelbits deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-fb4df1ca90 branch February 7, 2024 20:10
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 7, 2024

🎉 This PR is included in version 3.5.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bagelbits bagelbits bagelbits approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bagelbits