Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the npm_and_yarn group across 1 directory with 8 updates #342

Closed
wants to merge 1 commit into from
Closed

build(deps): bump the npm_and_yarn group across 1 directory with 8 updates #342

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 15, 2024

Bumps the npm_and_yarn group with 8 updates in the /src/front directory:

Package From To
braces 3.0.2 3.0.3
fast-xml-parser 4.3.6 4.5.0
micromatch 4.0.5 4.0.8
serve-static 1.15.0 1.16.2
ws 6.2.2 6.2.3
@sentry/browser 7.100.1 7.119.1
@sentry/react-native 5.20.0 5.34.0
webpack 5.91.0 5.95.0

Updates braces from 3.0.2 to 3.0.3

Commits

Updates fast-xml-parser from 4.3.6 to 4.5.0

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.5.0 / 2024-09-03

  • feat #666: ignoreAttributes support function, and array of string or regex (By ArtemM)

4.4.1 / 2024-07-28

  • v5 fix: maximum length limit to currency value
  • fix #634: build attributes with oneListGroup and attributesGroupName (#653)(By Andreas Naziris)
  • fix: get oneListGroup to work as expected for array of strings (#662)(By Andreas Naziris)

4.4.0 / 2024-05-18

  • fix #654: parse attribute list correctly for self closing stop node.
  • fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)
  • fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

4.3.5 / 2024-02-24

  • code for v5 is added for experimental use

4.3.4 / 2024-01-10

  • fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

  • Remove unnecessary regex

4.3.2 / 2023-10-02

4.3.1 / 2023-09-24

  • revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

4.2.7 / 2023-07-30

  • Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)
  • Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

4.2.5 / 2023-06-22

  • change code implementation

4.2.4 / 2023-06-06

  • fix security bug

... (truncated)

Commits
  • 7ed4606 update package detail
  • 98d8f47 feat #666: add selective ignoreAttributes by pattern or callback (#668)
  • d40e29c update package detail and browser bundles
  • d0bfe8a fix maxlength for currency value
  • 2c14fcf Update bug-report-or-unexpected-output.md
  • acf610f fix #634: build attributes with oneListGroup and attributesGroupName (#653)
  • 931e910 fix: get oneListGroup to work as expected for array of strings (#662)
  • b8e40c8 Update ISSUE_TEMPLATE.md
  • a6265ba chore: add trend image (#658)
  • db1c548 redesign README.md
  • Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.
Commits

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

New Contributors

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

  • deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

  • deps: send@0.19.0

1.16.0 / 2024-09-10

  • Remove link renderization in html while redirecting
Commits
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.


Updates ws from 6.2.2 to 6.2.3

Release notes

Sourced from ws's releases.

6.2.3

Bug fixes

  • Backported e55e5106 to the 6.x release line (eeb76d31).
Commits

Updates @sentry/browser from 7.100.1 to 7.119.1

Release notes

Sourced from @​sentry/browser's releases.

7.119.1

  • fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

  • backport(tracing): Report dropped spans for transactions (#13343)

Bundle size 📦

Path Size
@​sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped) 80.96 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped) 71.89 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped) 76.14 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped) 65.52 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped) 35.77 KB
@​sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped) 35.66 KB
@​sentry/browser (incl. Feedback) - Webpack (gzipped) 31.71 KB
@​sentry/browser (incl. sendFeedback) - Webpack (gzipped) 31.72 KB
@​sentry/browser - Webpack (gzipped) 22.91 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped) 79.17 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped) 70.49 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped) 36.17 KB
@​sentry/browser - ES6 CDN Bundle (gzipped) 25.41 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed) 221.92 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed) 109.52 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed) 76.24 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped) 39.45 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped) 72.4 KB
@​sentry/react - Webpack (gzipped) 22.94 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped) 90.16 KB
@​sentry/nextjs Client - Webpack (gzipped) 54.27 KB
@​sentry-internal/feedback - Webpack (gzipped) 17.34 KB

7.118.0

  • fix(v7/bundle): Ensure CDN bundles do not overwrite window.Sentry (#12579)

Bundle size 📦

Path Size
@​sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped) 80.83 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped) 71.77 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped) 76.02 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped) 65.38 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped) 35.64 KB
@​sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped) 35.53 KB
@​sentry/browser (incl. Feedback) - Webpack (gzipped) 31.6 KB
@​sentry/browser (incl. sendFeedback) - Webpack (gzipped) 31.61 KB

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

7.119.1

  • fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

  • backport(tracing): Report dropped spans for transactions (#13343)

7.118.0

  • fix(v7/bundle): Ensure CDN bundles do not overwrite window.Sentry (#12579)

7.117.0

  • feat(browser/v7): Publish browserprofling CDN bundle (#12224)
  • fix(v7/publish): Add v7 tag to @sentry/replay (#12304)

7.116.0

  • build(craft): Publish lambda layer under its own name for v7 (#12098) (#12099)

This release publishes a new AWS Lambda layer under the name SentryNodeServerlessSDKv7 that users still running v7 can use instead of pinning themselves to SentryNodeServerlessSDK:235.

7.115.0

  • feat(v7): Add support for global onUnhandled Error/Promise for Bun (#11959)
  • fix(replay/v7): Fix user activity not being updated in start() (#12003)
  • ref(api): Remove lastEventId deprecation warnings (#12042)

7.114.0

Important Changes

  • fix(browser/v7): Continuously record CLS (#11935)

This release fixes a bug that caused the cumulative layout shift (CLS) web vital not to be reported in a majority of the cases where it should have been reported. With this change, the CLS web vital should now always be reported for pageloads with layout shift. If a pageload did not have layout shift, no CLS web vital should be reported.

Please note that upgrading the SDK to this version may cause data in your dashboards to drastically change.

Other Changes

  • build(aws-lambda/v7): Turn off lambda layer publishing (#11875)
  • feat(v7): Add tunnel support to multiplexed transport (#11851)
  • fix(opentelemetry-node): support HTTP_REQUEST_METHOD attribute (#11929)
  • fix(react/v7): Fix react router v4/v5 span names (#11940)

... (truncated)

Commits

Updates @sentry/react-native from 5.20.0 to 5.34.0

Release notes

Sourced from @​sentry/react-native's releases.

5.34.0

Fixes

  • Handles error with string cause (#4163)
  • Use appLaunchedInForeground to determine invalid app start data on Android (#4146)
  • Upload source maps for all release variants on Android (not only the last found) (#4125)

Dependencies

5.33.2

Fixes

  • Emits Bridge log only in debug mode (#4145)
  • Remove unused spanName from TimeToDisplayProps (#4150)

Dependencies

5.33.1

Internal

This is re-release of 5.33.0 with no changes to ensure that 5.33.1 is tagged as latest release on npmjs.com

5.33.0

Features

  • Add an option to disable native (iOS and Android) profiling for the HermesProfiling integration (#4094)

    To disable native profilers add the hermesProfilingIntegration.

    import * as Sentry from '@sentry/react-native';
Sentry.init({

... (truncated)

Changelog

Sourced from @​sentry/react-native's changelog.

5.34.0

Fixes

  • Handles error with string cause (#4163)

  • Use appLaunchedInForeground to determine invalid app start data on Android (#4146)

  • Bump Cocoa SDK from v8.36.0 to v8.37.0 (#4156)

  • Bump Android SDK from v7.14.0 to v7.15.0 (#4161)

6.0.0-rc.1

Fixes

  • Upload source maps for all splits on Android (not only the last found) (#4125)

Dependencies

5.33.2

Fixes

  • Emits Bridge log only in debug mode (#4145)
  • Remove unused spanName from TimeToDisplayProps (#4150)

Dependencies

6.0.0-rc.0

This is a release candidate version of the next major version of the Sentry React Native SDK 6.0.0. This version includes all the changes from the previous 6.0.0-beta.0 and the latest 5.33.1 version.

... (truncated)

Commits
  • 2241ead release: 5.34.0
  • 4412b4c misc: Use form template for bug reports (#4166)
  • 7259f12 fix: Handles error with string cause (#4163)
  • c773341 chore(deps): update Android SDK to v7.15.0 (#4161)
  • e540498 chore: Extends the Android metrics diffMin similar to iOS (#4159)
  • b95b8af Use appLaunchedInForeground to determine invalid app start data on Android (#...
  • f31859f chore(deps): update Cocoa SDK to v8.37.0 (#4156)
  • 8c5d949 chore(readme): Add info about updated release channels (#4158)
  • 46b60ab misc: Add easy enabled splits and flavors in RN Android samples (#4157)
  • ba46d3f chore: update scripts/update-cli.sh to 2.37.0 (#4153)
  • Additional commits viewable in compare view

Updates webpack from 5.91.0 to 5.95.0

Release notes

Sourced from webpack's releases.

v5.95.0

Bug Fixes

  • Fixed hanging when attempting to read a symlink-like file that it can't read
  • Handle default for import context element dependency
  • Merge duplicate chunks call after split chunks
  • Generate correctly code for dynamically importing the same file twice and destructuring
  • Use content hash as [base] and [name] for extracted DataURI's
  • Distinguish module and import in module-import for externals import's
  • [Types] Make EnvironmentPlugin default values types less strict
  • [Types] Typescript 5.6 compatibility

New Features

  • Add new optimization.avoidEntryIife option (true by default for the production mode)
  • Pass output.hash* options to loader context

Performance

  • Avoid unneeded re-visit in build chunk graph

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import

... (truncated)

Commits
  • e20fd63 chore(release): 5.95.0
  • 4866b0d feat: added new optimization.entryIife option
  • d90f692 fix: merge duplicate chunks after split chunks
  • 90dec30 fix(externals): distinguish “module” and “import” in “module-import”
  • c1a0a46 fix(externals): distinguish “module” and “import” in “module-import”
  • 14d8fa8 fix: all tests cases
  • dae16ad feat: pass output.hash* options to loader context
  • 75d185d feat: pass output.hash* options to loader context
  • 46e0b9c test: update
  • 8e62f9f test
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 8 up…
13aa9f7 
…dates

Bumps the npm_and_yarn group with 8 updates in the /src/front directory:

| Package | From | To |
| --- | --- | --- |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.3.6` | `4.5.0` |
| [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` |
| [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` | `1.16.2` |
| [ws](https://github.com/websockets/ws) | `6.2.2` | `6.2.3` |
| [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `7.100.1` | `7.119.1` |
| [@sentry/react-native](https://github.com/getsentry/sentry-react-native) | `5.20.0` | `5.34.0` |
| [webpack](https://github.com/webpack/webpack) | `5.91.0` | `5.95.0` |



Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `fast-xml-parser` from 4.3.6 to 4.5.0
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.3.6...v4.5.0)

Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `ws` from 6.2.2 to 6.2.3
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@6.2.2...6.2.3)

Updates `@sentry/browser` from 7.100.1 to 7.119.1
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.119.1/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@7.100.1...7.119.1)

Updates `@sentry/react-native` from 5.20.0 to 5.34.0
- [Release notes](https://github.com/getsentry/sentry-react-native/releases)
- [Changelog](https://github.com/getsentry/sentry-react-native/blob/main/CHANGELOG.md)
- [Commits](getsentry/sentry-react-native@5.20.0...5.34.0)

Updates `webpack` from 5.91.0 to 5.95.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.91.0...v5.95.0)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@sentry/browser"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@sentry/react-native"
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 15, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 20, 2024

Superseded by #345.

@dependabot dependabot bot closed this Nov 20, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/src/front/npm_and_yarn-803fc1aef0 branch November 20, 2024 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants